Best Password Manager In 2017 – Review And Comparison
The most important information
- Password Managers relieve the user of creating and managing secure passwords.
- A secure password consists of at least twelve characters and contains letters, numbers and special characters.
- Users of a password manager only need to remember a master password, the software takes care of the rest.
1. What do I need a password manager for?
Whoever is active online usually needs a whole range of passwords, for example for social media accounts, user accounts in online shops, e-mail accounts or online banking. These passwords are used to protect the user’s privacy and (for example, in the case of online banking) even the financial existence of the user. Cybercriminals are constantly developing new ways to crack passwords and gain access to sensitive user data. For this reason, it is particularly important to use an individual password for each access and to replace it regularly (approximately every three months) with a new one. In addition, the passwords used ideally contain upper and lower case letters, numbers and special characters and are at least twelve characters long. Of course, such passwords are much harder to remember than your own date of birth or your pet’s name. And of course it is possible to write down the passwords with pen and paper. However, this option does not represent an optimal solution: A note can get lost quickly, fall into the wrong hands or be especially not ready when you need a password.
Password management support
To ensure that consumers do not resort to simple passwords for the sake of convenience or forgetfulness, that they do not use the same password for all accounts, or that they are constantly faced with the problem of not being able to remember the correct password, we strongly recommend using a password manager. This is a computer program that stores and manages passwords and often other personal data securely encrypted. Password managers use recognized techniques for encryption: At present, AES-256-bit encryption is somewhat standard.
Among other things, cyber criminals try to gain access to the personal access data of users through so-called phishing (interception of personal data by fake e-mails, short messages or websites). According to a study by the Statista portal, almost 11,000 cases of data spying were recorded by the police in Germany in 2016. This figure is thus significantly lower than four years earlier (nearly 17,000 police-recorded cases), which is partly due to the use of reliable security software and a more cautious handling of sensitive access data.
2. How does a password manager work?
A master key to all passwords
Users usually get access to their encrypted access data with a master password, which is the only password they have to remember. Usually, users choose this password themselves, with most password managers giving them guidelines for length and characters and feedback on how to protect the selected password. Important: Only the user should know the master password. Therefore, it is neither stored by the password manager nor is it known to the provider of the program. If you forget your master password, you will normally no longer be able to access your encrypted access data. This may be annoying, but it serves security purposes. In this case, users have to delete the existing data memory and create a new memory with a new master password.
Create secure passwords
In addition, common password managers include a so-called password generator that generates secure passwords for users. Ideally, they determine how long the created password should be and whether it should contain lowercase, uppercase letters, numbers and special characters. Good password managers also check the user’s existing passwords for their security and warn the user if a password is used more than once and if insecure passwords are used. When evaluating the security of a password, the password length plays a central role. It is advantageous if the program also takes into account the use of different character types. Most password administrators also remind their users to renew their passwords on a regular basis to improve protection.
Users of a password manager can copy a required password to the clipboard and then manually paste it into the corresponding field. However, it can also be more convenient: In addition to a desktop or online application, most providers also provide browser extensions that enable automatic filling in of access data. As a rule, the password manager also recognizes when logging on to web pages if login data are not yet stored in the data memory and adds them if desired by the user. The one-click registration option is particularly convenient: a mouse click on the URL stored in the password manager is all it takes to open the website and complete the registration process automatically. With most password managers, users can choose in the settings for each web page whether or not they want to have an automatic login. If you choose not to do so, the logo of the password manager used will usually appear in the login fields. If you click on this logo, the password manager will automatically enter your username and password. In addition, a good password manager also allows you to save and automatically enter various personal data in online forms.
3. How do common password managers vary?
Like other programs, password managers are available in numerous variants. With regard to which criteria these can be distinguished and which special features, advantages or disadvantages different types of password managers bring with them, we explain here.
Where are the encrypted data stored?
An important aspect that makes password managers different is the location of the encrypted data. There are three common options:
- Local storage on the user’s computer
- Saving on the provider’s server
- Saving in a Cloud
Many password managers, which store the data locally on the user’s computer, also offer the option of storing the data in an encrypted form in a cloud if required, for example, to have access to the passwords while on the move or to synchronize them across several devices.
Important: The master password that users need to decrypt the stored data is never saved, regardless of where the data is stored. It may cause an unpleasant feeling, especially for cautious users, to know that their complete password collection is stored somewhere on the Internet. With a secure master password, the risk of unauthorized access is still very low. Users who use the same password or insecure passwords, such as names or data, for all accounts run a much higher risk of falling victim to a hacker attack.
