July 29, 2011 at 23:00

Popular password managers in comparison

    imageSecure password storage is a very relevant topic at any time, especially after the recent high-profile cracking of large sites. After one of my passwords leaked to the Network after hacking the MtGox exchange, I became concerned about switching to serious protection methods.

    The most important points neglected by many users who store passwords in their heads or on paper are the use of separate passwords on each service and the rejection of simple, easy-to-remember passwords. To make this possible, there is a considerable amount of software of different quality, the study of which I took up. Now I would like to share the results of my research.

    So, the programs that fell under my choice are as follows: KeePass, eWallet, LastPass, 1Password, RoboForm . Who cares - welcome to cat.

    I warn you in advance: this review does not claim to be complete or 100% reliable. I just want to give the reader a fairly complete impression of the programs presented so that I can make a decision to use one of them.

    So let's get started.

    KeePass Password Safe


    imageThe first applicant is the open-source password manager KeePass . It is free and freely distributed under the GPL v2 license. There are two main versions: the "old" 1.x, which works only under Windows, and the "new" 2.x, written on .NET and including Mono in OS X and Linux. Both versions exist in the Portable version. There are also third-party programs that work with KeePass databases - for Linux and Mac OS X, for example, KeePassX .

    The password database is encrypted with AES-256 and stored in a file that can be synchronized by any convenient means, whether it be Dropbox, a flash drive, or something else. It is possible to use a multi-way key conversion, due to which the time required to decrypt the database increases; this increases resistance to brute-force attacks. Some clients on other platforms can work with databases in Dropbox directly (for example, KyPass on iOS). Databases of version 2.x are not backward compatible with 1.x, which creates problems with a lot of third-party software working with databases of the old version (although you can export the database of the old format from the new version).

    KeePass has a built-in AutoType feature that allows you to automatically enter passwords in browsers and other programs. KeePass also has many plugins, which include tighter integration with all major browsers (IE, Firefox, Chrome), and provide many additional features.

    As mentioned above, due to the openness of KeePass, a lot of software has been written for various platforms. On mobile devices, there are KeePass clients on the following platforms: iOS, Android, WM Classic, Windows Phone 7, Blackberry, and J2ME. More detailed lists of plugins and third-party software are available on the KeePass website.

    eWallet


    imageeWallet is a paid password and personal information manager from Ilium Softwarе. eWallet exists in versions for Windows and Mac OS X ($ 9.99), and also has clients for iOS, Android (viewer only), BlackBerry, and Windows Mobile Classic.

    The database file, like in KeePass, is encrypted using AES-256. Data is stored locally, cloud storage by eWallet is not provided.

    Database synchronization between desktop computers is possible only by manual transfer. The Windows version is synchronized with mobile clients on WM Classic and Blackberry using the built-in platform synchronization (ActiveSync and BlackBerry Desktop, respectively). Syncing the Mac version with the version on iOS is possible via iTunes and Wi-Fi.

    The Windows version of eWallet integrates with Internet Explorer, Firefox, and Chrome. The OS X version only offers integration with Safari.

    1Password


    image1Password is a popular AgileBits solution for storing passwords, software licenses and other personal information on Mac OS X. Recently, a version for Windows has also been released, and a native client for iOS is also offered. The program is quite expensive - versions for Windows and Mac OS X cost $ 39.99, or $ 59.99 for both; The iOS version is available on the AppStore for $ 14.99. Read-only Android application is free.

    All versions of 1Password have a built-in database synchronization function using the Dropbox service. This functionality is optional, the default database is stored locally. The database is encrypted by AES-128. Built-in integration tools with browsers and the operating system prevent password leakage through keyloggers.

    1Password for Mac integrates out of the box with Safari, Firefox, Chrome, and Camino. The Windows version integrates with Firefox, Chrome and IE. Both versions of 1Password also offer a convenient interface for using stored information in any other applications (including the AutoType function similar to KeePass).

    Besides integration with different platforms, 1Password provides another original way to access its database. Password storage (agile keychain) is a set of files, one of which is an HTML file with a full interface for working with the database, which can be opened by any browser on almost any device.

