- 21 Eki 2015
- 477
- 1
Look to these top password managers for Windows, MacOS, iOS and Android to make your online life easier and more secure.
One of the smartest moves you can make to protect employees, especially those working from home, is to encourage them to use a password manager. Its one of the easiest, too.
Keyword best practices pertain to complexity, change frequency and uniqueness. Each best practice is intended to mitigate known attack methods and harden your online identities to both prevent compromise and limit the damage if account compromise occurs anyway.
A proper password manager is an excellent first step in securing online identity. It can create a unique strong password for every account and application without requiring employees to memorize or write down random strings of characters. These strong passwords help shield against traditional password attacks such as dictionary, rainbow tables or brute-force attacks and makes them convenient to use. The use of a password manager also often facilitates password maintenance through actionable reports that can identify passwords due for a change.
Some top password managers store credentials locally, while others rely on cloud services for storage and synchronization. Others take a hybrid approach. Some of the options using local storage (such as KeePass) still support synchronization through Dropbox or other storage services. Deciding which password manager is best for your organization will come down to features and ease of use, as well as your comfort level using a cloud-based password manager that stores passwords on the internet. Cloud-based solutions do offer a couple of significant features that make them worth serious consideration: the first being two-factor authentication (which is a must-use feature for an online password manager), the second being the ability to securely share passwords.
While most of the options listed here store your password data in the cloud, none store that password data, or even transmit it, without using advanced encryption methods and the master password you define. This means that the password management solution couldnt easily decrypt your data even if they had the desire. In fact, consider the process for most online services when you forget a password. In many cases you can simply reset your account password by entering your email address, clicking the link you receive, and potentially answering a security question or validating a CAPTCHA field.
With the online services listed here the account recovery process if youve forgotten your master password is complex. In a few cases account recovery may be accomplished only by using a device that already contains a local copy of your password vault. This is due to the architecture involved with encrypting and decrypting your data. It can only be done with your master password. Therefore, if the master password is changed, all that data must be decrypted using your old password and re-encrypted using the new. Some solutions offer a recovery path using complex recovery keys, text strings with 24 or more characters that you can use to recover your account in case of emergency.
In my judgment, KeePass is the best option using local storage. KeePass is free open source, and with the right combination of plug-ins, it can be made to do almost anything you could require of a password manager. Among the cloud options, Im split: I like LastPass for its low cost and its consistent implementation of features across all of the clients, but Dashlane has a slightly more aggressive approach to security.
Each LastPass client I tested was easy to work with, stable and remarkably uniform from a usability perspective. Plus, a LastPass Free account includes features like synchronization, sharing and multi-factor authentication that competitors frequently offer only with premium plans, making it a compelling option, especially for home-based employees using personal devices.
Many who work from home have a spouse, kids or elderly family members with whom they need to be able to securely share account credentials, or in some cases even manage their accounts. Both Dashlane and LastPass have excellent options for families: LastPass Families for $4 a month (total, billed annually) for up to six users and Dashlane Premium Family for $7.49 each month (per user, billed annually). The difference really comes down to cost and personal preference, as both offerings are solid.
One of these products offers a middle path that may appeal to some users. 1Password combines the security benefits of offline vault storage with the convenience of full synchronization through an online service. With 1Password you can choose to synchronize most of your credentials using the cloud service while selectively opting to store certain information offline or to synchronize through an alternative such as Dropbox.
Really, you cant go wrong with any of these six password managers.
1Password
1Password is the brainchild of AgileBits, a long-time developer on MacOS, though 1Password runs on multiple platforms including Mac, Windows, iOS and Android. It has long supported the use of a local file to store encrypted passwords and now offers synchronization, monitoring and other benefits through its cloud service. 1Password also supports synchronization of password vaults using Dropbox (all platforms) or iCloud (MacOS and iOS only). If you would prefer not to use the cloud for password synchronization and youre comfortable going through the setup process, 1Password can also synchronize password vaults from a MacOS computer to iOS and Android clients via Wi-Fi.
word service can be created only through the web app, which caused some confusion for me in testing. Local vaults to be kept offline or synched using an alternative means may be created within client apps.
