Tech Made Simple

Hot Topics: How to Fix Bluetooth Problems | Browse the Web Anonymously | Complete Guide to Facebook Privacy | How to Block Spam Calls

Choose It

author photo

The Best Password Managers

posted by on November 22, 2019 in Computer Safety & Support, Computers and Software, Phones and Mobile, Mobile Apps, Guides & Reviews, Top Picks :: 53 comments

Techlicious editors independently review products. To help support our mission, we may earn affiliate commissions from links contained on this page.

Why you should trust me
I've been covering consumer tech issues, digital privacy and cybersecurity for more than five years. I am also the features editor at TOP10VPN, where I cover online censorship and surveillance. My work has appeared at BBC Worldwide, CNN, Time, Travel+Leisure and Techlicious.


How many passwords do you need to remember? Most of us have dozens of online accounts, including accounts we use every day such as email, social networks and shopping sites as well as long-forgotten sites we’ve used exactly once.

The cardinal rule of password safety is not using the same password across sites, lest you risk a snowballing breach of all your accounts. But combining that principle with cardinal rule number two—creating complicated passwords that aren’t easily guessable by people or machines—results in the near-impossible task of remembering dozens of random strings of characters. And that in turn makes it hard to keep the third cardinal rule: never writing your passwords down.

Password managers solve all of these issues in one fell swoop. As smartphone apps and handy browser plugin, they encrypt and store passwords for your various online accounts, all protected by a master password that is the only thing you need to remember.

Beyond security, password managers are also a convenient way to handle sensitive information. You can share passwords with trusted friends or family, without them being able to see the password, while most also encrypt notes and scans of documents such as passports. On smartphones, a password manager app can log you into apps and websites without the hassle of having to type your fiendish string of characters into a tiny mobile-sized form field.

Better than browser password managers

The built-in password managers in the major browsers are a lot better than they used to be, and address one of the biggest issues – that many people are still using passwords that can be easily cracked, either because they’re weak or reused at swathes of sites across the web.

Firefox now supports password generation and encrypts stored passwords, with alerts of passwords that may have been compromised in data breaches of other websites. Chrome offers password generation and you can log into your Google account for a password strength check, while Safari flags passwords that are weak or used multiple times (in Preferences > Passwords) and can also be set to generate unique, complex passwords in new password fields. (On smartphones, Safari, Chrome and Firefox all generate strong passwords and flag weak efforts.)

However, there’s still a security issue around the fact that unless you remember to sign out of your browser at the end of every session, your accounts can be easily compromised by anyone with access to your computer.

To that end, Google Chrome has the safest password manager, requiring Google login with the option of two-factor authentication; while Firefox and Edge have the option of putting a master password; and Safari doesn’t have any sign-in at all, so that anybody using it can access your logins, and open your list of saved passwords to see which accounts can be auto-filled (and if you don’t have a password protecting your Mac, they can then elect to “show passwords” in that same screen). 

On top of that, dedicated password managers generate not only strong passwords whenever you sign up for new accounts (or to update any “123456” efforts still sticking around) but also offer additional security by requesting your master password at the start of each web session as well as two-factor authentication for individual logins.  

Creating a strong master password

The only trick to using a password manager is coming up with an uncrackable master password to secure the vault of all your logins. 

The good news is strong passwords aren’t necessarily the incomprehensible strings of characters you might think. Password crackers employ cracking dictionaries, testing dictionary words and common passwords at thousands of guesses or more per second, including well-known substitutes such as “5” for “s,” so what appears incomprehensible to a person is just a matter of time for a computer.

In 2013, a group of tech reporters from Ars Technica cracked 14,800 encrypted passwords in a few hours using such techniques. Even a brute-force attack (such as trying all possible combinations of letters) at thousands of guesses per hour could break an seven-character password in nine days.

To come up with your own tough-to-guess passwords:

  • Use at least 12 characters; this increases the number of possible combinations and lengthens the time needed for a brute force attack.
  • Use upper and lowercase letters, numbers and symbols. But avoid common substitutes that would reduce the randomness of the password and therefore make it easier for a computer to guess.
  • Combine a few different words that aren’t normally used together. Even better, come up with a pass phrase by taking the first letters of a memorable (long) sentence, appended with memorable dates and unusual (but memorable) substitutions.

For example, “During winter, she would hope for snow and be bitterly disappointed (1984)” might become “DWswh4s&BBD(84)” as a pass phrase, which makes use of uppercase, lowercase, numbers and symbols.

Whatever you come up with, make sure you can remember it. Password managers don’t save master passwords and most don’t even save a password hint, so if you forget your master password, you’ll lose access to your data.

The best password manager features

To start cleaning up your password act, your password manager should meet these screening criteria.

