Password Manager Reviews

We probably all have many accounts set up on many web sites.  Since it is a very bad practice to use the same password on more that one site,  I have used Password Safe for years for keeping up with accounts and passwords.  I have recently switched to using Lastpass.  Lastpass has a very long list of features.  Here are a few of the features:

  • Automatic form filling, like Roboform
  • One click login - click on the site, it brings it up and logs on for you
  • Synchronizes everywhere - Windows, Mac, Linux, IE, Firefox, Chrome, Safari, iPhone, iPad, Android, Blackberry, Windows Mobile, even Symbian and Palm
  • Generates strong, secure passwords
  • Stores miscellaneous notes

Another great feature is a program called pocket.  This stand alone program will download your entire database and save it locally.  It will also decrypt it and export it to a CSV file.  This means if Lastpass ever goes away, you still have all your data which can be accessed or imported into another password manager.

The best feature is how it stores your data.  Everything is encrypted and decrypted locally and the Lastpass servers never have your key or unencrypted data.  The encryption part of the software is very simple.  It just uses a SHA256 hash of your email address (account) and master password for the encryption key. [more]

This is all free, except the mobile versions require a premium account which costs $12 per year.  There is a 14 day free trial of the mobile versions.

In an attempt to be fair, here are some other password managers.  You may prefer one of these over LastPass, which is what I use and recommend.  I used Password Safe for many years, but it is not multi-platform and there is no synchronization between machines.  KeePass is another nice one, but I have never used it.  Both of these are open source on sourceforge.

Here is a list of some online password managers, with some brief comments about why I did not choose each one (except for the AGPL license).  My "online only" comment means you must access the web site in order to use the passwords stored there.

  • www.agatra.com (no longer supported)
  • www.needmypassword.com (web site out of date, misspellings and grammatical errors, online only)
  • www.passlet.com (cert expired, beta software, online only)
  • www.passpack.com (designed for sharing passwords, subscription priced on number of passwords and shared users, online only)
  • www.spyshakers.com (mainly designed for privacy, requires more setup, online only)
  • www.shibbo.com (either online only or purchase a portable app, does not seem to be maintained - web site from May 2007 said software on usb pendrive "soon available!" and it still says that today, based in Spain, web site not tls encrypted)
  • www.clipperz.com (online only, seems to beta, main web site not tls encrypted, most of the source is AGPL v3)

Security and Compliance password Software Utility