A USB flash drive as password vault
Anyone who uses their passwords on different computers, but does not want to store their data on an external server, benefits from the possibility of using a USB stick as password manager. For example, the Steganos Password Manager offers this option. Using the “portable password manager” function, users store their encrypted data on a standard USB stick and take their access data with them wherever they go, without having to store it online. Users should of course make sure to keep the data on the USB stick up-to-date and synchronize it regularly.
Who uses Password Managers?
In addition, password managers are available for various user groups:
- Individuals for private use
Password managers in a family package usually have the advantage that users can store their own passwords and exchange passwords with each other. In addition, such offers usually result in a price advantage, since not every family member needs his own license. For example, the 1Password program is available as a multi-member password manager, with the family license (for up to five members) costing only two dollars more than a single license. Enterprise solutions are designed to securely share records and encrypted folders within small and large teams, typically including an administrator console.
4. How much do I pay for good password management?
For many users, the price is an important decision criterion for a password manager. The costs vary depending on the provider and license model. Frequently, there are also free versions, which are usually limited in their functional scope and are also available as a more comprehensive premium version for a fee. One example of this is Dashlane: although the basic version can be used free of charge for an unlimited period of time, it does not include two-factor authentication or the ability to synchronize stored data across multiple devices. The above-mentioned functions are only available to users in the premium version for a fee. The paid models are usually available as a subscription with an annual subscription. The cost of the programs in our test range from zero to 30 euros per year for one user.
5. Useful tips for more security
For people who need multiple passwords, it is always advisable to use a password manager to increase the security of their passwords. In addition, there are a number of aspects that need to be taken into account to ensure greater protection. This section contains the most important safety tips:
Do not store passwords in the browser
The popular Internet browsers such as Mozilla Firefox and Google Chrome offer the option to store passwords for frequently visited websites. This may be comfortable, but it is particularly risky on public PCs or in the office, for example. Mozilla Firefox offers the option to protect the stored passwords with a master password, but this is not obligatory and requires additional effort.
Never use the same password for all accounts
Also convenient, because easy to remember, is the use of a single password for all logins. The risk here is obvious: If the password for an account is cracked, the cybercriminals will automatically have access to all the user’s accounts.
Avoid insecure passwords
Many consumers still use passwords such as names, birthdates, combinations of numbers such as “12345” or “password”. The popularity of such passwords is explained by their simplicity. The more popular and simpler a password is, the less secure it is. Common password managers include a generator that creates secure random combinations. In general, the longer a password is and the more possible combinations (different character types) it contains, the harder it is to crack. A secure password consists of at least twelve characters and contains both upper and lower case letters as well as numbers and special characters.
6. This is how we test
Various providers provide a large number of password managers, which differ mainly in their scope of tasks, their usability and the costs. To help consumers find the right program for their individual needs, we have tested some of the most popular and best password managers. For this purpose, we have downloaded and installed all password managers in a free version (either in a free basic or a time-limited test version) and have taken a close look at all important functions. Four evaluation criteria serve as a basis for our test and the evaluation of the various programmes:
Safety & Functions
Under our first criterion we look at which functions the password managers have in the test and in which form they increase the protection of the user. Important aspects here are the storage locations of user passwords and the technology used to encrypt them. In the latter case, all password administrators use secure AES-256-bit encryption in our test. While some programs such as Keeper Security store the data in a digital vault on a server of the provider, other password managers such as Enpass store the encrypted access data locally on the user’s computer and offer the option of storing the data in a cloud for synchronization with other devices or as a backup copy.
The programs score points for their security if they offer the possibility of multi-factor authentication. This means that users must provide at least two independent credentials to access their data. In addition to the knowledge factor, which is usually covered by a self-chosen master password, these proofs can be provided of something that the user possesses (e. g. a mobile phone to which a unique pin is sent by message) or of individual identification features that occur in the user’s body (e. g. fingerprint or facial recognition). In addition, we take a close look at the password generator. Programs collect points which can be found quickly by password administrators, which have options for setting the length of the password and the characters it contains, and which make it possible to create as long as possible passwords.