For those who want to share passwords securely, 1Password offers a family account that allows you to selectively share password vaults with other members, and even control which members can make changes to passwords. 1Password also allows you to use the family accounts secure storage to share sensitive documênts among members. Each member can create and manage their own password vaults and accounts in addition to gaining access to shared vaults. Unfortunately, sharing vaults is limited to family or team accounts. You cant simply share with another individual with a 1Password account, or share individual logins, both of which handicap 1Passwords sharing capabilities.
1Password provides tools that analyze your passwords and the services they secure to identify potential vulnerabilities. The 1Password Watchtower service keeps track of compromised websites and services that could impact your personal security and alerts you to change your passwords or to be on the lookout for potential problems. Watchtower can identify weak or reused passwords in your vaults, as well as those used with sites which are known to be compromised. You also can put your account into travel mode, which can be leveraged to automatically remove sensitive vaults from your devices when you travel.
The security features behind 1Password include the use of a secret key, which is a random string of characters generated when you initially create your 1Password account. This security key, which is not recoverable by 1Password, is used to secure your account and each client. 1Password does offer the ability to easily authenticate a new client using a QR code. Two-factor authentication (2FA) is available but limited to one-time passwords. Both the iOS and Android clients support authentication using the fingerprint reader on your device, and the Windows client offers authentication using Windows Hello.
You have several options for getting started using 1Password. Each of the 1Password clients for Windows, MacOS, iOS and Android are free. An account is required only if you are going to use the 1Password service for synchronization. A basic individual 1Password account costs $2.99 per month with an annual commitment, while 1Password Families has a cost of $4.99 per month (billed annually) for up to five users. A 1Password Business account is $7.99 per user per month.
Bitwarden
Bitwarden is an interesting animal, one that follows a similar strategy to an increasing number of enterprise applications: It toes the line between commercial and open-source software. Bitwarden is licensed under GPLv3, with source code available on GitHub, yet free and premium services are available for individuals, families or even businesses. Making its source code available for both independent audit and public review brings a level of trust in Bitwardens platform that is hard to achieve otherwise.
Bitwardens free tier offers quite a bit of functionality as compared to other free solutions, including an unlimited number of vault items, device synchronization, 2FA and even the option to host your own Bitwarden service using Docker. Premium users gain access to additional authentication factors such as YubiKey, U2F and Duo, as well as Bitwarden Authenticator (which offers built-in support for TOTP authentication) for $10 per year.
Interestingly, Bitwarden Premium users do not get access to sharing without additional steps. Free or Premium users can share with a single user by creating a Free Organization account, which supports sharing within a two-person organization. Additional sharing capabilities are unlocked with Family Sharing which is available for up to six users for $40 per year. Bitwarden also offers Teams and Enterprise accounts (for $3 or $5 per month per user, respectively), both of which are geared toward businesses.
Dashlane
Dashlane is another password manager that toes the line between cloud service and local password manager in an attempt to answer every security concern. You can store your password database on Dashlanes servers and take advantage of synchronization across devices, or you can store your password vault locally and forgo synchronization. Its your choice.
Authentication is performed against devices that are registered with Dashlane through a two-step process, incorporating your master password and a device registration code sent via email.
Two pricing tiers are offered for Dashlane users. A free account allows you to manage up to 50 passwords through a single device of your choice. Premium accounts, which cost $4.99 per month, let you synchronize your passwords across multiple devices, perform account backups, share more than five items, give you access to the web app, use the Dashlane VPN service for improved privacy, and entitle you to Dashlanes customer support. Dashlanes Premium Plus tier adds credit monitoring and identity theft insurance for $9.99 a month. Dashlanes family accounts mirror the Premium and Premium Plus tiers but support up to five members for $7.49 and $14.99 per month respectively. A Business plan is in preview at $8 per month per user, and it includes SAML-based single sign-on (SSO) and a free family plan for every seat.
