Tech Made Simple

Hot Topics: How to Fix Bluetooth Problems | How to Cut the Cable Cord | Best Fitness Trackers Under $50 | Complete Guide to Facebook Privacy

Choose It

author photo

The Best Password Managers

posted by on June 28, 2016 in Computer Safety & Support, Computers and Software, Phones and Mobile, Mobile Apps, Guides & Reviews, Top Picks :: 19 comments

The Best Password Manager

How many passwords do you need to remember? Most of us have dozens of online accounts, including accounts we use every day such as email, social networks and shopping sites as well as long-forgotten sites we’ve used exactly once.

The cardinal rule of password safety is not using the same password across sites, lest you risk a snowballing breach of all your accounts. But combining that principle with cardinal rule number two—creating complicated passwords that aren’t easily guessable—results in the near-impossible task of remembering dozens of random strings of characters. And that in turn makes it hard to keep the third cardinal rule: never writing your passwords down.

Spoiler alert: I have been guilty of breaking all of these rules. I have a simple password I’ve used for multiple accounts, and when I’ve come up with complex passwords, I write them down (coded, at least) in a memo on my Notes app.

In short, I’m the perfect candidate for a password manager.

Secure all your passwords

Password managers are handy browser plugins that encrypt and store passwords for your various online accounts, all protected by a master password that is the only thing you need to remember.

Though your browser itself is capable of storing and auto-filling passwords for sites you visit, the passwords are only usable in that browser. What happens when you need to log in on your phone? What’s more, these processes can be easily compromised by anyone with access to your computer.

Password managers not only get around those drawbacks, but they can generate strong passwords whenever you sign up for new accounts (or to update any “123456” efforts still sticking around).

Creating a strong master password

Strong passwords aren’t necessarily the incomprehensible strings of characters you might think. Password crackers employ cracking dictionaries, testing dictionary words and common passwords at thousands of guesses or more per second, including well-known substitutes such as “5” for “s.”

In 2013, a group of tech reporters from Ars Technica cracked 14,800 encrypted passwords in a few hours using similar techniques. Even a brute-force attack (such as trying all possible combinations of letters) at thousands of guesses per hour could break an seven-character password in nine days.

To come up with your own tough-to-guess passwords:

  • Use at least 12 characters; this increases the number of possible combinations and lengthens the time needed for a brute force attack.
  • Use upper and lowercase letters, numbers and symbols.
  • Combine a few different words that aren’t normally used together. Even better, come up with a pass phrase by taking the first letters of a memorable (long) sentence, appended with memorable dates and unusual (but memorable) substitutions.

For example, “During winter, she would hope for snow and be bitterly disappointed (1984)” might become “DWswh4s&BBD84” as a pass phrase.

Whatever you come up with, make sure you can remember it. Password managers don’t save master passwords and most don’t even save a password hint, so if you forget your master password, you’ll lose access to your data.

The best password managers

To start cleaning up your password act, your password manager should meet  these screening criteria.

Ease of use

It should save passwords from apps and sites seamlessly, including passwords from your browser(s).

Password health check

Does it rate passwords and update weak ones?

Biometric log-in

Convenient, secure smartphone log-ins are a big deal.

Two-factor authentication

This system requires an additional offline code along with the master password, so even if your password gets compromised, other passwords remain safe.

Digital wallet

Can your digital wallet feature securely store credit card details and, even better, facilitate express checkout?

Online backup

The system should back up your information so passwords can be restored in the event of a lost or stolen device.

Sync across devices

The manager should let you access passwords on both work and home computers, as well as your smartphone.

All of our following picks meet these criteria, with the exception of the digital wallet. While a nice feature, we didn't feel it was essential. 

Editor's Pick: Dashlane

Techlicious Pick for Best Password Manager: Dashlane

Dashlane is a gorgeous, seamless app. Along with moving any passwords your browsers have already saved to its encrypted vault, it generates strong passwords and can automatically log you in to websites, something it says will save you 50 hours a year.

The app includes a digital wallet to store payment cards so you can pay online without having to remember your credit card info. It automatically takes screenshots of online receipts to help you track your spending.

Dashlane supports two-factor authentication so that any time you log in with your master password, whether that’s in a browser or on another device, you can choose to also require a security code from an offline app such as Google Authenticator (free for iOS and Android). 

