The Best Password Managers for PCs, Macs, and Mobile Devices

Thanks to high-profile computer security scares such as the Heartbleed vulnerability and the Target data breach , and to the allegations leveled at the government and cloud providers by Edward Snowden, more of us Internet users are wising up about the security of our information. One of the smarter moves we can make to protect ourselves is to use a password manager. It's one of the easiest too.

1 2 Page 2
Page 2 of 2

PasswordBox bears a number of similarities to Dashlane. Master passwords are neither stored nor transmitted, meaning that password data is secured throughout the process, and password resets are technically impossible. PasswordBox even takes extra steps to ensure the security of your information in other ways, such as PCI-compliant data centers and providing the ability to send the company encrypted email using the PGP key published on its website.

PasswordBox is currently missing some of the features available in Dashlane, such as two-factor authentication, but both two-factor and fingerprint-based authentication are reportedly coming soon. You can read about the security measures PasswordBox uses to safeguard password data in the company's security whitepaper.

PasswordBox does not use stand-alone client programs on Windows and Mac, opting instead for browser plug-ins (Chrome, Firefox, and Internet Explorer), but mobile apps are available for both iOS and Android. Another minor oddity: PasswordBox doesn't offer a Web app to view or edit passwords or manage your account -- everything is handled via mobile app or browser plug-in.

PasswordBox is priced competitively with the other cloud-based password managers. Free accounts support up to 25 stored passwords, including synchronization and full sharing capabilities. Premium accounts cost $12 per year and give you unlimited password storage. Referring five friends nets you a premium account for life.

PasswordBox allows users (free or premium) to share saved log-in information seamlessly between accounts, even without the passwords being visible. Shared log-ins persist even through password changes, and they can be revoked at any time. An interesting and unique feature of PasswordBox is the Legacy Locker, which allows you to designate one or more responsible parties who get access to your account information in the event of your death. Account transfers using Legacy Locker are not performed until a death certificate is provided and validated.

For truly cutting-edge security, PasswordBox has partnered with the soon-to-be-released Nymi authentication device. The Nymi wristband measures your cardiac rhythm to offer three-factor authentication to PasswordBox -- using your master password (something you know), your Nymi wristband (something you have), and your heartbeat (something you are). The Nymi can be pre-ordered for $79, and it will include a premium PasswordBox account for life.

SplashID Safe

SplashID has been in the password manager business for years. Its product, SplashID Safe, has been particularly popular on mobile devices. Currently SplashID Safe supports access through the Web and client apps for Windows desktop, Windows 8, Mac, iOS, Android, Blackberry 10, and Windows Phone.

Where other password managers are either local or cloud-based, SplashID Safe supports either option. The SplashID cloud service allows you to synchronize your password vault over the Internet for $1.99 per month or $19.99 per year. For users who don't want to store their password vault in the cloud, SplashID is available in a version that supports manual synchronization over Wi-Fi (for a one-time cost of $29.99) or a no-sync version for $9.99.

For an additional $5 per user per month, families or businesses can leverage SplashID Safe Teams edition, which adds an admin panel that allows you to control who has access to each record, either by assigning a record to an individual user or a group of users. Note that the Windows 8 client is not currently supported in the Teams edition.

SplashID Safe has at least one feature we wish all the cloud-based services would implement: the ability to configure a login as local only, giving you the ability to prevent your most sensitive data from being stored on the Internet. The idea is that if you have certain login information or other sensitive data you don't trust to the Internet, you can prevent this information from being uploaded to SplashID's servers.

SplashID Safe lets users share login information by sending an email containing a link to retrieve the information. Links to shared information are secured with a password (which can be included in the email or shared using another method), are valid for only 24 hours, and expire after the first use.

Two-factor support in SplashID only provides an extra layer of security when registering a new device (not on each login), requiring you to enter a six-digit code sent via email. While a registered device paired with a password technically meets the definition of two-factor authentication (something you have and something you know), it's not quite up to par with services offering support for Google Authenticator or other two-factor methods. SplashID Safe offers a pattern unlock feature as an alternative to a master password, but I found this feature to be somewhat inconsistent.

Other contenders

It's always nice when a security product is backed by a brand synonymous with computer security, and Symantec's Norton Identity Safe certainly has that factor in its favor. Identity Safe has another plus: It's completely free. You have a number of free password managers to choose from, but none are cloud services operated by a software vendor with a level of trust built up over decades. Norton Identity Safe used to be part of a Norton security suite, but it's now a stand-alone service with a Web front end and clients for Windows, iOS, and Android.

RoboForm is a popular password manager and form filler, but it falls short of the leading contenders on a few counts. Though it offers synchronization across multiple platforms, there is no Web app, two-factor authentication, or sharing capability. Individual RoboForm desktop licenses can be purchased outright for Mac or PC at a price of $29.95, and a Windows portable version for USB storage is available for $39.95. RoboForm also offers subscription-based licensing for $19.95 per year, which provides synchronization and access through mobile apps on iOS, Android, Windows 8, and Windows Phone.

KeePass isn't the only open source password manager. There's also Password Safe, currently available for Windows in both installable and portable versions, and for Linux in a beta version. Password Safe is not nearly as feature-rich or mature as KeePass, and I'd be hard-pressed to give you a reason to use it over its big brother. That said, Password Safe is a viable alternative, and if all you need is a local password manager, the decision may come down to which program you find easier to use. The result may be Password Safe.

My1Login has both a free version, supported through advertisements and affiliate links to partner sites, and a pro version, which eliminates the ads and affiliate links for $2 per month. My1Login offers features commonly found in the other contenders such as secure sharing and strong password generation. The problem with My1Login is that the entire service is Web-based, with mobile support coming through the mobile Web app only. While My1Login is enthusiastic about the minimal setup requirements due to the lack of client applications, I find this method to be more difficult to use in the long term.

Keeper Backup is full-featured password manager supporting multiple client platforms, including Mac, Windows, iOS, Android, and Windows Phone. Security features offered by Keeper Backup include two-factor authentication and secure sharing. Keeper offers three pricing tiers, starting with a free edition that supports one device, no sharing, and a limited amount of data. Keeper Backup provides unlimited storage, access to the Keeper Web app, secure sharing, and access to the support team for $9.99 per year. Backup Unlimited adds support for synchronization across devices for a heftier $29.99 per year.

Trend Micro's DirectPass has a free option that supports only five passwords. Trend Micro's subscription service, which costs $14.95 for one year or $24.95 for two years, supports an unlimited number of passwords and devices. Desktop clients are available for both PC and Mac, and mobile clients are available for iOS and Android. While there's nothing wrong with DirectPass, it doesn't match other competitors in features or polish.

This story, "The Best Password Managers for PCs, Macs, and Mobile Devices" was originally published by InfoWorld.

Copyright © 2014 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
Discover what your peers are reading. Sign up for our FREE email newsletters today!