With Dashlane, your retention of your master password is an absolute must. The company states that it is unable to perform password recovery in the event of loss, a necessary side effect of the security architecture. Two-factor authentication is supported through the use of time-based, one-time passwords (TOTP) for free accounts, and universal second factor (U2F) such as a Yubico Yubikey for premium accounts. Support for 2FA must be enabled through the Windows or Mac client.
Dashlanes team features allow you to securely share login information with other Dashlane users. Shared items can be provided with limited rights, which restrict the ability to change permissions or reshare an item, or with full rights to the data. Dashlane also offers the ability to designate emergency contacts, making it easy to allow family or co-workers access to critical accounts or information in the event of an emergency. The data shared with an emergency contact can be fine-tuned to provide only certain information to specific contacts.
KeePass
A mature open-source project (GPLv2), KeePass is a free password management solution for Windows, with ports to a host of other platforms. Many of the benefits of open-source software are prevalent in KeePass, including comprehensive language support and a robust plug-in ecosystem. With the extensibility offered by plug-ins for KeePass, you can change the encryption algorithm, automate logins through your browser, integrate an on-screen keyboard, create scripts you can run against the password manager, and even use a command-line interface to incorporate password management into automated tools.
KeePass was designed to store a local copy of the password vault. Cloud backup and support for synchronization across multiple devices are obtained through plug-ins that work with the likes of Dropbox, Google Docs, Microsoft OneDrive or even your own FTP server. A side benefit of a local password database such as KeyPass is the ability for multiple users to share a database or for one user to keep multiple databases, sharing some and keeping others private.
Mobile support for KeePass is more obtuse than for the commercial options. Ports are available for iOS and Android, but the big question becomes synchronization support. Not all mobile ports support cloud synchronization, and those that do support only a subset of the cloud options. Some mobile KeePass clients carry a cost, though most are in the $1 to $2 range.
A couple of web-based KeePass clients allow you to work with a key database stored on your local hard drive or a cloud storage account. KeeWeb is particularly sleek and its available in native Windows, MacOS and Linux versions as well. Like KeePass, KeeWeb is open source.
If youre more concerned about the security of your password vault than mobile clients and device synchronization, youll be pleased to know that KeePass supports multiple authentication methods by default. KeePass database files can be locked by a combination of password, key file and Windows user account. With a key file stored on removable media such as a USB thumb drive, 2FA can be used to secure access to your critical passwords.
The biggest downside to KeePass is complexity. Getting all the advanced functionality offered by the competition will require quite a bit of research, setup and maintenance. Heck, you even have several options for multi-factor authentication, but youre largely on your own to get it working. While KeePass is a great solution for fans of free open source and maximum flexibility, it is certainly not as straightforward as some of the cloud-based services and hybrid solutions listed here.
Keeper Security
In the past Ive omitted Keeper from this list because its a crowded field and I didnt feel like there were any significant features setting Keeper apart from the likes of 1Password, Dashlane and LastPass. The honest truth is Keeper is right up there with the best password managers available. In fact, Keepers mobile apps are the most reviewed and most used. (In the Google Play store, Keeper has over 10 million installs, while the next closest competitor has roughly half that. Apple doesnt share install numbers but Keeper has close to 150,000 ratings, while the second-place finisher has closer to 41,000.) Usage numbers certainly arent the whole story, but the disparity is telling.
Keeper checks all the boxes I would consider major feature requirements including on-device encryption, comprehensive support for 2FA including TOTP and U2F hardware keys, and secure sharing. The free Keeper version gives you unlimited password and form data storage and access to one device. Keeper unlimited runs $34.99 annually and gives you access to unlimited devices, as well as secure sharing, emergency access and biometric authentication on supported devices. The family plan provides password management for up to five users for $74.99 per year.
Keeper offers a couple of add-ons to its password manager, including a secure messenger, a dark web monitoring service, and secure file storage. Each add-on comes with additional cost or can be bundled for $72.22 annually for individuals or $148.72 annually for families.
