Comparing two excellent password management tools
If you struggle to remember your passwords, be sure to check out these excellent – and free – tools.
Like me, you probably have a mass of password-protected online accounts – email, Facebook, online stores, online banking, PayPal, eBay, web forums, etc., etc., etc. Best practice says you should use strong passwords and that each account should have a unique password. Okay, but this leads to an obvious problem: how the heck do you remember a multitude of complex passwords like ?lACpAs56IKMs”? And it’s this very problem that causes people to use simple, easy-to-remember passwords – such as “password”! There are, however, a couple of solutions. One option is to write your passwords down and keep the list in a secure place (no, a post-it note attached to your monitor is not a secure place!). While there is nothing wrong with this approach, it’s not particularly convenient. A better option is to use a password manager such as the excellent KeePass or LastPass (which I’ve briefly mentioned before in this post).
Comparing LastPass with KeePass
KeePass and LastPass are both completely free applications with a similar set of features. Basically, what these applications do is remember your passwords and store them in an encrypted database behind one master password.
Both can import from other password management applications, both can auto fill password fields in web forms and both can automatically create strong passwords for you to use. There are, however, some differences worth noting.
Firstly, KeePass is open source like Linux while LastPass is closed source like Windows. This may lead some people to conclude that KeePass is the more secure of the two, but that may not be the case at all – Is Open Source Software More Secure?
Another key difference is that LastPass stores your passwords online whereas KeePass does not. While some people may not be entirely comfortable with their passwords being stored on the LastPass servers, it’s important to note that the data is encrypted before it leaves your computer and can only be decrypted by somebody who knows your master password. Further, online password storage enables you to keep your passwords synchronized between multiple computers – something that KeePass cannot (natively) do.
Finally, while both applications are very easy to use, LastPass is probably somewhat easier. While both applications can fill forms, with KeePass the process is not entirely automatic but achieved via hot keys or copy and paste. With LastPass, however, the process can be entirely automated and you can set it to log you into a particular site as soon as you land on it.
Which is better, KeePass or LastPass?
Which should you choose? You really can’t go wrong with either, but KeePass probably has slightly more geek appeal while LastPass is probably the best bet for people who are looking for the most straightforward solution possible.
If you know of any other great password managers or have a password security tip that’d you like to share, please leave a comment!
My personal favority is PasswordSafe. http://passwordsafe.sourceforge.net/. Also open source, also free. The original version had input from cryptographer Bruce Schneier.
Why isn’t the best one of the bunch 1Password by Agile mentioned?
Hi Brandon,
Thanks for your comment. I was comparing two free options. 1Password costs $39.95.
Cheers,
Rhonda
And if you want 1password to run on your desktop and your iPhone, it will cost you even more
Secret Server is free for a single user. It is a enterprise ready password manager with browser integration and support from web, iPhone and BlackBerry. My IT team uses it to manage all of our passwords.
http://www.thycotic.com/products_secretserver_overview.html
or search for “Secret Server” in the app store.
Thanks,Rhonda,your article on KeePass/LastPass,was quite useful as I’m
struggling as to what to about my mountain of passwords.
You’re very welcome Matthew! :)
[...] This post was mentioned on Twitter by OpenDNS and Rhonda Callow, Sync Blog. Sync Blog said: Comparing two excellent password management tools http://bit.ly/c4N902 [...]
i’m using KeePass. great peace of software.
I liked both programs, extremely useful and costless. They are well made unlike some of the alternatives I have found.
That being said I have used Keepass first for a while, but as Rhonda Callow has mentioned, it is more of a hotkey use program.
I switched over to Lastpass and I’ll never look back. The ease of use for this program is excellent remember all your passwords that are randomly generated.
I’ll always keep a spot on my harddrive for keepass, they have done a good job as well.
I feel that some key features of LastPass were missed in this post.
For example:
- Multi factor authentication. Last pass offer two features for this, one using an off the shelf USB key and the other using the Yubikey “one time password” product.
- Password strength review. LastPass has a feature that checks all your existing passwords for their length and complexity and gives you a report as to how secure you are.
- Bookmarklets. LastPass has the feature of adding a bookmark that does not need the lastpass software installed. This then enables lastpass to be used on browsers that won’t run LastPass plugins. (such as the iPhone and iPad)
In addition for a tiny fee ($12pa) you can get extended features such as an iPhone or iPad app to keep your passwords with you on the go.
For me there is no comparison. LastPass wins, hands down.
Logaway.com is by far the best out of ANY free online password manager.