1. Ease of use

It should save passwords from apps and sites seamlessly, including importing passwords from your browser(s) or other password managers.

2. Password health check

Does it rate passwords and update weak ones?

3. Biometric log-in

Using face or fingerprint recognition to login to the smartphone password manager ups both convenience and security – and additionally, may offer a way to recover accounts if the master password if forgotten.

4. Two-factor authentication

This system requires an additional offline code along with the master password – usually when using the password manager on a new device – so even if this password gets compromised, the vault is still secure.

5. Digital wallet

Can your digital wallet feature securely store credit card details and, even better, facilitate express checkout?

6. Online backup

The system should back up your information so passwords can be restored in the event of a lost or stolen device.

7. Sync across devices

The manager should let you access passwords on both work and home computers, as well as your smartphone.

All of our following picks meet these criteria, with the exception of the digital wallet. While a nice feature, we didn't feel it was essential. 

Editor's Pick: Dashlane

Techlicious Pick for Best Password Manager: Dashlane

If you want a password manager with all the bells and whistles, Dashlane is the one. A well-designed, intuitive app for browser and smartphone, it comprises several privacy features along with a seamless password generator and form auto-filler.

Its desktop app will import saved passwords from your browsers as well as other password managers, while its browser plug-in automatically generates passwords for new accounts and auto-fills saved passwords. If you have more than one password or account on certain site, it’s easy to select the appropriate one.

If your passwords on any accounts are weak, you’ll be encouraged to update them, or if you spring for the Premium subscription, Dashlane can automatically replace these with strong alternatives.

The app includes a digital wallet to store payment cards so you can pay online without having to remember your credit card info.

There’s a secure notes feature, with templates for saving frequent flier numbers, Wi-Fi passwords, ID information for autofilling forms, as well as your credit card information. It’s similar to your existing memos app but encrypted, so if your computer is breached, all is not lost. The browser plug-in will also offer to save receipts from online transactions.

Though Dashlane is serviceable as a free app, supporting a browser plugin and the ability to save and generate passwords on one device, its Premium version really offers an all-round online privacy solution.

The premium version of Dashlane lets you sync passwords across unlimited devices and use its web app to securely log in to your accounts on a public computer. Accessible on all major browsers except Internet Explorer, the Dashlane Web application only decrypts your passwords locally once the data has reached the computer (whether it’s a public computer or your own), so all information that is shared with the Dashlane servers remains encrypted. And since you need to be logged into Dashlane and decrypt the information with your master password, the next person won’t be able to read your data.

For free and premium users, Dashlane supports two-factor authentication so that any time you log in with your master password, whether that’s in a browser or on another device, you can choose to also require a security code from an offline app such as Google Authenticator Google Authenticator (free for iOS and Android). 

Imports browser passwords: Yes
Password health check: Yes, with alerts when weak or old passwords need to be updated
Biometric login: Yes, for Premium version
Two-factor authentication: Yes
Digital wallet: Yes
Online backup: Yes, for Premium version
Sync across devices: Yes, for Premium version
Platforms: Mac, Windows, iOS, Android
Price: Free; $59.88/year for Premium version

RoboForm Everywhere

RoboForm

Although RoboForm Everywhere can feel clunky compared to streamlined, feature-packed password managers like Dashlane or LastPass, it offers great form-filling features in addition to security basics like a password health check, in-browser password generation and syncing across unlimited devices.

Its dashboard makes it easy to comb through hundreds of passwords, with folders and a powerful search feature, and you can also share logins – say for a joint bank account – with trusted recipients (so they can access accounts but not see the passwords).

There is also an emergency contact feature with premium accounts, so that trusted friends or family (who will be invited to sign up for a free RoboForm account if not already users) can access your password vault in an emergency, or even if you’ve simply forgotten your master password, allowing you to recover your account more easily.

Its browser plugin is available for all the major browsers - Safari, Firefox, Chrome, Opera, Internet Explorer, and Edge – and along with saving and autofilling passwords, these are also top-notch with commonly used online data such as your name, address and phone number (rather than trusting these details to your browser). Passwords aren’t the only loot after all – and to that end, if you’ve employed the method of saving important numbers such as tax references to a note file, you can encrypt and save the file to RoboForm Everywhere. 

Imports browser passwords: Yes
Password health check: Yes, with alerts when weak or old passwords need to be updated
Biometric login: Yes
Two-factor authentication: Yes
Digital wallet: No
Online backup: Yes
Sync across devices: Yes
Platforms: Mac, Windows, iOS, Android
Price: Free; $23.88/year for Premium version

LastPass

LastPass

The free version of LastPass is one of the most feature-packed – and easy to use – password managers around. Uniquely, free users on LastPass get password syncing across unlimited devices – nearly every other password manager offers free users just one device – which becomes increasingly necessary when all your passwords are complex random generations and you’re hopping between work and personal devices. Free users can also securely share passwords with trusted others so they can access accounts temporarily (say, to stream TV) or permanently (say, to pay joint bills). There are browser plugins for Chrome, Firefox, Safari, Opera and Edge browsers.