You have two options for business plans. Keeper Business costs $45 per year per user and includes features for team management, security audits, policy enforcement and activity reporting. Keeper Enterprise costs $60 per year per user and adds features including SAML-based SSO, Active Directory and LDAP sync, email auto-provisioning, and a developer API.
LastPass
LastPass might be the most popular password manager in this review due to a rich set of features, support for a wide range of mobile platforms, and straightforward licensing, not to mention aggressive marketing. LastPass is decidedly cloud-centric, using its own cloud service to store user information and synchronize data.
The sheer popularity of LastPass makes it a tempting target for people with malicious intent and the skillset to match. Over the years LastPass has acknowledged a handful of security incidents, including compromised user emails and password reminders, though its encrypted user vaults were not compromised. Another well-publicized LastPass security incident was due to a vulnerability in the LastPass browser plugin. In the win column for customer privacy, LastPass has also rebuffed government attempts to obtain user data, stating that they couldnt access the requested data if they wanted to.
Its important to keep vulnerabilities in perspective. All software has bugs, and security software is no exception. An important consideration when choosing which software to use is whether vulnerabilities are patched soon after theyre discovered. LastPass has passed this test.
LastPass offers a free and premium pricing tier for consumers, with the premium service costing $3 per month on an annual contract. LastPass for Families includes six users for $4 monthly. Users of the free edition get many of the basics youd expect from a premium cloud-based service including plugins for multiple browsers and access from any of your devices. The free version even supports MFA using a variety of options including LastPass Authenticator and Google Authenticator. LastPass Authenticator not only supports standard TOTP authentication, but also push notifications to facilitate a more streamlined authentication process. LastPass users also benefit from push. While mobile device support used to be limited to Premium subscribers, LastPass users can now synchronize with their mobile apps using the free service.
Premium users can share credentials with more than a single user. The Shared Family Folder feature allows a single user to share with up to five other users, including users with free accounts. Premium subscribers may create multiple shared folders and manage folder permissions, providing only the appropriate level of access to shared users.
Two tiers of business plans are available. The Teams plan for 50 or fewer employees is $4 per user per month, while the Enterprise plan for an unlimited number of users is $6 per user per month.
LastPass supports several forms of 2FA. Ive already mentioned that both LastPass Authenticator and Google Authenticator are supported with free accounts, providing simple integration using a mobile device. LastPass Authenticator can be used to receive push notifications in the event of an authentication attempt, allowing you to confirm the authentication request from your mobile device. Premium accounts gain support for Yubikey, a USB hardware authentication device and Sesame, a software authentication tool run from a USB storage device, as well as support for desktop fingerprint readers in Windows.
If you need simple password management, you cant go wrong with a free LastPass account. For more granular credential sharing and mobile device support, both LastPass Premium and LastPass Families are bargains at $3 and $4 (for up to six users) a month with an annual contract.
Other contenders
SplashID Safe
SplashID Safe has been on our list of viable options for a while now, but its limited support for 2FA (email and SMS are the only options) makes it hard to recommend it. SplashID offers free accounts for users who dont need to sync, while SplashID Pro enables multiple devices and backup. SplashID Pro can be had for $1.99 a month or $19.99 a year and offers a couple of slick options that do make it stand out: WiFi-based synchronization and the ability to mark a login as local only, preventing that data from being pushed out to the cloud.
NordPass
NordPass is a relatively new entry in the password manager space and is offered from the same people as NordVPN. NordPass offers a free usage tier that supports unlimited logins and synchronization across multiple devices, the only catch being that you can only actively use one device at a time. For secure sharing and the use of multiple devices at once youll need NordPass Premium, which will set you back a reasonable $2.49 per month.
Buttercup
Buttercup is another open-source alternative to keep an eye on. Now in version 1.20.5, Buttercup is a more polished option than KeePass, at least in terms of user interface. Buttercup offers clients for Windows, Mac, Linux, Android and iOS, with a web client currently in an invite-only alpha stage. Like its open-source brethren, Buttercup uses local storage for your password vault, but supports cloud storage tools like Dropbox to synchronize among devices.