    Customer rating 1Password for iOS - 4 stars out of 5, the highest of all considered mobile programs. Many reviews also praise 1Password on OS X for its user-friendly interface and browser integration.

    Roboform


    imageRoboForm is one of the oldest programs in this market, the only one still having a working version for Palm OS and Windows Mobile 2003. The free version of RoboForm Free is available for Windows and Mac OS X, but it is rather limited. The paid version of RoboForm Desktop ($ 29.95) removes many restrictions. But the most interesting is the RoboForm Everywhere package ($ 19.95 per year), which offers full use of desktop versions for Windows and Mac OS X, plugins for full integration with Firefox and Chrome, as well as automatic cloud-based database synchronization between all versions.

    The RoboForm database is encrypted according to the AES-256 standard, and in all versions of the program it is stored on the local computer. When using RoboForm Everywhere, the database is also located on RoboForm servers.

    In addition to the major versions, RoboForm offers applications for many mobile platforms. These include iOS, Android, BlackBerry, Windows Mobile (6.x, 5, 2003, and even Pocket PC 2000 and 2002), Palm OS and Symbian. The iOS and Android versions support cloud synchronization and require a RoboForm Everywer subscription. All other mobile versions are synchronized with desktop versions using additional software.

    Also, RoboForm is only one of two programs in the review with a separate plugin (or rather, even two) for the Opera browser on Windows, Mac OS X and Linux.

    Lastpass


    imageLastPass is a fairly well-known cloud-based password storage service. The basic version of LastPass is free; premium package costs $ 1 per month.

    LastPass has perhaps the widest range of features in this review. The service is available on Windows, OS X and Linux on all major browsers (IE, Firefox, Chrome, Opera, Safari). LastPass for Apps is also available on Windows, allowing you to automatically store passwords from any application. Password database management is also possible through the web interface on the LastPass website. For Windows there is a Portable client with the ability to download databases for backup storage and offline use.

    Since LastPass is a cloud service, the database is constantly stored on LastPass servers. Synchronization as such is not required. Along with convenience, storing the database on servers is also a risk: not so long ago, LastPass was hacked (according to rumors), and the service owners suggested many clients change their master passwords. The LastPass database, as in most other programs in the review, is encrypted with AES-256.

    LastPass offers an extensive selection of clients for mobile devices: iOS, Android (with additional applications for Dolphin HD and Firefox Mobile browsers), WM Classic, Windows Phone 7, BlackBerry and HP / Palm WebOS. All mobile versions of LastPass (except iPad) require a LastPass Premium subscription.

    Summary table

    image Keepassimage eWalletimage 1Passwordimage Roboformimage Lastpass
    basic information
    LicenseGPL v2Proprietary
    Costis freefrom $ 9.99from $ 39,99is freeis free
    Synchronizationmanual (file)manualDropboxcloud ($)cloud
    EncryptionAES-256AES-256AES-128AES-256AES-256
    Portable versionthere isnotnotthere isthere is
    Browser Integration
    image Mozilla firefoxWindowsMac OS XLinuxWindowsWindowsMac OS XWindowsMac OS XLinuxWindowsMac OS XLinux
    image Google chromeWindowsMac OS XLinuxWindowsWindowsMac OS XWindowsMac OS XLinuxWindowsMac OS XLinux
    image Internet explorerWindowsWindowsWindowsWindowsWindows
    image OperaWindowsMac OS XLinux--WindowsMac OS XLinuxWindowsMac OS XLinux
    image Apple safari-Mac OS XMac OS XWindowsMac OS XWindowsMac OS X
    image Camino--Mac OS X--
    Mobile Support
    image iOSyesyesyesyesyes
    image Androidyesyesyesyesyes
    image Blackberryyesyesnoyesyes
    image Windows mobileyesyesnoyesyes
    image Windows Phone 7yesnonoyesyes
    image WebOSnonononoyes
    image Symbiannononoyesyes
    image J2meyesnononono


    Have you noticed an inaccuracy in the review or want to suggest adding a program? Write PM.
    Tags:

    Also popular now: