Software

Five free and secure password management apps

Maintaining a large assortment of strong passwords is a challenge. Here are some apps that make the task more manageable.

IT pros keep a lot of information stored in their brains. Some of that information is passwords. I can't tell you how many times I've seen administrators have to nearly crack their heads on their desk to get a password to ooze out. I've even seen a Windows SBS box sit, unable to be maintained, because no one could remember the password.

That's a silly mistake, especially when there are so many applications out there created for the management of passwords. I'm going to introduce you to five such applications -- each of which does a great job of storing your passwords and won't set you back a single penny. Now you won't have any excuse for forgetting those passwords.

Note: This list is also available as a photo gallery.

1: Password Gorilla

Password Gorilla (Figure A) is a simple cross-platform application that helps you manage your logins. It stores user names, passwords, login information, and miscellaneous notes in a securely encrypted file. In typical fashion, a single master password is used to protect the encrypted file that contains the password database. Password Gorilla is fairly stripped down, without many bells and whistles. It does one thing and does it well.

Figure A

Password Gorilla

2: KeePass

KeePass (Figure B) offers quite a list of features for a single-minded application. It's cross platform and open source, and it offers strong security, multiple user keys, a portable (no install) version, export/import in various formats, database transfer, password groups, time fields and entry attachments, auto-type/global auto-type hot key, drag and drop, secure clipboard handling, search and sort, a strong random password generator, and plug-ins.

Figure B

KeePass

3: KeePassX

KeePassX (Figure C) is a cross-platform open source tool that rivals KeePass. It offers extensive management features and enables you to search in specific groups or in the complete database. You can access the KeePassX database using a password and/or a key file. KeePassX provides a customizable password generator and a password quality indicator. It uses Advanced Encryption Standard (AES) or the Twofish algorithm.

Figure C

KeePassX

4: Passpack

Passpack (Figure D) is an online password manager that offers free and paid accounts. The free account limits the number of passwords you can keep. Although some might balk at the idea of keeping passwords online, Passpack has been around and vetted by plenty of large companies. It allows you to share passwords on a need-to-know basis (free account limited to one user share). Passpack also has a unique feature -- the Passpack It! button -- which allows you one-click entry into many sites requiring authentication.

Figure D

Passpack

5: Clipperz

Clipperz is another online password management site designed to keep track of your myriad passwords. It stores each entry in the form of a card. You can create cards for Web, bank account, custom, and direct login (Figure E). Clipperz also offers a Compact edition that works as a sidebar for the Firefox browser. And you can install a bookmarklet so that adding a new card is as simple as clicking the button in the browser (without having to go to your Clipperz account) and adding the information.

Figure E

Clipperz

Take your pick

There are plenty of password management applications out there to choose from. The five listed here will get the job done and get it done for free. Each of these applications offers enough security to ease the mind of most IT pros looking for a safe environment for their passwords. Give one (or two) of these a try and see if it fits your needs.

About

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website getjackd.net.

42 comments
stevew
stevew

I love the idea of having a master password "program", but I shudder to think of the ramifications of losing the MASTER. Personally, I have an encrypted file which, even when printed out would be a challenge for anyone to figure out my passwords. Again, not impossible, but better than leaving them out in plain text. I guess nothing is ever 100% secure.

JesseGast
JesseGast

I believe free till Oct 1. And if you have it, free upgrades.

thomas.wilson
thomas.wilson

1. I have also seen systems go unmaintained because the admin password was lost to personnel turnover or other lack of foresight. Forgive an engineer his hardware solutions but when setting up a new system I write down an admin-level username and password on a piece of paper and tape it to the inside of the case. For the security minded , put a padlock on the case - that's sometimes needed to prevent theft anyway. 2. When I finally gave up my beloved HP200LX for a Droid I went looking for a simple text editor that was cross platform and password protected to keep passwords, credit card and banking info, etc. At present I'm using Encrypted Notepad which is available as both an Android and Java app but I'd like something with better find, cut, and paste features. Any suggestions appreciated.!

jreid
jreid

I have used Passpack for about a year and don't know what I would do without it.I have never tried any of he others.

jack.klaber
jack.klaber

Using Lastpass since a while and am very pleased with its performance, even for non-western sites. If I buy the pro-version, I can even use it on my iPhone or Androids.

