Geekly Articles each Day
📜 ⬆️ ⬇️

Popular password managers in comparison

image Securely storing passwords is a very hot topic at any time, especially after the recent high-profile hacking of large sites. After one of my passwords leaked to the Network after hacking into the MtGox exchange, I was concerned about switching to serious security methods.

The most important points that many users neglect are keeping passwords in their heads or on a piece of paper - using separate passwords on each service and discarding simple, easily remembered passwords. To make this possible, there is a considerable amount of software of different quality, the study of which I started. Now I would like to share the results of my research.

So, the programs that fell under my choice are the following: KeePass, eWallet, LastPass, 1Password, RoboForm . Who cares - welcome under cat.
')
I warn you in advance: this review does not pretend to be useful or 100% reliable. I just want to give the reader a fairly complete impression of the programs presented so that you can make a decision to use one of them.

So let's get started.

KeePass Password Safe


image The first challenger is the open-source password manager KeePass . It is free and freely distributed under the GPL v2 license. There are two main versions: “old” 1.x, working only under Windows, and “new” 2.x, written on .NET and working including under Mono in OS X and Linux. Both versions exist in the Portable version. There are also third-party programs that work with KeePass databases - under Linux and Mac OS X, for example, KeePassX .

The password database is encrypted with AES-256 and stored in a file that can be synchronized in any convenient way, be it Dropbox, flash drive, or something else. It is possible to use a multi-pass key conversion, due to which the time required to decrypt the database increases; This increases resistance to brute-force attacks. Some clients on other platforms can work with Dropbox databases directly (for example, KyPass on iOS). Version 2.x databases are not backward compatible with 1.x, which creates problems with a lot of third-party software working with old version databases (although you can export the old format database from the new version).

KeePass has a built-in AutoType feature that allows you to automatically enter passwords in browsers and other programs. KeePass also has many plug-ins that, among other things, provide tighter integration with all major browsers (IE, Firefox, Chrome), and provide many additional features.

As mentioned above, due to the openness of KeePass, a lot of software has been written for various platforms. Mobile devices have KeePass clients on the following platforms: iOS, Android, WM Classic, Windows Phone 7, Blackberry, and J2ME. More detailed lists of plug-ins and third-party software are available on the KeePass website.

eWallet


image eWallet is a paid password and personal information manager from Ilium Softwar. eWallet exists in versions for Windows and Mac OS X ($ 9.99), and also has clients for iOS, Android (viewer only), BlackBerry and Windows Mobile Classic.

The database file, as in KeePass, is encrypted using AES-256. Data is stored locally, cloud storage is not provided by eWallet.

Synchronization of the base between desktops is possible only by manual transfer. Synchronization of the Windows version with mobile clients on WM Classic and Blackberry is performed using the built-in platform synchronization (ActiveSync and BlackBerry Desktop, respectively). Syncing Mac versions with iOS versions is possible via iTunes and Wi-Fi.

The Windows version of eWallet integrates with Internet Explorer, Firefox and Chrome browsers. The OS X version only offers Safari integration.

1Password


image 1Password is a popular Mac OS X solution for storing passwords, software licenses and other personal information from AgileBits. Recently, a version for Windows has also been released, as well as a native client for iOS. The program is quite expensive - versions for Windows and Mac OS X cost $ 39.99, or $ 59.99 for both together; The iOS version is available in the AppStore for $ 14.99. Read-only application for Android is free.

All versions of 1Password have a built-in database synchronization feature using the Dropbox service. This functionality is optional, the default database is stored locally. The database is encrypted with AES-128. Built-in browser and operating system integration prevents passwords from leaking via keylogger.

1Password for Mac integrates with Safari, Firefox, Chrome and Camino out of the box. The Windows version integrates with Firefox, Chrome and IE. Both versions of 1Password also offer a convenient interface for using stored information in any other applications (including the AutoType feature similar to KeePass).

Apart from integrating with different platforms, 1Password provides another original way to access its database. The password store (agile keychain) is a set of files, one of which is an HTML file with a full interface for working with the database, which can be opened by any browser on virtually any device.