A detailed security analysis of the passwords used is also important. Ideally, the programs evaluate not only the length of the password, but also the use of as many different characters as possible. Good password managers also warn users if they use the same password for multiple accounts, or if they have not changed the password for an extended period of time. In addition to the above-mentioned aspects, under “Safety & Functions” we evaluate the data that can be stored with the program and the additional functions that it contains. The following applies: the more, the better. Programs such as Enpass, for example, score points, which besides passwords also store a variety of other personal data (travel data, ID cards, bank accounts, credit cards) and secure notes and allow the uploading of file attachments.
The password manager Dashlane, for example, scores points with many additional functions such as the addition of emergency contacts and the creation of backup copies, which also has the most aspects in this evaluation criterion.
Compatibility & Performance
In terms of compatibility, Password Managers collect points that can be used on as many operating systems (Windows, Mac OS and Linux) as possible and provide apps for various mobile operating systems such as Android and iOS, so that password administrators can use passwords on the go through apps. For example, password managers such as Keeper Security and Enpass are compatible with a large number of operating systems. On the other hand, 1Password, which is available in the desktop version for Windows and Mac OS, is a negative feature, but its Windows version lacks some important functions such as the security check of existing passwords. An important role in this category is also played by the browser enhancements available, which make it easy to fill in online login data and online forms automatically. On the one hand, we award points for compatibility with as many browsers as possible and on the other hand for easy, trouble-free activation of the extension as well as for reliable and fast automatic filling in of the appropriate fields. Deductions are given to password managers for system interferences, which fortunately were not noticeable in any of the programs in our test, as well as crashes of the password administrator. Also included in our evaluation are the size of the installation file and the required hard disk space. Programs with very large files get light prints, as they usually require a longer download and installation time. Most of the criteria for its compatibility and performance achieved in our test the password manager Enpass.
In addition to the functions offered and the compatibility of the password managers, operation is a decisive criterion. Here we place particular emphasis on user-friendliness and convenience. First of all, we take a look at how easy or complex the download and installation of the individual password managers is. This also includes whether a login to a user account is necessary and how many user details are required. For example, the installation is very easy and fast with Loadpass, while the Password Manager 1Password, for example, requires considerably more time and patience until it is ready to start. The main role in this evaluation criterion is played by the user interface. Here we evaluate how clear and tidy it is and whether all important functions are easy to find. Interested parties can find an overview of the user-friendliness of the user interface in our data sheet, where we give them in percent.
User-friendly software also comes with many setting options that allow users to adapt the program to their individual needs. We also regard additional tasks that increase comfort as positive. For example, Dashlane allows you to change any number of passwords with just one click. This also includes robust import and export options, which allow users to make backup copies and easily transfer data to their programs from another password manager or browser. Additional aspects deserve programs with a free trial version, which ideally includes the full range of functions.
Help & Support
The fourth and final evaluation factor is our assessment of the possibilities that the various providers provide their users with for questions and problems. Suppliers score points with the widest possible range of assistance options. These include, for example, an extensive FAQ collection, a detailed manual to look up all important functions, several help functions in the program and clear tutorials. Also useful is a forum in which users can exchange information and help each other. If these support options do not help, it is advantageous for users to be able to establish personal contact with an employee via various channels as quickly as possible. All password managers offer e-mail support in the test. It is rarely possible to make contact by telephone or live chat. In order to allow not only the offer itself but also its quality to be included in the evaluation, we have asked all providers via e-mail or live chat a similar question about the scope of their password manager’s tasks. Suppliers earn additional points with a quick, friendly and satisfying answer. However, they receive deductions for a very long waiting period or no response at all. Here we remember the extremely friendly support of Dashlane, who also responded very quickly, particularly positively. We also received a friendly, quick and competent answer from Keeper Security, who also provides the most support options and can thus secure the overall victory in this evaluation criterion. On the other hand, we had to wait longer for an unsatisfactory answer from Enpass, whose support is also the worst overall.
In our password manager reviews, the various programs pass through all four evaluation criteria one after the other and receive 0.00 to 10.00 points for each of them. The average of these individual evaluations results in the total score and thus also the placing of the password manager in the ranking. In this way, all evaluation criteria are included in the final result in equal parts, thus enabling an objective comparison of the different password administrators. Since every user has different password management requirements, our test winner is not automatically the best password manager for all users. In the end, each user has to decide for himself/herself which criteria are decisive for him/her.
LastPass is a solid, user-friendly password manager with many functions that can be used on all operating systems and is compatible with all common browsers. An incomplete translation into G... Read more
Most users associate the manufacturer’s name with Kaspersky Anti-Virus or Kaspersky Internet Security. The IT specialists of the Russian manufacturer are specialized in security softwa... Read more