Security

Best Password Managers: Top 4 Reviewed

1Password, Clipperz, LastPass, RoboForm)
What good is a secure password program if you can't get access to your data when and where you need it?

Using a password manager application to automatically log into Web sites -- and to secure and manage all of your user IDs and passwords -- is a great help in organizing your digital life. But most password managers simply save your data in an encrypted file and then leave it stranded on one computer.

That doesn't work if you have a Windows desktop at work, a Mac or Linux machine at home, an iPad in your family room and an Android phone in your jacket. You need secure access to your data from any device, at any time, whether you're online or offline. And you don't want to have to manually update several work, home and mobile password databases every time you change an account's credentials -- something I've been doing for years.

The makers of an emerging breed of password managers are striving to provide secure online access to your passwords in the cloud and give you a synchronized, local copy of your password database on every computer and mobile device, no matter what operating systems, browsers or mobile platforms you use. (Having a synchronized local copy means you don't have to worry if the password database in the cloud goes down -- or the vendor suddenly disappears.)

In Video: How to Retrieve a Lost Windows Password

For this roundup, I looked at four products in this category: Agile Web Solutions' 1Password, Clipperz from Clipperz SRL, LastPass from the company of the same name and RoboForm from Siber Systems Inc. I tested each on four different platforms: a MacBook Pro running OS X 10.5.8, laptops running Windows 7 and Windows XP, and an iPad. I also tested browser add-ons for Internet Explorer, Firefox and Chrome.

Keeping passwords secure

All four applications work by having your computer encrypt passwords and other personal data before uploading a copy to the cloud. Because the data has been encrypted locally, the vendor does not have the key to unlock the data stored in the cloud: Only you do.

You secure your password database by creating a user account name and a master password. Once you're logged in, the applications automate the process of gathering user IDs, passwords and other information as you visit each Web site. They can then automatically fill in and submit your log-in credentials each time you return to those sites.

LastPass, RoboForm and 1Password can also fill in forms using data stored in profiles. You can create "identities" that have access only to subsets of your password data (such as work-related information, personal data or data for systems shared by you and your spouse), and you can store other types of sensitive data, from locker combinations to safe deposit box numbers. The way in which Clipperz supports forms is a little more involved, requiring the use of bookmarklets and mapping fields into what Clipperz calls Direct Login links.

The local versions of these products rely on any or all of three different technologies to do the job: Native applications designed to run on each operating system, extensions and plug-ins for popular browsers, and bookmarklets that can run on any browser that supports JavaScript. Not all products support a locally cached copy of your data on every device. In some cases, a product supports a local cache on one platform but not another; others support a local copy, but it's read-only.

Support for mobile devices is more limited. On some mobile devices, such as Apple's iPhone or Android-based phones, the password management application may include a simple, stand-alone browser when it can't integrate tightly with the native browser for the device. On some platforms, some products may lack the ability to maintain a synchronized, local copy of your data.

As a category, these products are still evolving. Once you figure out the best way to work with them, however, they make securing and accessing your passwords from any device, at any time, convenient and easy.

For comprehensive coverage of the Android ecosystem, visit Greenbot.com.

Subscribe to the Security Watch Newsletter

Comments