On smartphones, downloading the LastPass app means you can get passwords autofilled in other apps as well as on mobile sites. If your phone supports it, the app can be unlocked using face or fingerprint recognition – which handily also means that if you forget your master password, you can biometrically unlock the smartphone app to change it. 

Like many other managers, it also auto-fills personal information into online forms, and offers a secure notes feature with preset forms for storing Wi-Fi passwords, membership numbers and other sensitive information. Notes can also be securely shared. 

Get the lowdown on how secure your passwords are by heading into LastPass’s Security Challenge, which tells you how many weak, old or reused passwords you have and rates your security on a scale of 100. It alerts you about sites at which you have accounts that have experienced site compromises. In all of these cases, LastPass can update your passwords with new, generated strong passwords. 

At the start of 2019, LastPass bumped up the price of its premium password manager to $36/year, from $12 back in 2016. For this price, you get several extras, including 1GB of secure file storage, password auto-fill for desktop apps as well as online accounts, extended two-factor authentication supporting hardware keys and emergency access for loved ones. All that said, however, if you don’t need all these features, the free version, with its support for use across unlimited devices, is likely to meet basic password needs and then some.

It’s worth noting that LastPass was the subject of a high-profile breach a few years back, although the company says it didn’t expose master passwords or decrypted user data. The most recent vulnerability uncovered by researchers, which could have leaked passwords from users’ last-visited site, has been addressed in a software update.

Imports browser passwords: Yes
Security health check: Yes, with alerts when weak or old passwords need to be updates
Biometric login: Yes
Two-factor authentication: Yes
Digital wallet: No (though you can store bank card info in the secure notes feature)
Online backup: Yes
Sync across devices: Yes, for Premium version
Platforms: Mac, Windows, iOS, Android
Price: Free; $36/year for Premium

Bitwarden

Bitwarden

For the tech-savvy and privacy-concerned, Bitwarden is a great – and affordable – option. This streamlined basics-only password manager is open-source and audited by security researchers and third-party firms. Its browser plugins support not only the major browsers (Chrome, Edge, Firefox, Safari, Opera) but also the lesser-used, privacy-focused Tor, Vivaldi and Brave. 

For free accounts, Bitwarden offers online backup and password syncing across unlimited devices, as well as an encrypted ‘web vault’ if you need to access your passwords at a public computer. Password generation for new accounts isn’t quite as slick as on many other password managers – when creating new passwords, where Dashlane and LastPass plugins pop up a handy button within form fields to create logins, with Bitwarden you’ll have to open the browser plugin, generate a password and copy it into the field.

Another minor hurdle is that importing passwords involves going into your browser (or other application) settings, saving stored passwords into a file format such as .csv, then heading into your Bitwarden account to import this file. That said, there are easy instructions on the Bitwarden help page, and the upside is you only need to do this once.

Accounts are protected by two-factor authentication – you’ll be asked for a 2FA code from an app like Google Authenticator whenever syncing to a new device.

A $10/year premium account offers a password health check, 1GB of encrypted file storage and data breach monitoring (the latter of which is included in premium accounts from much pricier password managers). Premium users also get the ability to secure individual logins with 2FA, plus the option of USB keys as a 2FA method.

Though Bitwarden takes a little more manual tinkering, this open-source option is an easy to use tool that’s ideal for privacy-centric browsers not supported by most other password managers.

Imports browser passwords: Not directly – you have to save passwords from your browser or other password manager into a file then import this file.
Password health check: Yes, for paid-for accounts.
Biometric login: Yes
Two-factor authentication: Yes
Digital wallet: No
Online backup: Yes
Sync across devices: Yes
PlatformsMac, Windows, Linux, iOS, Android
Price: Free, $10/year for Premium

Sticky Password

Sticky Password

Designed by former execs behind the free antivirus software AVG, Sticky Password seamlessly encrypts and stores passwords and fills out a large variety of forms, recognizing fields such as job titles and company names and handling a range of online accounts.You can also share passwords with other users, as well as organise passwords into folders, although unlike Keeper Security, you can’t share folders of passwords.

Unlike some other password managers, Sticky Password also offers unlimited encrypted data storage within its desktop app and for free users, but to get enough use of this password manager, the premium version is really required: it backs up passwords online, syncs them across all your devices and allows password sharing.

There’s also a great new security feature where passwords can be synced between devices only when on your own – and therefore safe – Wi-Fi network as well as through the cloud. However, it lacks the data breach monitoring that several other premium services offer
 Its browser extension is available for Chrome, Firefox, Internet Explorer, Opera and Safari, although not Edge.