MarcC67
MarcC67

... but the article does a good job of sharing information about FREE utilities that do a decent job. I still prefer paying for a solution that goes beyond simple password storage, and integrates well with web browsing on desktops and mobile devices.

desertcities
desertcities

I've used and wrote about just about every password manager program out there. And I can honestly say, without a doubt, that LastPass is a superior program that blows away the competition. Lastpass has many features: All of your data is encrypted locally on your PC - only YOU can unlock it. It's multi-platform, Using a Mac, Windows, or Linux? LastPass works everywhere. All of your data is encrypted locally on your PC - only YOU can unlock it. It's FREE, no catches or gimmicks. Indeed, it's free to use on all your computers! I run Lastpass on my iPad, BB, 3 desktops and 2 laptops. It has never failed me. Fills in forms automatically, protects you from phishing sites, generates passwords and a million other things you will simply love. www.lastpass.com

dal765
dal765

.. there's (at least) one feature of Roboform no other pwd manager (including Lastpass) has, of the 10+ I've tried. That is, offer a small prompt displaying the whole password, URL dependent, with the possibility of several (related to different accounts) when.. the (usually 2nd) log in page requires manual fill of randomly selected characters, whether by drop downs or virtual keyboard or even just typing. All financial sites I've seen in the UK use this. Without it, any pwd manager is useless to me. Maybe Lastpass or Keepass have been updated now..

spawnywhippet
spawnywhippet

I use a combination of Password Safe, BoxCryptor and Dropbox to sync my password files across my iPad, iPhone, various Windows machines and Password Gorilla on my Macbook Air, which is compatible with the Password Safe files.

vgascon
vgascon

I have used the free application called PINs. It is portable and very much like KeePass. I have used it for years and it is very reliable. It does run under WINE in Linux, although it is not 100% smooth rendering, but it works.

sparent
sparent

Any iPhone app recommendation?

jbkraut
jbkraut

What is the advantage of the five applications above over Roboform.

jonc2011
jonc2011

Source Forge's Password Safe seems a fine and free program to me. LastPass and Roboform also need a mention.

mperata
mperata

I have found RoboForm, although not free, to be an excellent app

malcolmgdocherty
malcolmgdocherty

I am surprsied that LastPass was not inlcuded in this review. It is free to use on PC/Mac - as many as you like, which is great for synchronisation. You only have to pay (12 US dollars a year) if you want to use it on mobile phone.

McCoyPauley
McCoyPauley

It's cross platform and works with Safari on iPad

rlcohen
rlcohen

I was really expecting to see LastPass in this roundup!

timrush-aero
timrush-aero

I guess I'm always too paranoid that programmer may have put in some little utility to send them your passwords . Without viewing (and understanding) the source, how can you be sure. Short of creating your own... How secure are these things anyway? Especially the browser based ones?

essex133
essex133

Yes, I know what most people still think of Norton and I used to hate it too! But having tried Norton Internet Security in 2010, I found it had changed from being a huge resource hog that tied up everything on your PC including the recycle bin, to being a very effecient, unintrusive security program - complete with an excellent password manager, which automatically offers to save newly created logins and automatically fill login fields when you visit websites. You can also create more then one profile and have one stored on a flash drive for use on a different computer! You can also choose whether it fills forms automatically when you're logged into it or whether it always requires the master password before doing so. And it securely stores all your credit card details in its encrypted vault too. So basically, it does everything that I want from a password manager - and more. Like most password managers, it does ocassionally fail to automatically recognise/save new logins. But as a workaround you can always enter the url and login details manually and it will then fill those forms automatically in future.

suvir
suvir

LastPass is the ultimate. See Steve Gibson and Leo Laporte's podcast transcript or podcast audio show for an in-depth assessment of its features and technology http://www.grc.com/sn/sn-256.htm Mp3 links at the top of the transcript.

Gisabun
Gisabun

Never used either of the ones above. Place i worked at had this password management that was web base and it was a piece of crap [so bad I don't remember the name]. If looking for stand-alone [and portable] application for Windows try, Password Corral. Has 256 bit encryption.

suncruiser
suncruiser

I have been using LastPass for quite awhile now. We use it for both our laptops, tablets and Android phone. Like it lots.