I’ma big fan of 1Password a version for Windows has Bernard annouced and is in beta right now
Creating and remembering good passwords is really very simple and only requires either learning by rote or creating an acronym from a story that only you know, is fictional (that is best) and contains alphanumerics, the better the mix the higher the protection. Unfortunately, the very limited characters allowed highly curtail creativity but the following are for illustrative purposes. Create your own code as I did as a child that my mother had to decipher otherwise I did not have to eat my squash at dinner. I never ate squash; I do love all manner of squash today, much to her amusement.
Punctuation does not matter.
My wicked Mother inlaw Spreads a Web of Woe She Gave me 200 Dollars 2 buy Shoes I Love My Mother inlaw.
Becomes:
MwMinlawSaWofWSGme200D2buySILMMinlaw
Or:
I walk to school 2 Km 5 Days Per Week Taking 20 Minutes for a total of 200 Minutes Per Week 800 Minutes Per Month I Want MY Life Back.
Becomes:
Iw2S2Km5DPWT20M4aTof200MPW800MPMIWmyLb
Stories are all around you everyday events, home and life. That or marry a geek who will remember all your alphanumerics and special character passwords and passphrases for you.
Rhonda, real geeks do not use password keepers, lol :)
Unfortunately Lastpass does not support Opera.
too bad.
It is rather because Opera has a very limited support for add-ons in general.
/nod
This may sound silly but this is the one reason why Opera is not my main browser.
LastPass does work with Opera! They use things they call “Bookmarklets” that run some script on your page to enter your passwords.
These can be used on either unsupported browsers or on systems you don’t want, or can’t, install the app on.
These can then be deactivated from the LastPass website if you are worried about leaving them on unsecue systems.
Any opinions about “Roboform” ?
keePass is excellent. Not sure why anyone would want to store their passwords on someone else’s server even if it is encrypted.
Until it is shown to be unsafe or better encryption methods are used why would anyone change, after all its all about security.
SingleGeek,
good points there :) However it is not about remembering passwords alone. You could use password manager software to store other secret info such as bank account numbers (which some bank websites ask you in order to log you in), 16-digit credit card numbers etc. You probably dont want to store these in plain text on your computer. If it is just about passwords, I agree with you in that using a mental trick is a great idea.
I wish Google docs can help you store encrypted documents which will decrypt on the fly on the laptop where you browse and not save any unencrypted info anywhere. If this was the case, I would use such a doc for all the secure info, and just use a mental trick to remember the passwords and pin numbers.
I suppose password managers can help you stay more organized. I remember the time when I lost my wallet which contained many credit cards. I did not remember the 16 digit number for all of them, let alone the ‘lost card’ help line number for each of them.
Also, with brain cells dying with age and too much alcohol, I dont fully rely on my memory anymore. It has a habit of conveniently forgetting stuff just when I need it :)
Just my $0.02
What I use is Sticky Password manager and it bring whole lot of new functions like application support so I can use it also with my Skype and QiP messengers.
try ‘Password Plus’
looks pretty good.
Although it sounds like LastPass is simpler…
LastPass has PAID versions for many smart mobile phones.
KeePass has FREE ports to many smart mobile phones.
This article and thread were intended to be about FREE password managers.
People have mentioned Sticky Password Manager and Passwords Plus but they are both $30 each.
Keepass, Lastpass… I’m using Paranotic Password Manager – really very useful. Portable version, click-to-copy passwords, logins and ect. FREE TEXT NOTES FORMAT! No need to fill predefined fields! Daily backup data – you allways can restore your data file if you lost it. Recommend!
I used Keypass for a long time but have recently partially switched to using Lastpass. Why? Because Lastpass, with its add-ins for Firefox and Chrome is so much easier than using copy-paste keystrokes (KeeFox was a fairly good attempt at doing this with Keypass, but I never got it to be so user-friendly as LastPass, plus it doesn’t work with Chrome).
Why only partially switched over? Because LastPass is great for storing web login passwords, but its offline editing access is poor, so it is less good for storing important information that you may need to access and update offline, like PIN codes, account numbers, contact numbers etc. They do have options for doing this – like a standalone browser plug-in (which doesn’t sync when you go back online very well, in my experience) or “lastpass pocket” (which is read-only, and the responses on the LastPass forums imply it may not be supported in future)
So I use Lastpass for my web logins, and retain a Keepass database (synchronised online for multi-site access using dropbox, also free) for important info I may need access to offline.
If Lastpass offered better offline access, it would be no contest, IMHO (unless you are concerned about storing your data online in the first place!)
They are both only as secure as the single master password you use though!
I have been using the trial version of 1Password, and wanted to try some free alternatives before making a commitment. These sound like they are definitely worth a look. Thank you for a very helpful article!