The dashboard displays all your accounts and passwords, with weak passwords highlighted for updating. A secure memos feature lets you write down other sensitive passwords and membership numbers.

The premium version backs up passwords online and syncs all your devices. Choose to do this over your own Wi-Fi network (potentially more secure) or through the cloud. If you test out Sticky Password and love it, you can get a lifetime license for $149.99. 

Imports browser passwords: Yes
Password health check: Yes
Biometric login: Yes
Two-factor authentication: Yes
Digital wallet: Yes
Online backup: Yes, for Premium version
Sync across devices: Yes, for Premium version
Platforms: Mac, Windows, iOS, Android 
Price: Free, with 30-day free trial of Premium; $29.99/year for Premium; $199.99 for lifetime license

LogmeOnce

LogmeOnce

LogmeOnce offers a ton of features with its free version, including – like LastPass – the ability to sync passwords across multiple devices, plus some unique anti-theft features in its two paid-for account types.
 

The downside is that interfaces on its browser extension (available for Chrome, Firefox, Internet Explorer, and Safari) and mobile apps are dated compared to the likes of Dashlane and LastPass – but they’re easy enough to use. As soon as you hit a site that asks for your password, LogmeOnce asks if you’d like to save it. If you’re signing up for a new account or changing a password, a pop-up auto-generates a complex password that you can use and save in a single click.

You can choose to save accounts by user-friendly names, handy if two people are using one computer for their Facebook, LinkedIn and so on. There’s also an auto-complete feature for forms requiring personal information like your name and phone number.

An automatic password changer prompts you to replace your old passwords with new, strong ones. The free version allows you to share just five passwords with other users, which may be limiting if you have multiple accounts to which others need access from time to time. Shelling out for the $1/month Professional version gets you 30 password-shares, or unlimited shares with the, well, Unlimited account for $3.25/month. You can also encrypt text files (three in the free version, more in the paid-for versions).

Now for the unique anti-theft features. If the wrong details are entered, the Mugshot feature captures the phone’s GPS location and snaps a selfie on the presumption that it must have been a thief — pretty cute. A new feature, Password Shock, sends flashing or vibrating alerts to any device attempting to hack into someone’s LogmeOnce vault, and relays the device’s location and IP address, with three ‘incidents’ offered in the free version, seven in the Professional and nine in the Unlimited version.

Paying users also get location tracking for smartphones so that in the event of loss and theft, devices can be wiped, locked or rung, while Unlimited users can freeze access to their password vaults if they suspect it has been hacked. One notably missing feature from the premium accounts is the scan for logins that have been compromised in data breaches.

While the volume of available features can be overwhelming – and perhaps not terribly useful for many - LogmeOnce offers a solid password manager with many features for free, as well as an affordable Professional subscription with a good password sharing allowance.  

Imports browser passwords: Yes
Password health check:Yes
Biometric login: Yes
Two-factor authentication:Yes
Digital wallet: Yes
Online backup: Yes, for Professional and Unlimited versions
Sync across devices: Yes
Platforms: Mac, Windows, iOS, Android
Price: Free; $1/month for Professional version, $3.25/month for Unlimited Version 

[Image credits: password security via Shutterstock, Dashlane, LastPass, Bitwarden, Sticky Password, LogmeOnce]

Updated on 11/22/2019 with new picks and features



Discussion loading

Keeper

From Phil Haqeeqa on June 28, 2016 :: 12:32 pm

I use Keeper - its a great tool for keeping me safe and secure online, including on my phone.

Reply

gravatar

Agree!

From Barbara on November 26, 2019 :: 6:24 pm

I agree - I have used Keeper for years with no problems, easy to use.

Reply

gravatar

Dashlane Pricing

From Russ Troester on June 28, 2016 :: 1:20 pm

The pricing for Dashline’s premium service shows as $10 more/year on their site - $39.99.

One other app I’ve used for a long time that started on Mac and now has clients for Android, iOS, and Windows is 1Password. They’ve also introduced “Families” and “Teams” so you can share password vaults with others.

Reply

gravatar

DashLane - like it but one huge problem

From Dorothy Appleman on June 28, 2016 :: 3:20 pm

There is no way to get in touch with them.  No phone.  I have had inordinate amounts of problems trying to set up passwords for my self and spouse with a medical portal.  Trying to use the doctor’s office provided login/pw and using MY computer as I keep the records.  It invariably fails after the first login and there is no respite.  I think Dashlane doesn’t like having several logins for the two of us on my computer but I can’t get any help setting it up.

Reply

gravatar

Dashlane Employee

From Malaika N. on June 28, 2016 :: 4:01 pm

Full disclosure: I currently work at Dashlane.