If your passwords on any accounts are weak, you’ll be encouraged to update them either by creating your own new, hopefully stronger password or by having Dashlane generate you one.

There’s a secure notes feature, with templates for saving frequent flier numbers, Wi-Fi passwords, ID information and other sensitive info. It’s similar to your existing memos app but encrypted, so if your computer is breached, all is not lost.

The premium version of Dashlane lets you sync passwords across unlimited devices and use its web app to securely log in to your accounts on a public computer. The Dashlane Web application only decrypts your passwords locally once the data has reached the computer (whether it’s a public computer or your own), so all information that is shared with the Dashlane servers remains encrypted. And since you need to be logged into Dashlane and decrypt the information with your master password, the next person won’t be able to read your data.

Imports browser passwords: Yes
Password health check: Yes, with alerts when weak or old passwords need to be updates
Biometric login: Yes, for Premium version
Two-factor authentication: Yes
Digital wallet: Yes
Online backup: Yes, for Premium version
Sync across devices: Yes, for Premium version
Platforms: Mac, Windows, iOS (freepremium), Android
Price: Free; $39.99/year for Premium version

LastPass

LastPass

LastPass works on Chrome, Firefox, Safari and Opera browsers and is the only one that plugs into the secure browser Epic (handy if you want to use a browser that doesn’t store history or input information but does offer the convenience of remembering your dozens of uncrackable passwords).

LastPass generates, encrypts and stores strong passwords as well as personal information which used to auto-complete online forms. Like many other managers, it offers a secure notes feature with preset forms for storing Wi-Fi passwords, membership numbers and other sensitive information.

Get the lowdown on how secure your passwords are by heading into LastPass’s Security Challenge, which tells you how many weak, old or reused passwords you have and rates your security on a scale of 100. It alerts you about sites at which you have accounts that have experienced site compromises. In all of these cases, LastPass can update your passwords with new, generated strong passwords.       

Last Pass Premium syncs your stored passwords across all devices and lets you share passwords with others you trust so they can access your accounts temporarily (say, to stream TV) or permanently (say, to pay joint bills).  

It’s worth noting that LastPass was breached last year, although the company says it didn’t expose master passwords or decrypted user data. However, a security researcher has shown that a tool can be made that mimicks the LastPass login window exactly, allowing hackers to easily steal master passwords.

Imports browser passwords: Yes
Security health check: Yes, with alerts when weak or old passwords need to be updates
Biometric login: Yes, for Premium version
Two-factor authentication: Yes
Digital wallet: No (though you can store bank card info in the secure notes feature)
Online backup: Yes
Sync across devices: Yes, for Premium version
Platforms: Mac, Windows, iOS, Android, Windows Phone
Price: Free; $12/year for Premium

Sticky Password

Sticky Password

Designed by former execs behind the free antivirus software AVG, Sticky Password seamlessly encrypts and stores passwords and fills out a large variety of forms, recognizing fields such as job titles and company names and handling a range of online accounts.

The dashboard displays all your accounts and passwords, with weak passwords highlighted for updating. A secure memos feature lets you write down other sensitive passwords and membership numbers.

The premium version backs up passwords online and syncs all your devices. Choose to do this over your own Wi-Fi network (potentially more secure) or through the cloud. If you test out Sticky Password and love it, you can get a lifetime license for $149.99. 

Imports browser passwords: Yes
Password health check: Yes
Biometric login: Yes
Two-factor authentication: Yes
Digital wallet: Yes
Online backup: Yes, for Premium version
Sync across devices: Yes, for Premium version
Platforms: Mac, Windows, iOS, Android 
Price: Free; $29.99/year for Premium with 30-day free trial

LogmeOnce

LogmeOnce

LogmeOnce offers a ton of features with its free version, remarkably including the ability to sync passwords across multiple devices. The interface on its browser extension and mobile app is dated compared to Dashlane and LastPass, but it’s easy to use. As soon as you hit a site that asks for your password, LogmeOnce asks if you’d like to save it. If you’re signing up for a new account or changing a password, a pop-up auto-generates a complex password that you can use and save in a single click.

You can choose to save accounts by user-friendly names, handy if two people are using one computer for their Facebook, LinkedIn and so on.

