The days of widespread, biometric-based security (voice recognition, fingerprint reading, eye scanning, etc.) are coming, but passwords are still required in many organizations and at most websites. The problem: How do I manage (let alone remember) all of the different usernames and passwords I have out there?
Personally, I use Tasks within Microsoft Outlook, which is secured by my network login: Within a folder I titled “Usernames”, I create a task for each application and website and then copy-in the date and user information. This limits my “need to remember” to only one complex password (my network login). However, I must have access to my Outlook account to retrieve all other user information.
There are better tools called password managers. These are software applications that “help a user organize passwords and PIN codes”1, which are held in a secure, encrypted file or database. Many include the ability to automatically fill-in a form-based webpage with the username, password, and any other login credentials.
Most password managers can be categorized thus:
- PC based – Application running on your PC
- Mobile based – Application running on your tablet or smartphone
- Token-based – Requires a separate smartcard, memory stick, or similar device to authenticate
- Web-based – Credentials are located at a website and must be viewed and/or copied from this site
- Cloud-based – Credentials are web-based, but are securely transferred for processing to an application running on your PC or mobile device
Most password managers are hybrids and many fit into two or more categories, but all share one trait: You still need a master password to access your information (although some offer two-factor authentication).
Important characteristics include:
- Access – Accessible from all devices and browsers
- Detect – Automatically detect and save from any account
- Secure – Advanced encryption, two-factor authentication, etc.
Pricing varies from free (for the slimmed-down, single-device versions) to annual subscriptions that range from $9.95 to $49.99 per year.
Several publications2 have reviewed password managers; the top performers:
- LastPass 3.0 – Cloud-based and powerful yet flexible; free version available, but upgrade (at $12/year) to LastPass Premium for mobile-device support
- DashLane 2.0 – Feature laden with an easy-to-use interface; free version, but $29.95/year to synchronize all devices and get priority support
- RoboForm Everywhere 7.0 – Cloud-based at $9.95 for first year
Other password managers (in alphabetical order):
- 1Password for Windows – $49.99 per user
- F-secure Key – $15.95
- Handy Password – Starts at $29.92
- KeePass – Free
- Keeper – Subscription at $9.99/year
- My1login – Free for 1 to 3 users; $22 for 4 to 10 users
- Password Box – Free version with subscription at $12.00/year
- Password Genie 4.0 – Subscription at $15.00/year
- PassPack – Free version with subscription at $12.00/year
- PasswordWallet – $20.00
I like LastPass; the free version is easy to use and my login data is available from anywhere (with Internet access). Plus, I like having the application locally on my PC (even though my data is stored at LastPass in encrypted format).
1. Taken from Wikipedia at http://en.wikipedia.org/wiki/Password_manager.
2. Recent password managers reviews:
- Visit http://online-password-manager-review.toptenreviews.com/ to receive the top-10 selections from 10TopTenReviews.
- Information Week DarkReading section recently reviewed 10 password managers at their site http://www.darkreading.com/risk-management/10-top-password-managers/d/d-id/1109759?.
- Neil J. Rubenking at PC Magazine recently wrote “The Best Password Managers” at http://www.pcmag.com/article2/0,2817,2407168,00.asp.