Great article Natasha! But as Russ mentioned, the price is $39.99/year. You can check out our pricing page for more info: https://www.dashlane.com/premium.

Hi Dorothy! Since we are a small, but growing international company, phone support is a bit tricky, but we’re looking at other solutions in the meantime. For example, you can always reach out Support team via email, or via our new Live Chat feature on the bottom right of our Help Center! You can reach us either way here: https://support.dashlane.com/hc/en-us/requests/new

Would you mind emailing us with more details about your issue, what kind of device you’re using, etc. We’d be more than happy to help!

Reply

gravatar

Dashlane - you must be kidding

From Dorothy Appleman on February 23, 2017 :: 6:14 pm

My first comment was june 26, 2016.  I still have not had a comment on my comment then.  Now I see you are again chosen best password rememberer.
Some of mine work.  I still have problems with registering my login/password for my doctor’s web portal.  Now for the piece de resistance.  All of a sudden, Dashlane no longer fills in forms.  i have to go to the individual website on the dashboard, copy the password and paste it on the site.  this is one of the reasons that I got Dashlane and I have the premium version - for $ 39 I have to copy and paste info that Dashlane is supposed to put in automatically.  I complained in an email but have gotten no reply.  Mrs Dorothy Appleman

Reply

gravatar

Dashlane? Seriously?

From Buster CHappell on June 30, 2016 :: 10:15 pm

Tried twice but some problems installing! I have been computing since the beginning of PC technology so this is not my first rodeo! There are definite problems with the downloading and installing of this program! Therefore I suspect there will be problems in using the program so I will pass for now and would recommend the same to others! And the lady who says they are ‘small’ and working on getting up to speed on technical support by phone should tell you to stay away for now!

Reply

gravatar

We're Here To Help

From Malaika N on July 01, 2016 :: 9:02 am

Hi Buster,

Thanks for the feedback and I’m sorry you’ve experienced issues. I want to do my best to help, but I’d need more information about the kind of device you’re using, which version of Dashlane you tried to install, etc. Even if you do not want to download Dashlane at the moment, could you send us and email with more details about the problems you experienced? You can reach us via email here: https://support.dashlane.com/hc/en-us/requests/new or you can use our Live Chat feature for faster support. And feel free to include my name in your email. smile

Thanks, and I look forward to resolving your issue soon!

Reply

Keep away from biometrics

From Abbe Sillie on June 30, 2016 :: 10:39 pm

We need to make sure that biometrics will not be involved for the masterpassword.

It is now getting known that the authentication by biometrics usually comes with poorer security than PIN/password-only authentication.  The following video explains how biomerics makes a backdoor to password-protected information.
https://youtu.be/5e2oHZccMe4

Reply

Keeper just got even better

From Phil Haqeeqa on July 06, 2016 :: 10:50 am

There is the New Keeper Family Plan -  it includes 5 Keeper Unlimited licenses for only $59.99!!! its a great deal that will keep you and your loved ones safer online!

Reply

gravatar

saferpass

From bobo355 on July 07, 2016 :: 10:13 am

I´m basic user and I use SaferPass, it is easy to use. it is free and work with iPhone and as chrome extension.

Reply

Roboform not even mentioned?

From James E Bailey on July 10, 2016 :: 9:06 am

Not a mention, not a word about Roboform which is a great password manager and works on my tower, notebook and android phone. Had Dashlane but it was not good across platforms, especially Android. Also had Lastpass but also didn’t work well across platforms and I am glad I got out before the hackers got them. Are you getting paid for listing these particular password managers? I have valued Techlicious opinion in past but now I have to question my loyalty.

Reply

gravatar

I second that...

From Jimmy on July 11, 2016 :: 3:19 am

For many, many years now, I have been using Roboform. It works great, it has well-thought through options, so I’m totally wondering why there is not even any mentioning of Roboform in this article. Okay, it still needs a REAL 2FA option (at the moment there is a whitelisting feature called OTP) but still…. Might Techlicious be getting referral fees from the other vendors?

Natasha, please explain!

Reply

gravatar

Same here...

From John Wafford on July 11, 2016 :: 4:55 am

I couldn’t agree more. RoboForm is an excellent app and I was surprised to see no mention of it in the article.

Reply

gravatar

Roboform is there.

From David Zieber on February 23, 2017 :: 1:42 pm

It’s second on the list.

gravatar

Roboform was 2nd on the list

From Kathy on February 23, 2017 :: 12:58 pm

Roboform was 2nd on the list

Reply

avatar

After a rigorous editorial process,

From Suzanne Kantra on July 11, 2016 :: 11:24 am

After a rigorous editorial process, we found these password managers to be the best for the reasons we outline above. We were not paid to list any of these password managers and are not receiving referral fees.