One of the smartest moves you can make to protect employees, especially those working from home, is to encourage them to use a password manager. Its one of the easiest, too.
Keyword best practices pertain to complexity, change frequency and uniqueness. Each best practice is intended to mitigate known attack methods and harden your online identities to both prevent compromise and limit the damage if account compromise occurs anyway.
A proper password manager is an excellent first step in securing online identity. It can create a unique strong password for every account and application without requiring employees to memorize or write down random strings of characters. These strong passwords help shield against traditional password attacks such as dictionary, rainbow tables or brute-force attacks and makes them convenient to use. The use of a password manager also often facilitates password maintenance through actionable reports that can identify passwords due for a change.
Some top password managers store credentials locally, while others rely on cloud services for storage and synchronization. Others take a hybrid approach. Some of the options using local storage (such as KeePass) still support synchronization through Dropbox or other storage services. Deciding which password manager is best for your organization will come down to features and ease of use, as well as your comfort level using a cloud-based password manager that stores passwords on the internet. Cloud-based solutions do offer a couple of significant features that make them worth serious consideration: the first being two-factor authentication (which is a must-use feature for an online password manager), the second being the ability to securely share passwords.
While most of the options listed here store your password data in the cloud, none store that password data, or even transmit it, without using advanced encryption methods and the master password you define. This means that the password management solution couldnt easily decrypt your data even if they had the desire. In fact, consider the process for most online services when you forget a password. In many cases you can simply reset your account password by entering your email address, clicking the link you receive, and potentially answering a security question or validating a CAPTCHA field.
With the online services listed here the account recovery process if youve forgotten your master password is complex. In a few cases account recovery may be accomplished only by using a device that already contains a local copy of your password vault. This is due to the architecture involved with encrypting and decrypting your data. It can only be done with your master password. Therefore, if the master password is changed, all that data must be decrypted using your old password and re-encrypted using the new. Some solutions offer a recovery path using complex recovery keys, text strings with 24 or more characters that you can use to recover your account in case of emergency.
In my judgment, KeePass is the best option using local storage. KeePass is free open source, and with the right combination of plug-ins, it can be made to do almost anything you could require of a password manager. Among the cloud options, Im split: I like LastPass for its low cost and its consistent implementation of features across all of the clients, but Dashlane has a slightly more aggressive approach to security.
Each LastPass client I tested was easy to work with, stable and remarkably uniform from a usability perspective. Plus, a LastPass Free account includes features like synchronization, sharing and multi-factor authentication that competitors frequently offer only with premium plans, making it a compelling option, especially for home-based employees using personal devices.
Many who work from home have a spouse, kids or elderly family members with whom they need to be able to securely share account credentials, or in some cases even manage their accounts. Both Dashlane and LastPass have excellent options for families: LastPass Families for $4 a month (total, billed annually) for up to six users and Dashlane Premium Family for $7.49 each month (per user, billed annually). The difference really comes down to cost and personal preference, as both offerings are solid.
One of these products offers a middle path that may appeal to some users. 1Password combines the security benefits of offline vault storage with the convenience of full synchronization through an online service. With 1Password you can choose to synchronize most of your credentials using the cloud service while selectively opting to store certain information offline or to synchronize through an alternative such as Dropbox.
Really, you cant go wrong with any of these six password managers.
1Password
1Password is the brainchild of AgileBits, a long-time developer on MacOS, though 1Password runs on multiple platforms including Mac, Windows, iOS and Android. It has long supported the use of a local file to store encrypted passwords and now offers synchronization, monitoring and other benefits through its cloud service. 1Password also supports synchronization of password vaults using Dropbox (all platforms) or iCloud (MacOS and iOS only). If you would prefer not to use the cloud for password synchronization and youre comfortable going through the setup process, 1Password can also synchronize password vaults from a MacOS computer to iOS and Android clients via Wi-Fi.
word service can be created only through the web app, which caused some confusion for me in testing. Local vaults to be kept offline or synched using an alternative means may be created within client apps.