An automatic password changer (part of an additional free download package) prompts you to replace your old passwords with new, strong ones. The app provides free backup online. However, it doesn’t offer form auto-complete features like other services on this list. 

If your phone supports biometric log-ins, you can use your fingerprint in place of your master password to log in to sites, a godsend to avoid tapping uber-complex master passwords onto a smartphone screen. If the wrong details are entered, the Mugshot feature snaps a picture, on the presumption that it must have been a thief — pretty cute. The downside is that the LogmeOnce apps, both Android and iOS, are clunky in appearance and function. 

Imports browser passwords: Yes
Password health check:Yes
Biometric login: Yes
Two-factor authentication:Yes
Digital wallet: No, but you can save up to three pieces of information in secure notes (more in the Professional version)
Online backup: Yes
Sync across devices: Yes
Platforms: Mac, Windows, iOS, Android
Price: Free; $1/month for Professional version 

[Image credits: password security via Shutterstock, Dashlane, LastPass, Sticky Password, LogmeOnce]

Updated on 6/29/2016 with correct Dashlane premium subscription price



Discussion loading

Keeper

From Phil Haqeeqa on June 28, 2016 :: 1:32 pm

I use Keeper - its a great tool for keeping me safe and secure online, including on my phone.

Reply

gravatar

Dashlane Pricing

From Russ Troester on June 28, 2016 :: 2:20 pm

The pricing for Dashline’s premium service shows as $10 more/year on their site - $39.99.

One other app I’ve used for a long time that started on Mac and now has clients for Android, iOS, and Windows is 1Password. They’ve also introduced “Families” and “Teams” so you can share password vaults with others.

Reply

gravatar

DashLane - like it but one huge problem

From Dorothy Appleman on June 28, 2016 :: 4:20 pm

There is no way to get in touch with them.  No phone.  I have had inordinate amounts of problems trying to set up passwords for my self and spouse with a medical portal.  Trying to use the doctor’s office provided login/pw and using MY computer as I keep the records.  It invariably fails after the first login and there is no respite.  I think Dashlane doesn’t like having several logins for the two of us on my computer but I can’t get any help setting it up.

Reply

gravatar

Dashlane Employee

From Malaika N. on June 28, 2016 :: 5:01 pm

Full disclosure: I currently work at Dashlane.

Great article Natasha! But as Russ mentioned, the price is $39.99/year. You can check out our pricing page for more info: https://www.dashlane.com/premium.

Hi Dorothy! Since we are a small, but growing international company, phone support is a bit tricky, but we’re looking at other solutions in the meantime. For example, you can always reach out Support team via email, or via our new Live Chat feature on the bottom right of our Help Center! You can reach us either way here: https://support.dashlane.com/hc/en-us/requests/new

Would you mind emailing us with more details about your issue, what kind of device you’re using, etc. We’d be more than happy to help!

Reply

gravatar

Dashlane? Seriously?

From Buster CHappell on June 30, 2016 :: 11:15 pm

Tried twice but some problems installing! I have been computing since the beginning of PC technology so this is not my first rodeo! There are definite problems with the downloading and installing of this program! Therefore I suspect there will be problems in using the program so I will pass for now and would recommend the same to others! And the lady who says they are ‘small’ and working on getting up to speed on technical support by phone should tell you to stay away for now!

Reply

gravatar

We're Here To Help

From Malaika N on July 01, 2016 :: 10:02 am

Hi Buster,

Thanks for the feedback and I’m sorry you’ve experienced issues. I want to do my best to help, but I’d need more information about the kind of device you’re using, which version of Dashlane you tried to install, etc. Even if you do not want to download Dashlane at the moment, could you send us and email with more details about the problems you experienced? You can reach us via email here: https://support.dashlane.com/hc/en-us/requests/new or you can use our Live Chat feature for faster support. And feel free to include my name in your email. smile

Thanks, and I look forward to resolving your issue soon!

Reply

Keep away from biometrics

From Abbe Sillie on June 30, 2016 :: 11:39 pm

We need to make sure that biometrics will not be involved for the masterpassword.