As for Roboform, we have included it in the past in our password manager stories, but it did not make the cut this time.

Reply

gravatar

Thanks for your response

From John Wafford on July 11, 2016 :: 11:55 am

I can appreciate that it is not possible to cover all PMs, but as RoboForm is so widely used, could you say why it failed to make the grade this time?

Many thanks.

Reply

gravatar

Roboform was 2nd on the list

From Kathy on February 23, 2017 :: 2:50 pm

Roboform was 2nd on the list

gravatar

We don't get paid to

From Natasha on July 11, 2016 :: 1:05 pm

We don’t get paid to list products in editorial stories here at Techlicious.
We have covered Roboform Everywhere in the past (https://www.techlicious.com/how-to/minimize-your-risk-of-passwords-theft/) but I felt it hasn’t kept up with other password managers as it doesn’t offer a password health check or means to update all weak passwords, and its interface is dated compared to LastPass or Dashlane.

Reply

gravatar

That's fair comment. I'll have

From John Wafford on July 12, 2016 :: 4:14 am

That’s fair comment. I’ll have to find out if Dashlane can import my existing passwords from RoboForm.

I work on another tech support forum and we don’t get paid either, so I know where you are comming from.

Reply

gravatar

What about 1password?

From Gordon Helser on September 23, 2016 :: 11:34 am

I like 1password.  What do you have against it?
Thanks,
Gordon

Reply

avatar

1Password doesn't have two-factor authentication,

From Suzanne Kantra on September 23, 2016 :: 12:21 pm

1Password doesn’t have two-factor authentication, which we feel is important in a password manager. If someone did get access to your 1Password password, there’s no second layer of security that would prevent them from getting into your account—and all of the passwords stored there.

Reply

gravatar

1Password

From Russ Troester on September 23, 2016 :: 1:37 pm

Actually, that has somewhat changed. While perhaps not strictly in the 2FA category, it’s not just your master password one would need access to. They would also need your account key:

https://support.1password.com/understanding-account-key/

I guess my point is simply that I don’t feel that by simply having 2FA, something is inherently more secure or at the very least, not all 2FA is created equal.

I’m not necessarily pushing for 1Password, I just happen to use it and like it very much. I tried Dashlane and there were features I really liked like the ability to quickly update a password on a site with a single click. But, the killer for me was you can’t associate more than one URL with any given password.

Reply

gravatar

1Password Security

From Will Moore on February 23, 2017 :: 10:05 am

Will here from Agilebits, makers of 1Password.

Thanks for commenting Russ!

Two-factor authentication is a smart way to hedge against bad passwords, but it’s not enough to guarantee the safety of your information. You want to make sure you’re using a password manager with true end-to-end encryption and no access to your secret keys. 1Password has two-factor authentication, but it goes above and beyond:

1Password is the first and only password manager to offer Two-Secret Key Derivation. Your Master Password — which only you know — is combined with a completely unguessable secret that lives only on your devices.

Two-Secret Key Derivation is exponentially stronger than a Master Password alone, and it’s cryptographically enforced.

That means it can’t be reset, intercepted, or evaded like traditional two-factor authentication.

Because authentication can be compromised, we rely on end-to-end encryption to protect your data. Our design includes AES-256-CBC and HMAC-SHA256 for authenticated encryption, and PBKDF2-HMAC-SHA512 for key derivation.

We’d love to see 1Password included in this list too! smile

gravatar

1Password

From Frank Fitz on August 14, 2019 :: 12:46 pm

I have used 1Password offline for years out of fear of an online/cloud hack. I just carry my iPhone everywhere and backup the app regularly and always backup to the iCloud. I know the company makes no money off of me (sorry). What is the big advantage of an online account?

avatar

Big advantage is syncing across devices and backup

From Josh Kirschner on August 14, 2019 :: 2:03 pm

If you have an online account, all of your passwords will be synced immediately between your phone and computers - no need to remember or go through the effort to do manual backups. You would also be able to access your passwords from the web if you’re using a computer that doesn’t belong to you (e.g., at a relative’s house. NEVER access any important accounts from public computers.)

As far as security, you haven’t avoided the risk of an online cloud hack, you’ve just shifted that risk from 1Password to iCloud. Since we know of many, many iCloud hacks related to poor security practices among users and phishing attacks, that may not be the safest choice. So if you are backing up to iCloud, only do so if your backup file is in an encrypted format that can’t be accessed without a separate password.

Reply

gravatar

How it can be safer if your laptop was accessed?

From Ahmed on October 26, 2016 :: 4:53 pm

I am wondering how any of those apps could be safer than simply remembering a list of passwords that were formulated in a strong and memorable way?! For example, if someone had access to your computer and managed to bypass your entry password, which is pretty easy nowadays, he/she would be able to access your websites through the passwords stored already on your browser.
Another thing, if the master password was hacked (and the second key or password as well), it would mean that you would be a big victim because the hacker would have access to all your websites, apps, and bank information! hacking through spy app on either computer or smartphone is easier than drinking a cup of tea now!!
A question, in case I would use any of those apps, would I need to download on both PC and phone, and any device I am using?