For those who want to share passwords securely, 1Password offers a family account that allows you to selectively share password vaults with other members, and even control which members can make changes to passwords. 1Password also allows you to use the family accounts secure storage to share sensitive documênts among members. Each member can create and manage their own password vaults and accounts in addition to gaining access to shared vaults. Unfortunately, sharing vaults is limited to family or team accounts. You cant simply share with another individual with a 1Password account, or share individual logins, both of which handicap 1Passwords sharing capabilities.
1Password provides tools that analyze your passwords and the services they secure to identify potential vulnerabilities. The 1Password Watchtower service keeps track of compromised websites and services that could impact your personal security and alerts you to change your passwords or to be on the lookout for potential problems. Watchtower can identify weak or reused passwords in your vaults, as well as those used with sites which are known to be compromised. You also can put your account into travel mode, which can be leveraged to automatically remove sensitive vaults from your devices when you travel.
The security features behind 1Password include the use of a secret key, which is a random string of characters generated when you initially create your 1Password account. This security key, which is not recoverable by 1Password, is used to secure your account and each client. 1Password does offer the ability to easily authenticate a new client using a QR code. Two-factor authentication (2FA) is available but limited to one-time passwords. Both the iOS and Android clients support authentication using the fingerprint reader on your device, and the Windows client offers authentication using Windows Hello.
You have several options for getting started using 1Password. Each of the 1Password clients for Windows, MacOS, iOS and Android are free. An account is required only if you are going to use the 1Password service for synchronization. A basic individual 1Password account costs $2.99 per month with an annual commitment, while 1Password Families has a cost of $4.99 per month (billed annually) for up to five users. A 1Password Business account is $7.99 per user per month.
Bitwarden
Bitwarden is an interesting animal, one that follows a similar strategy to an increasing number of enterprise applications: It toes the line between commercial and open-source software. Bitwarden is licensed under GPLv3, with source code available on GitHub, yet free and premium services are available for individuals, families or even businesses. Making its source code available for both independent audit and public review brings a level of trust in Bitwardens platform that is hard to achieve otherwise.
Bitwardens free tier offers quite a bit of functionality as compared to other free solutions, including an unlimited number of vault items, device synchronization, 2FA and even the option to host your own Bitwarden service using Docker. Premium users gain access to additional authentication factors such as YubiKey, U2F and Duo, as well as Bitwarden Authenticator (which offers built-in support for TOTP authentication) for $10 per year.
Interestingly, Bitwarden Premium users do not get access to sharing without additional steps. Free or Premium users can share with a single user by creating a Free Organization account, which supports sharing within a two-person organization. Additional sharing capabilities are unlocked with Family Sharing which is available for up to six users for $40 per year. Bitwarden also offers Teams and Enterprise accounts (for $3 or $5 per month per user, respectively), both of which are geared toward businesses.
Dashlane
Dashlane is another password manager that toes the line between cloud service and local password manager in an attempt to answer every security concern. You can store your password database on Dashlanes servers and take advantage of synchronization across devices, or you can store your password vault locally and forgo synchronization. Its your choice.
Authentication is performed against devices that are registered with Dashlane through a two-step process, incorporating your master password and a device registration code sent via email.
Two pricing tiers are offered for Dashlane users. A free account allows you to manage up to 50 passwords through a single device of your choice. Premium accounts, which cost $4.99 per month, let you synchronize your passwords across multiple devices, perform account backups, share more than five items, give you access to the web app, use the Dashlane VPN service for improved privacy, and entitle you to Dashlanes customer support. Dashlanes Premium Plus tier adds credit monitoring and identity theft insurance for $9.99 a month. Dashlanes family accounts mirror the Premium and Premium Plus tiers but support up to five members for $7.49 and $14.99 per month respectively. A Business plan is in preview at $8 per month per user, and it includes SAML-based single sign-on (SSO) and a free family plan for every seat.
