Imarc

Password Managers: 2014 Heartbleed Edition

Robert Mohns, UX Researcher
Posted on Apr 14, 2014
Lock down Heartbleed!

Password managers, thanks to Heartbleed, are top of mind this week. While nothing can save you from sites with truly idiotic password requirements, a good password manager tool makes it tremendously easier to prevent identity theft and fraud.

Dan wrote about password managers back in 2009, but that's so five years ago. I took an informal poll around the office and here's what iMarcians use today, as well as a few others that are well-reputed.

(Impatient? Jump to the TL;DR.)

1Password:

  • https://agilebits.com/onepassword
  • Platforms: Windows, Mac, Android, iPhone, iPad
  • What's special about it: It does pretty much everything, pretty much everywhere. Very configurable strong password generator; integrates tightly with Chrome, Firefox, Safari and IE; syncs across your devices using Dropbox (or iCloud); insanely deep organization (tags, favorites, folders); secure notes; software licenses; manages and auto-fills credit cards and multiple identifies into web forms. iPhone/iPad version includes a built-in browser, handy for banking.
  • Pros: Powerful, runs on all the big four platforms.
  • Cons: Not cheap. $50 for Windows or Mac, or $70 for a cross-platform bundle. $15 for iPhone/iPad (currently on sale for $9). Also, the Android version is read-only; you can't add and edit new passwords.
  • It's currently on sale for half off the usual price.
  • More iMarcians use 1Password than any other tool.

Password Hash:

  • https://www.pwdhash.com or http://crypto.stanford.edu/PwdHash/
  • Platforms: Firefox, Chrome, Opera, iPhone.
  • What's special about it: Creates a custom password for any website using one password of your choice. Implemented as a browser extension for desktop Firefox, Chrome and Opera.
  • Pros: Free and easy. Very effective at blocking website phishing attacks.
  • Cons: No official mobile support, but there is a $0.99 iPhone app, KeyGrinder, that implements the same algorithm and is thus compatible.
  • One iMarcian uses this.

LastPass:

  • https://lastpass.com
  • Platforms: Browser extensions for Safari, Firefox, Chrome, Opera, Internet Explorer. Native app on Windows Phone, Blackberry OS 7, Blackberry Playbook, Symbian, Android, WebOS.
  • What's special about it: Supports two-factor authentication.
  • Pros: Runs everywhere. Everywhere. If you have one of the great-but-gone WebOS tablets or Blackberry Playbook, LastPass has you covered. Free-as-in-beer for desktop PC/Mac use.
  • Cons: Advertising-supported. Paid subscription is required for mobile access (but at $12/year, it's cheap).
  • One iMarcian uses this.

KeePass:

  • http://www.keepassx.org
  • Platforms: Linux, Windows, Mac
  • What's special about it: It's free-as-in-liberty – GPL 2.0 open source license.
  • Pros:Source code hosted at GitHub. Fork it yourself!
  • Cons: Clunky. Autofill remains an "experimental" feature years after its introduction, and Linux-only.
  • No iMarcians use this.

mSecure:

  • https://msevensoftware.com/home
  • Platforms: Windows, Mac, Android, iPhone, iPad, Windows 8 Phone
  • What's special about it: Optional self-destruct feature to beat brute force attacks. Works on Windows 8 Phone. Syncs using Dropbox.
  • Pros: If you use Windows 8 Phone, this appears to be your best bet. Inexpensive; just $20 for Windows or Mac.
  • Cons: Windows 8 Phone version doesn't yet support Dropbox sync.
  • No iMarcians use this.

Go be forth, be secure, and encryptify:

Aside from picking a tool that supports your computers and/or mobile devices, which you use is largely a matter of personal taste. I suggest…

Power user's delight:1Password or LastPass.

Free as in Beer:LassPass, KeePass or PwdHash.

Free as in Liberty:KeePass or PwdHash

Finally, here is a list of top sites that you should change your password now. Get to it!