Xyberion1K3
Xyberion1K3

Hey guys, I believe this article is about computer-based password programs. LastPass, RoboForm and other are internet-based; they may be associated with a usual browser. KeePass can log you into your websites, if you put the proper login URL into the box. I have been using LastPass and KeePass for many years. I used RoboForm years ago; however, if you have many passwords, the free version is not for you. I had alot of passwords and had to purchase RoboForm every year. Of course, I only purchased it for 1 year, then switched to LastPass. KeePass and LastPass are the way to go.

Larry3500
Larry3500

Roboform is an online product with both free and paid versions; the free version limits the number of separate PassCards that can be stored. The neatest thing about RoboForm is that it recognizes when you are entering a password manually, and offers to store it for you. Let's say you were on the Tech Republic website and you attempted to access a members-only option. When you entered your user name and password, RoboForm would recognize the fact that your password was not being echoed to your screen (***** was being echoed instead) and would offer to store the URL, your user name, and your password as a PassCard. If you manually enter that same URL, RoboForm recognizes it and enters your user name and password. You also have two-click access to your Tech Republic account. Simply select Tech Repulic from the Logins on the RoboForm toolbar and RoboForm does the rest.

nedfraser
nedfraser

Can't beat this for price (free), availablility (PC and Android), features.

prodeje24
prodeje24

I have installed it on my iPhone, my Win 7 PC and my laptop with Ubuntu. Very simple interface, great sorting features, security and backup options. https://keepersecurity.com

bcasner
bcasner

And yet you managed to miss the online service Gibson Research rated the most secure, LastPass. I switched to it from KeePass and KeePassX.

rMatey
rMatey

One vote for Password Gorilla. Yep, cross platform and secure. Used it for years without any problem.

salemdoc
salemdoc

is passback the only one that will fill in the fields automatically?

dstoltz
dstoltz

I'm surprised you did not review RoboForm - it's one of the leading password management tools out there, and let's you sync all your passwords between PC's, Mobile devices, etc...which is critically important for me. It's also got the auto-login feature, form filling, etc...

ThePickle
ThePickle

It's always easy to spot the ones that are native to Linux because they're so damn ugly.

drwain
drwain

I have been using KeePass for many years now in installed, portable and smartphone versions. Though I cannot comment on the other products in your list KeePass is a must-have in my application suite. Although it has the vaster array of features it is still simple to use and sharing the database between devices is a snap. The smartphone version is a bit clunky on an S60 but that is due to the technology available on the device. 5/5 Word of warning - don't forget your master password!

rkilroy
rkilroy

LastPass - http://lastpass.com/index.php Not free for the iPhone, but only a buck a month. I use the LastPass software on my home machine, bookmarklets at work, the application on my iPod touch, iPad, and Kindle Fire, and the online version when I'm visiting a computer. I also have a Yubikey - http://www.yubico.com/yubikey to provide two factor authentication.

rpb_
rpb_

because it was originally designed/written by Bruce Schneier, I believe. Who knows how strong the security really is in those other ones? Security is very hard to get right.

mekuranda
mekuranda

I used Roboform years ago (still a registered paid user) however they adopted some very poor ethics a little while ago and tricked their supporters in a way that can only be viewed with caution and doubt. Do a search on the multitudes of others who were offended and have changed their allegiances (and software). I agree Roboform was the class leader and convenience was awesome - and nothing I tried came close to be a replacement, until I found LastPass - and while it might not be quite as slick (depending on upgrades status - I think they are jockeying as the web evolves for top spot) - and to make it easier - you can just import all your RoboForm cards.

CopierITGuy
CopierITGuy

'Free' limited trial doesn't truly mean free. Sure, you won't pay anything for it, but it's not a free app. Limited to 10 cards, and it is ad supported. Boo! I'm sure the paid version is great, but I'll stick with KeePass.

admin
admin

Making this even more interesting is the fact that the "Image Gallery" version of this article uses part of the LastPass logo as it's headline image. This article uses "free and secure" in the title, but it doesn't really dive into the security details of the products. It's not so much "The top 5 free, securely-implemented password managers you should consider" as it is "The first 5 free password managers we could think of in a brainstorming session."

Neon Samurai
Neon Samurai

After years of KeepassX, I'm also over on Lastpass these days. Fantastic option.

bowieb
bowieb

I don't know what you were looking at, but Password Safe is completely free and open source. No limits, no ads. The database I use at work has 82 entries. My home database is even larger. The main project is Windows-based, but there are ports for Linux, Mac, iPhone, Android, Blackberry, Windows Mobile, and more.