Reply

avatar

My thoughts

From Josh Kirschner on October 27, 2016 :: 11:31 am

Remembering a list of strong passwords, especially across dozens of sites, can be a real challenge for most people. Anything you do to make them more memorable typically also makes them more guessable/crackable.

And, yes, I would not store passwords (at least not important ones) in my browser if I’m using a laptop. And the really important ones, like my bank and brokerage account, I memorize, even on my desktop. But this is one example of where password managers really help.

Spying isn’t easier than making a cup of tea, but it’s not really rocket science either. Which is why we’ve always strongly recommended antimalware for both your computer (yes, Macs, too) and smartphone. Password managers also help to prevent spying by keyloggers because passwords are autofilled.

Generally, you would need to download the password manager onto any device you want to use it for, though some support web logins.

Reply

gravatar

clarification needed!

From Ahmed on October 27, 2016 :: 6:18 pm

Hi Josh, thanks for your reply.
How about the part of my comment where I mentioned the potential of hacking the password of the password manager app, and even the second key or password? I guess it would be catastrophic! what do you suggest to solve this issue?
For the keylogging monitoring, because you would need to type the password manager’s password each time you want to have an access to any of your websites, it would be hacked then, and if I am right, you would be providing all of your passwords to your hacker on a plate of silver!

Reply

gravatar

Master password

From John Wafford on October 27, 2016 :: 11:11 pm

Not so, Ahmed. As you only have one password to remember you can make it very strong. The best kind is a sentence that would mean nothing to anyone else, but that is easy for you to remember. For example, “I have two black dogs, one is a Labrador, the other a Lurcher!” This alone is incredibly strong and you could make it even stronger by adding a memorable date. Try putting it into an on-line password checker to find out just how strong. As for having to enter it each time, this not necessary as you can set the time before you need to enter it again. I have mine set for five hours or until I log out of the password manager, whichever is sooner.

gravatar

concern of hacking the master password!

From Ahmed on October 28, 2016 :: 2:33 pm

Hi Josh and John,                                          I know that having one password would enable you to make it stronger and memorable. My point is why this app would make you safer?! If it is a matter of spying on your laptop or desktop, through keylogging, or on your smartphone, through web browsing history, the hacker would be able to find him just inside a ‘treasure’ with access to your everything.

Reply

gravatar

Keyloggers

From Joihn Wafford on October 28, 2016 :: 2:46 pm

That’s a separate issue, Ahmed. No password is safe from keyloggers, which is why I use 2FA with RoboForm and with my sensitive passwords. I also use an antilogger.

Reply

gravatar

Abbreviations!

From Ahmed on October 28, 2016 :: 6:51 pm

What is FA? What are sensitive passwords? And what is the antilogger you use? Could I know which field are you working in as I may need your urgent help in a hacking problem, if you don’t mind?

Reply

gravatar

Abbreviations

From John Wafford on October 29, 2016 :: 2:04 am

Sorry, Ahmed. It was rude of me to assume people knew what 2FA was. It’s two factor authorisation. In RoboForm, the one-time password is used. See this article: http://www.roboform.com/blog/multifactor-authentication

By sensitive passwords, I mean those that need extra protection, such as my various bank accounts and PayPal.

The antilogger I use is Zemana. Techlicious may not approve of posting websites here, but I’ll try. Their site is https://www.zemana.com/

With regards to your hacker problem, I can’t post my personal email address here, but you can find me on Facebook. I’m the only John Wafford on there.

Reply

gravatar

Facebook

From John Wafford on October 29, 2016 :: 2:16 am

Hi Ahmed,

Seems I’m not the only John Wafford on Facebook, but I’m the only one with a full-face picture as my avatar.

Reply

gravatar

Thanks David!

From Ahmed on November 03, 2016 :: 3:51 pm

Hello David,
Thanks! I guess Roboform is one of the password management apps. I have been thinking of using ‘sticky password’ which I felt it more organized and it contains the two-factor authentication you referred to in your comment and article, what do you think?
Another thing, should I need to download the anti-keylogger you referred to besides the Avg premium, Malwarebyte, and the Herdprotect?
I would chat to you on facebook!

Reply

gravatar

Unable to find you on FB!

From Ahmed on November 03, 2016 :: 3:59 pm

David. I am unable to find you on FB among the bunch of JOHN WAFFORD there! Guide me!

Reply

gravatar

Facebook entry

From John Wafford on November 03, 2016 :: 5:34 pm

Ahmed,
There are only four named just John Wafford. I’m the one that went to University College of Wales, Aberystwyth.