The 1Password client rating for iOS is 4 stars out of 5, the highest of all mobile apps reviewed. Many reviews also praise 1Password on OS X for its user-friendly interface and browser integration.

Roboform


image RoboForm is one of the oldest programs in this market, the only one that still has a working version for Palm OS and Windows Mobile 2003. The free version of RoboForm Free is available for Windows and Mac OS X, but it’s pretty limited. The paid version of RoboForm Desktop ($ 29.95) removes many restrictions. But the most interesting is the RoboForm Everywhere package ($ 19.95 per year), which offers full use of desktop versions for Windows and Mac OS X, plug-ins for full integration with Firefox and Chrome, as well as automatic cloud-based synchronization of databases between all versions.

RoboForm database is encrypted according to the AES-256 standard, and in all versions of the program is stored on the local computer. When using RoboForm Everywhere, the database is also located on RoboForm servers.

In addition to the major versions, RoboForm offers applications for a variety of mobile platforms. These include iOS, Android, BlackBerry, Windows Mobile (6.x, 5, 2003, and even Pocket PC 2000 and 2002), Palm OS, and Symbian. Versions for iOS and Android support cloud sync and require a subscription to RoboForm Everywher. All other mobile versions are synchronized with desktop versions using additional software.

Also, RoboForm is just one of two programs in the review with a separate plugin (or rather, even two) for the Opera browser on Windows, Mac OS X and Linux.

LastPass


image LastPass is a fairly well-known cloud password storage service. The basic version of LastPass is free; premium package costs $ 1 per month.

LastPass has, perhaps, the widest range of functions in this review. The service is available on Windows, OS X and Linux on all major browsers (IE, Firefox, Chrome, Opera, Safari). On Windows, a version of LastPass for Apps is also available, allowing you to use the automatic storage of passwords from any applications. Password database management is also possible via the web interface on the LastPass website. For Windows, there is a Portable client with the ability to load the database for backup storage and use offline.

Since LastPass is a cloud service, the database is permanently stored on LastPass servers. Synchronization as such is not required. Along with convenience, storing the database on servers also represents a risk: not long ago, LastPass was hacked (by hearsay), and the service owners suggested that many customers change their master passwords. LastPass base, as in most other programs in the review, is encrypted with AES-256.

LastPass offers a wide range of mobile clients: iOS, Android (with additional applications for Dolphin HD and Firefox Mobile browsers), WM Classic, Windows Phone 7, BlackBerry and HP / Palm WebOS. All LastPass mobile versions (except iPad) require a LastPass Premium subscription.

Summary table

image Keepassimage eWalletimage 1Passwordimage Roboformimage LastPass
basic information
LicenseGPL v2Proprietary
Cost ofis freefrom $ 9.99from $ 39.99is freeis free
Synchronizationmanual (file)manualDropboxcloud ($)cloud
EncryptionAES-256AES-256AES-128AES-256AES-256
Portable versionthere isnotnotthere isthere is
Browser Integration
image Mozilla firefoxWindowsMac os xLinuxWindowsWindowsMac os xWindowsMac os xLinuxWindowsMac os xLinux
image Google chromeWindowsMac os xLinuxWindowsWindowsMac os xWindowsMac os xLinuxWindowsMac os xLinux
image Internet ExplorerWindowsWindowsWindowsWindowsWindows
image OperaWindowsMac os xLinux--WindowsMac os xLinuxWindowsMac os xLinux
image Apple safari-Mac os xMac os xWindowsMac os xWindowsMac os x
image Camino--Mac os x--
Mobile support
image iOSyesyesyesyesyes
image Androidyesyesyesyesyes
image Blackberryyesyesnoyesyes
image Windows mobileyesyesnoyesyes
image Windows Phone 7yesnonoyesyes
image WebOSnonononoyes
image Symbiannononoyesyes
image J2meyesnononono


Noticed an inaccuracy in the review or want to offer to add a program? Write PM.

Source: https://habr.com/ru/post/125248/

More articles:


All Articles