Security

Five free apps for secure password management

Introduction

Keeping track of lots of passwords can be a challenge. I once saw a Windows SBS box sit, unable to be maintained, because no one could remember the password. That was a silly mistake, especially when so many applications are available to help with password management. I'm going to introduce you to five such applications -- each of which does a great job of storing your passwords and won't set you back a single penny.

Note: If you'd prefer to view this information as a blog post, check out this entry in our Five Apps blog.

Photo: iStockphoto.com/PashaIgnatov

About

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website getjackd.net.

41 comments
curiuoskevin
curiuoskevin

I see by other commenters, that I'm not the only one who noticed you did not include LastPass.....(Maybe my all time favorite app!)....Why not? Also, Roboform was not mentioned. Are they not in the top 5?....I admit I don't have actual experience with using all of them, but I did do research on most before deciding which to use, and I found that many of them, unlike LastPass, don't offer in their frees versions unlimited storage, as well as a great many useful features that would you would need to pay for in some of other programs....In fact I feel guilty about not getting the paid version of LastPass, since I rely on it so heavily! (I have well over 600 passwords and secure notes, as well as many other things stored.) I keep telling myself I will upgrade eventually...I love this app, I cannot say enough good things about it!.... As for it's security measures, I have great confidence, after doing much research and reading many independent evaluations by some very qualified people....Kevin.

dkiehl777
dkiehl777

I use LastPass and it seems to work well most of the time (sometimes doesn't want to load up with the browser, and can be a pain to get it started again). I know that the article was just to provide some additional options, and I appreciate that. But perhaps a comparison of the top 5 or six of these apps could be presented to help us determine which one might best meet our individual needs, rather than each of us having to install / configure / uninstall / start over with a new one multiple times. Just a thought.

JGSecurity
JGSecurity

When you are trusting some "app" with all your passwords you'd be a fool to use anything but Lastpass as I have tested the encryption used with the others and none of them are as secure as the 2000 iteration offering that Lastpass that offers in encrypting your master password. I've had several people get compromised after using Roboform and Keepass. They often had less than 9 character passwords, but I've never had a customer have a complaint about Lastpass.

tech.systems
tech.systems

I've been lookig at recommending a password manager for use in our office. However, there is one stumbling block that I would like to know how people deal with. How do you manage sites that employees may use for business purposes and then they leave the company or are fired? How does the company manage and track these credentials without having to keep a separate list? One might say that the employee could give the employer the master login, but then they are trusting the employer with potential personal sites that no employer wants as a responsibility and no employee wants to share. Having two password managers is not likely to work either. Is there a password manager that can have two separate accounts, one for business and one for personal? Then the employe can share the master password for the business side while keeping the personal side to themselves.

ibmtech
ibmtech

I vote for Password Safe as well. I have used it for several years, on XP, Vista and now Win7 x64. Works great - lots of features. Works with a YubiKey, and has a portable and U3 version as well. Surprised you missed it!

ja57_usa
ja57_usa

I used Roboform both free and paid versions, was happy with the online applet, but when they started charging for updates,i switched to Lastpass and have been using that one for a good while. Would have liked to have stayed with Roboform, but i'm very satisfied with Lastpass, I give it two thumbs up!!

maa
maa

Not including LastPass, at least as a ref makes this article useless for me.

Cicuta2011
Cicuta2011

The problem with users is that they become a bottleneck because of their stupidity. In a secure environment, password management applications are the worst security risk in any organization. Passwords are supposed to be changed every 90 days anyway in a secure environment. Passwords management applications introduce a risk also but seem to me that windows people don't know jack about secure environments.

AnotherDoid
AnotherDoid

I have been using this for a while and it it well worth trying. The team is very reactive to feedback and is improving it all the time. Apple app available now as well. I stopped using Roboform after they reneged on my 'lifetime subscription'.

rMatey
rMatey

Password Gorilla is what I use. It's cross-platform compatible, and it securely encrypts the database. All you need to do is copy the database from system to system.

Cynyster
Cynyster

I have been using Roboform for years. It has so many features in addition to just simply storing passwords it is not funny. The feature I use the most are: Internet Shortcuts/Bookmarks, Password Generator, Secure Notes (like evernotes), Web Form Filler. Multiple Search Engines. All with Multiple user and multiple identities capability. Like I said.. not free. But you can store the program and data on an encrypted thumb drive (like I do with Truecrypt) and use the program on any computer you plug the chip into. If you have several thousand bookmarks, several hundred logins, and hundred of notes like I do as a Net Admin. There is nothing better.

breathe
breathe

I've used many different password managers over the years and I keep coming back to KeePass. Aside from the many built-in features (e.g., password strength indicator, multiple databases each with separate passwords, etc.), two of its strongest features are the many plugins to extend its functionality and its compatibility with versions for the iPhone and iPad which you can sync together so you only need to update your database file once. As for the cloud-based password managers, I'm reluctant to use something like that due to the current security vulnerabilities inherent in cloud-based apps. What better type of hacker target than an online password storage site.

tony_ansley
tony_ansley

I have been using RF7 for almost a decade and it works really well. Cross platform, has options for cloud storage as well as local, zero footprint version, form completion, Windows, OSX, Android, and iOS all sharing the cloud sync of passwords. Love it

simonh
simonh

As many others have now pointed out a glaring omission of this great password app!

