The recent eBay data breach highlighted the importance of using unique and secure passwords.
Free or $12 a year, on Android, BlackBerry, iOS, Linux, Mac OSX, Windows, Windows Mobile, Phone and Surface
A very capable multi-platform password manager, LastPass can securely sync your passwords across all your browsers and devices. It also provides a secure space for storing notes, it can fill forms, and it supports a range of multifactor authenticators, from hardware tokens to mobile apps.
Its password generator appears when you are creating or updating an account, and in a browser a single save captures both login and password. You can import passwords from a range of other password managers, including browser-based ones, and it now offers a login utility for Windows desktop applications such as Skype. You train the LastPass utility with the application and can then launch that application securely from the LastPass tray icon.
The Android app can log you into apps via pop-up copy/paste buttons if you have Android 4.1 or newer. On Android 4.3 or newer, it can auto-fill your credentials, though on Android Kitkat you still have to press the login button. You can set up mulitple identities for sites and choose which to use. Other mobiles get a secure browser that hooks into your LastPass vault.
For use on a smartphone or tablet, you need a $12 premium subscription; LastPass also offers an enterprise service, complete with single sign-on, credential sharing, and centralised access provisioning and management. You can run it from a USB stick as well, which gives portability and also a way (via the built-in browser) to get around niggles such as locked-down office computers.
Lastly, as usual with these things there is no way to recover your master password – lose or forget it, and it’s game over. But LastPass lets you set a master password reminder, which it will email on request and will hopefully help you remember.
Free or $30 a year on Android, iOS, Mac OSX, Windows
Dashlane is remarkably smooth at automatically logging you in and filling in forms, and it has a number of other useful features, most notably a password audit – install the Firefox plug-in for example, and it pulls your existing credentials out of the browser and will warn you if a password is easily cracked or is also used elsewhere.
If your password is weak, or if you need one for a new site, Dashlane’s browser plug-in can pop up a button that automatically generates a new one-of-a-kind password for you. You can also share passwords or notes in encrypted messages that self-destruct after use.
Dashlane’s mobile apps are pretty smooth too, with features such as autolocking and a PIN code for most unlocks, which saves a lot of typing. There is also a dedicated area for storing your identity information, such as passport or credit card data, and receipts from online shopping – one of Dashlane’s strengths is its support for secure online shopping – and you can add multifactor authentication via Google Authenticator.
Dashlane is free on a single device, but after a 30-day trial of the premium service you have to pay to carry on synchronising across devices or backing up your data online. Premium subscribers also get read-only access to their stored data via the Web. On the downside, Dashlane’s platform support is limited, despite its claim that it “works on all platforms”.
From free up to £21 a year on Android, iOS, Linux, Mac OSX, Windows 8, Windows Phone, Kindle, Nook, Surface
Keeper’s browser plug-ins add padlock icons to username and password entry fields: clicking on these (sequentially, which is a bit clunky) allows you to save the text into Keeper’s database as a new entry, or add it to an existing one. Alternatively, use the Keeper website or desktop application to create new database entries containing the credentials for specific pages or sites.
On mobile devices you log in through the Keeper app, then click a Web address in the vault to open a Keeper browser window with extra buttons containing login credentials. Having to browse through the password manager is odd at first. You could set Keeper as the default browser on your phone, say, but it can’t open links in a new window or tab, nor can it log in via apps (a new version is on the way that will add this ability, according to the developers).
As well as mobile apps, Web access to your vault, and browser extensions for Chrome, Firefox, Safari and Internet Explorer, Keeper has desktop applications for Windows 8, Mac OSX and Linux. The free version supports logins on a single device with no online backup or Web access. Adding the latter for one device is £6.99 a year, and £20.99 a year buys you unlimited devices with synchronisation. It is a capable tool that just needs a little polish.
Dominik Reichl et al
Free on Android, iOS, Linux, Max OSX, Windows, et al.
The big advantage of KeePass is that it is open source so it is free, there are lots of ports for different platforms, and its code can be checked for flaws. The downsides are that some of those ports are not maintained or up to date, and that as is sometimes the case with open source, “some assembly may be required”.
There are good versions for pretty much all the main desktop and mobile platforms, including Windows and platforms that support Mono, which is the open source port of .NET – this means Linux/Unix and Mac OSX.
KeePass keeps your passwords in an encrypted database in your user directory. To make it cross-platform you need to copy or sync this to other platforms, for example by moving it to cloud storage such as Dropbox – though do remember to back it up elsewhere, just in case.
You can launch and autofill website login pages from the KeePass app. Alternatively there are extensions for popular browsers, these proved a little awkward to set up though – we eventually got the Firefox one working well on Windows, but not on Linux.
On Android we tested KeePass2Android, but there are other implementations. KeePass2Android adds its own keyboard to avoid your account credentials being tapped by other apps, and it pops up buttons to insert them for recognised sites. As with all the password managers we tested, this did not always work with mobile-specific sites, but you can securely copy and paste instead.