It is now getting known that the authentication by biometrics usually comes with poorer security than PIN/password-only authentication.  The following video explains how biomerics makes a backdoor to password-protected information.
https://youtu.be/5e2oHZccMe4

Reply

Keeper just got even better

From Phil Haqeeqa on July 06, 2016 :: 11:50 am

There is the New Keeper Family Plan -  it includes 5 Keeper Unlimited licenses for only $59.99!!! its a great deal that will keep you and your loved ones safer online!

Reply

gravatar

saferpass

From bobo355 on July 07, 2016 :: 11:13 am

I´m basic user and I use SaferPass, it is easy to use. it is free and work with iPhone and as chrome extension.

Reply

Roboform not even mentioned?

From James E Bailey on July 10, 2016 :: 10:06 am

Not a mention, not a word about Roboform which is a great password manager and works on my tower, notebook and android phone. Had Dashlane but it was not good across platforms, especially Android. Also had Lastpass but also didn’t work well across platforms and I am glad I got out before the hackers got them. Are you getting paid for listing these particular password managers? I have valued Techlicious opinion in past but now I have to question my loyalty.

Reply

gravatar

I second that...

From Jimmy on July 11, 2016 :: 4:19 am

For many, many years now, I have been using Roboform. It works great, it has well-thought through options, so I’m totally wondering why there is not even any mentioning of Roboform in this article. Okay, it still needs a REAL 2FA option (at the moment there is a whitelisting feature called OTP) but still…. Might Techlicious be getting referral fees from the other vendors?

Natasha, please explain!

Reply

gravatar

Same here...

From John Wafford on July 11, 2016 :: 5:55 am

I couldn’t agree more. RoboForm is an excellent app and I was surprised to see no mention of it in the article.

Reply

avatar

After a rigorous editorial process,

From Suzanne Kantra on July 11, 2016 :: 12:24 pm

After a rigorous editorial process, we found these password managers to be the best for the reasons we outline above. We were not paid to list any of these password managers and are not receiving referral fees.

As for Roboform, we have included it in the past in our password manager stories, but it did not make the cut this time.

Reply

gravatar

Thanks for your response

From John Wafford on July 11, 2016 :: 12:55 pm

I can appreciate that it is not possible to cover all PMs, but as RoboForm is so widely used, could you say why it failed to make the grade this time?

Many thanks.

Reply

gravatar

We don't get paid to

From Natasha on July 11, 2016 :: 2:05 pm

We don’t get paid to list products in editorial stories here at Techlicious.
We have covered Roboform Everywhere in the past (http://www.techlicious.com/how-to/minimize-your-risk-of-passwords-theft/) but I felt it hasn’t kept up with other password managers as it doesn’t offer a password health check or means to update all weak passwords, and its interface is dated compared to LastPass or Dashlane.

Reply

gravatar

That's fair comment. I'll have

From John Wafford on July 12, 2016 :: 5:14 am

That’s fair comment. I’ll have to find out if Dashlane can import my existing passwords from RoboForm.

I work on another tech support forum and we don’t get paid either, so I know where you are comming from.

Reply

gravatar

What about 1password?

From Gordon Helser on September 23, 2016 :: 12:34 pm

I like 1password.  What do you have against it?
Thanks,
Gordon

Reply

avatar

1Password doesn't have two-factor authentication,

From Suzanne Kantra on September 23, 2016 :: 1:21 pm

1Password doesn’t have two-factor authentication, which we feel is important in a password manager. If someone did get access to your 1Password password, there’s no second layer of security that would prevent them from getting into your account—and all of the passwords stored there.

Reply

gravatar

1Password

From Russ Troester on September 23, 2016 :: 2:37 pm

Actually, that has somewhat changed. While perhaps not strictly in the 2FA category, it’s not just your master password one would need access to. They would also need your account key:

https://support.1password.com/understanding-account-key/

I guess my point is simply that I don’t feel that by simply having 2FA, something is inherently more secure or at the very least, not all 2FA is created equal.

I’m not necessarily pushing for 1Password, I just happen to use it and like it very much. I tried Dashlane and there were features I really liked like the ability to quickly update a password on a site with a single click. But, the killer for me was you can’t associate more than one URL with any given password.

Reply

© 2015 Techlicious LLC. Home | About | Meet the Team | Sponsorship Opportunities | Newsletter Archive | Contact Us | Terms of Use | Privacy Policy

site design: Juxtaprose