With Dashlane, your retention of your master password is an absolute must. The company states that it is unable to perform password recovery in the event of loss, a necessary side effect of the security architecture. Two-factor authentication is supported through the use of time-based, one-time passwords (TOTP) for free accounts, and universal second factor (U2F) such as a Yubico Yubikey for premium accounts. Support for 2FA must be enabled through the Windows or Mac client.
Dashlanes team features allow you to securely share login information with other Dashlane users. Shared items can be provided with limited rights, which restrict the ability to change permissions or reshare an item, or with full rights to the data. Dashlane also offers the ability to designate emergency contacts, making it easy to allow family or co-workers access to critical accounts or information in the event of an emergency. The data shared with an emergency contact can be fine-tuned to provide only certain information to specific contacts.
KeePass
A mature open-source project (GPLv2), KeePass is a free password management solution for Windows, with ports to a host of other platforms. Many of the benefits of open-source software are prevalent in KeePass, including comprehensive language support and a robust plug-in ecosystem. With the extensibility offered by plug-ins for KeePass, you can change the encryption algorithm, automate logins through your browser, integrate an on-screen keyboard, create scripts you can run against the password manager, and even use a command-line interface to incorporate password management into automated tools.
KeePass was designed to store a local copy of the password vault. Cloud backup and support for synchronization across multiple devices are obtained through plug-ins that work with the likes of Dropbox, Google Docs, Microsoft OneDrive or even your own FTP server. A side benefit of a local password database such as KeyPass is the ability for multiple users to share a database or for one user to keep multiple databases, sharing some and keeping others private.
Mobile support for KeePass is more obtuse than for the commercial options. Ports are available for iOS and Android, but the big question becomes synchronization support. Not all mobile ports support cloud synchronization, and those that do support only a subset of the cloud options. Some mobile KeePass clients carry a cost, though most are in the $1 to $2 range.
A couple of web-based KeePass clients allow you to work with a key database stored on your local hard drive or a cloud storage account. KeeWeb is particularly sleek and its available in native Windows, MacOS and Linux versions as well. Like KeePass, KeeWeb is open source.
If youre more concerned about the security of your password vault than mobile clients and device synchronization, youll be pleased to know that KeePass supports multiple authentication methods by default. KeePass database files can be locked by a combination of password, key file and Windows user account. With a key file stored on removable media such as a USB thumb drive, 2FA can be used to secure access to your critical passwords.
The biggest downside to KeePass is complexity. Getting all the advanced functionality offered by the competition will require quite a bit of research, setup and maintenance. Heck, you even have several options for multi-factor authentication, but youre largely on your own to get it working. While KeePass is a great solution for fans of free open source and maximum flexibility, it is certainly not as straightforward as some of the cloud-based services and hybrid solutions listed here.
Keeper Security
In the past Ive omitted Keeper from this list because its a crowded field and I didnt feel like there were any significant features setting Keeper apart from the likes of 1Password, Dashlane and LastPass. The honest truth is Keeper is right up there with the best password managers available. In fact, Keepers mobile apps are the most reviewed and most used. (In the Google Play store, Keeper has over 10 million installs, while the next closest competitor has roughly half that. Apple doesnt share install numbers but Keeper has close to 150,000 ratings, while the second-place finisher has closer to 41,000.) Usage numbers certainly arent the whole story, but the disparity is telling.
Keeper checks all the boxes I would consider major feature requirements including on-device encryption, comprehensive support for 2FA including TOTP and U2F hardware keys, and secure sharing. The free Keeper version gives you unlimited password and form data storage and access to one device. Keeper unlimited runs $34.99 annually and gives you access to unlimited devices, as well as secure sharing, emergency access and biometric authentication on supported devices. The family plan provides password management for up to five users for $74.99 per year.
Keeper offers a couple of add-ons to its password manager, including a secure messenger, a dark web monitoring service, and secure file storage. Each add-on comes with additional cost or can be bundled for $72.22 annually for individuals or $148.72 annually for families.