oblivion62
oblivion62

While Lastpass Premium adds a few bells and whistles (like an Android plugin) the free version of Lastpass is, in every respect I care about, superior to everything you name I've tested and, like other commenters, am astonished that it didn't get a mention.

mrpekarik
mrpekarik

I've been using PasswordSafe for years. It works great and I can keep my encrypted database on a USB stick. Unfortunately there is no WP7.x version.

mcrin
mcrin

Another shout out for Password Safe...very easy to use and (as far as I know) there is no limit to the number of passwords you can create.

roger
roger

What a mess the Tech Republic home page has become. I got tired of looking for the meat and clicking through a million screenshots. Finally gave up. BTW I think all of these free managers are crap. Roboform is overpriced but it works well.

dgraves
dgraves

Started using it recently on a reccomendation of a colleague. Easy, works and uses cloud so it travels with you to different platforms.

mikebk824
mikebk824

Which platforms does a password manager need to run on for you to mark it "cross platform"? Mike

avillar
avillar

What do you think about Roboform? Is one of those free password manager better than roboform? if so, please, tell me to try it.

giff
giff

The basic app is free and only $12/yr for advanced services (all major mobile phone OS'es) https://lastpass.com/features_compare.php Been using for years. Simple, effective and comprehensive. No, I don't work for or own any stock in lastpass

sightsandsounds
sightsandsounds

These look good, I recently tried keepass, but it was way too complicated,,, (4 me). I gave up after most I looked at werent "free", and I didnt want to waste time on it,, You helped ! thanks

DavidN2012
DavidN2012

I keepass across Windows, iPhone, Android and iPad Works well

linkerm
linkerm

I use Roboform with synchronising to othe PCs and iphone

Gaz68
Gaz68

Surprised you didn't include something like Lastpass. I used it for quite a while. Moved onto my1login now which is a new one.

mirekturon
mirekturon

I have never used those apps, I have used built in Symantec password manager before, but after I switched to free MS Security Essentially I needed some other password manager with similar functionality and LastPass has been great. I like all the major browsers extensions which automatically fill out your login and password. I can use it on Windows as well as on Ubuntu. I love the possibility of securing your master password with Google Authenticator, it's great app, I'm surprised you haven't included it.

jminifie
jminifie

I've been using the free application, Lastpass, for years. Surprised you didn't include it here.

juanpablobernal
juanpablobernal

I use SecuStore... it is a great app!.. it was originally desinged for webOS but now it has jumped platforms and it available for iOS and chrome!

jim
jim

JG Security, While I've already stated my preference is Password Safe, I'm always open to learning. Did you / your company perform the encryption testing you mentioned on PW Safe? Thanks!

jim
jim

That is one reason why I have used Password Safe for years. I have one application with multiple accounts - had one for Coast Guard (with only that account loaded on my CG PC), one for work (with only that account loaded on the work PC), and one for personal that is on each of my 5 home PCs / laptops. All 3 account data files were on a 3 1/2 disk, now a flashdrive, for mobility. I have had PW Safe vetted by security teams at CG and at work with no issues identified - although no one else had my master login since anyone leaving the company had their accounts immediately removed and the passwords would no longer be valid anyway. Managers needing access to an ex (or current) employee's files had to go through a detailed security approval process to recover / gain access to any necessary files.

curiuoskevin
curiuoskevin

I am soooo in agreement with you!!...I listened to an hour long post by a guy who has been in the IT industry for something like 35 years, and he was tasked with investigating every aspect of LastPass, his report on it's security measures was glowing beyond belief! (He was an independent reporter, no ties to the company whatsoever, I wish I could find the link to this webinar, but it was so long ago) The information stored in Lastpass is encrypted both ways, even the people at LastPass do not have access to your master password (That is why it is unrecoverable if you forget it.), and with multi-factor authentication enabled it is even more secure. I had confidence in LastPass when I did my own research and after listening to this guy I have even greater confidence. I absolutely could not do without LastPass since I started using it about 5 years ago....My passwords are typically 40-100 characters long (Usually only limited by the website's password requirements), using a mixture of upper and lower case letters, numbers and symbols, for over 500 sites and services....and I never use the same passwords for any of them, and while I realize this may be overkill, it makes me feel safer! I often test the PW strength by typing it into "How secure is my password" (http://howsecureismypassword.net/) site to see how many years it would require a computer to crack it!....I use multiple browsers and OSes, and most accept the LassPass plugins, I store all of my software licenses, card, medical, database, router, networking info....you name it!...LastPass has become my go-to app for just about everything....even replacing my own memory!..If I had to keep only one program, it would likely be LastPass!....Kevin.

NickNielsen
NickNielsen moderator

is in the note immediately under the Introduction paragraph: [i]Note: If you'd prefer to view this information as a blog post, check out [u]this entry[/u] in our Five Apps blog.[/i]

jonc2011
jonc2011

I have used Password Safe for many years. Use it to store all my data, passport numbers etc, not just passwords - 283 items. Very user friendly.

JCitizen
JCitizen

along with RoboForm free.