Reply

gravatar

I contacted you on FB!

From Ahmed on November 07, 2016 :: 10:47 am

Hi David,
I contacted you on FB, have you received my hit there?

Reply

gravatar

Facebook entry

From John Wafford on November 07, 2016 :: 1:28 pm

Hi Ahmed,
No, there’s nothing there.

Reply

gravatar

Ok David, text me there

From Ahmed on November 07, 2016 :: 2:34 pm

Ok David, text me there on ‘Ahmed Said Elshal’

Reply

gravatar

LastPass

From Peter O on January 28, 2017 :: 4:40 pm

I have no idea why this PW manager continues to be recommended.
I find it cumbersome to use & it’s particularly annoying that even when set to login automatically it fails to do so necessitating a search within the vault which takes a time.

I conclude that most reporters accept what is claimed for the product but do little practical testing. In other words it’s analysis of claims not genuine tests.

Reply

gravatar

LastPass

From Natasha Stokes on January 31, 2017 :: 6:41 am

Hm, does it fail to login automatically for all your accounts? Is it possible you have two logins for a particular site and hence need to select one before the password can be auto-filled?

As the tester for this article, I used LastPass for weeks and rated it as I’ve found it streamlined for auto-filling logins and saving new logins; and especially for flagging weak passwords with the ability to update them all from the dashboard.

Reply

gravatar

It appears you missed an important feature in RoboForm

From Tom M on February 23, 2017 :: 12:57 pm

RoboForm can save the password of encrypted files. I use encryption on some Microsoft Office files such as for Word, Excel, Access and files for Quicken, Quickbooks, etc. When I open the file, RoboForm fills in the password. This feature is stored under ‘Applications’ in RoboForm.

Reply

gravatar

I have been using Roboform

From Ron Ablang on February 26, 2017 :: 9:44 am

I have been using Roboform (desktop), LastPass (free), and LogMeOnce (free) for years.  I love them.

Reply

gravatar

Lastpass sync

From kenish on February 27, 2017 :: 2:48 pm

FYI, the premium version of Lastpass is no longer required to sync across your devices.  The free version includes it. Dashlane still requires a paid subscription to sync.  (Feb 2017)

Reply

gravatar

How about Cyclonis password manager?

From emilySc on February 28, 2018 :: 4:36 am

I had enough with LastPass’s repeated interruption during work and found this Cyclonis password manager on cnet. The app looks pretty neat, no ads, but it is free and has no paid version. Is it safe to use? Can i trust it?

Reply

avatar

I would not use it

From Josh Kirschner on February 28, 2018 :: 11:48 am

Any program I was using to manage my passwords I would want to be triple sure that it was a solid program from a solid provider. I’ve never heard of Cyclonis, there are no reviews of the software from well-known tech sites and the version on download.cnet.com has no user ratings (though I give no credibility to those, anyhow). It could be that Cyclonis is a great program, there’s just no good way to know.

It’s also important to understand that download.cnet.com does not equal CNET. Basically, any company can offer their software over download.cnet.com, assuming it doesn’t violate certain rules; there is no editorial vetting process. While download.cnet.com claims to do checks for malicious software, I don’t believe they can offer a rigorous enough analysis to ensure that a supposed password manager wasn’t doing something far more nefarious with your data or that it doesn’t maintain a major flaw that would allow it to be cracked. Could well-known programs also have these issues? Sure. But those issues tend to get discovered more easily and fixed because of their wide usage.

Perhaps if you tell us more about the issues you’re having with LastPass, we can help find a solution. Or try one of the other managers in our list above.

Reply

1Password - How did the best password app not make the list?

From Michael Peachey on November 25, 2019 :: 11:37 am

1Password has installed versions for Mac, PC and mobile devices. It has a web version for when you are on a share computer. All passwords are shared across multiple devices.  It generates strong passwords along with reports of weak and reused passwords. You can share your entire vault with your family, or just parts of it, terrific for helping kids or older relatives manage passwords. It does credit card auto-fill, personal info auto fill with multiple identities for work, home, etc.

Reply

Read More Comments: 1 2

Home | About | Meet the Team | Contact Us
Media Kit | Newsletter Sponsorships
Newsletter Archive
Terms of Use | Privacy & Cookie Policy

Techlicious participates in affiliate programs, including the Amazon Services LLC Associates Program, which provide a small commission from some, but not all, of the "click-thru to buy" links contained in our articles. These click-thru links are determined after the article has been written, based on price and product availability — the commissions do not impact our choice of recommended product, nor the price you pay. When you use these links, you help support our ongoing editorial mission to provide you with the best product recommendations.

© Techlicious LLC.

site design: Juxtaprose