You have two options for business plans. Keeper Business costs $45 per year per user and includes features for team management, security audits, policy enforcement and activity reporting. Keeper Enterprise costs $60 per year per user and adds features including SAML-based SSO, Active Directory and LDAP sync, email auto-provisioning, and a developer API.
LastPass
LastPass might be the most popular password manager in this review due to a rich set of features, support for a wide range of mobile platforms, and straightforward licensing, not to mention aggressive marketing. LastPass is decidedly cloud-centric, using its own cloud service to store user information and synchronize data.
The sheer popularity of LastPass makes it a tempting target for people with malicious intent and the skillset to match. Over the years LastPass has acknowledged a handful of security incidents, including compromised user emails and password reminders, though its encrypted user vaults were not compromised. Another well-publicized LastPass security incident was due to a vulnerability in the LastPass browser plugin. In the win column for customer privacy, LastPass has also rebuffed government attempts to obtain user data, stating that they couldnt access the requested data if they wanted to.
Its important to keep vulnerabilities in perspective. All software has bugs, and security software is no exception. An important consideration when choosing which software to use is whether vulnerabilities are patched soon after theyre discovered. LastPass has passed this test.
LastPass offers a free and premium pricing tier for consumers, with the premium service costing $3 per month on an annual contract. LastPass for Families includes six users for $4 monthly. Users of the free edition get many of the basics youd expect from a premium cloud-based service including plugins for multiple browsers and access from any of your devices. The free version even supports MFA using a variety of options including LastPass Authenticator and Google Authenticator. LastPass Authenticator not only supports standard TOTP authentication, but also push notifications to facilitate a more streamlined authentication process. LastPass users also benefit from push. While mobile device support used to be limited to Premium subscribers, LastPass users can now synchronize with their mobile apps using the free service.
Premium users can share credentials with more than a single user. The Shared Family Folder feature allows a single user to share with up to five other users, including users with free accounts. Premium subscribers may create multiple shared folders and manage folder permissions, providing only the appropriate level of access to shared users.
Two tiers of business plans are available. The Teams plan for 50 or fewer employees is $4 per user per month, while the Enterprise plan for an unlimited number of users is $6 per user per month.
LastPass supports several forms of 2FA. Ive already mentioned that both LastPass Authenticator and Google Authenticator are supported with free accounts, providing simple integration using a mobile device. LastPass Authenticator can be used to receive push notifications in the event of an authentication attempt, allowing you to confirm the authentication request from your mobile device. Premium accounts gain support for Yubikey, a USB hardware authentication device and Sesame, a software authentication tool run from a USB storage device, as well as support for desktop fingerprint readers in Windows.
If you need simple password management, you cant go wrong with a free LastPass account. For more granular credential sharing and mobile device support, both LastPass Premium and LastPass Families are bargains at $3 and $4 (for up to six users) a month with an annual contract.
Other contenders
SplashID Safe
SplashID Safe has been on our list of viable options for a while now, but its limited support for 2FA (email and SMS are the only options) makes it hard to recommend it. SplashID offers free accounts for users who dont need to sync, while SplashID Pro enables multiple devices and backup. SplashID Pro can be had for $1.99 a month or $19.99 a year and offers a couple of slick options that do make it stand out: WiFi-based synchronization and the ability to mark a login as local only, preventing that data from being pushed out to the cloud.
NordPass
NordPass is a relatively new entry in the password manager space and is offered from the same people as NordVPN. NordPass offers a free usage tier that supports unlimited logins and synchronization across multiple devices, the only catch being that you can only actively use one device at a time. For secure sharing and the use of multiple devices at once youll need NordPass Premium, which will set you back a reasonable $2.49 per month.
Buttercup
Buttercup is another open-source alternative to keep an eye on. Now in version 1.20.5, Buttercup is a more polished option than KeePass, at least in terms of user interface. Buttercup offers clients for Windows, Mac, Linux, Android and iOS, with a web client currently in an invite-only alpha stage. Like its open-source brethren, Buttercup uses local storage for your password vault, but supports cloud storage tools like Dropbox to synchronize among devices.
Excerpted
