Best tools for protecting passwords

Passwords are a security weak link, but these products help shield passwords from attackers.

password manager

We looked at six products: Kaspersky Pure, LastPass Enterprise, Lieberman Enterprise Random Password Manager, Agilebits 1Password, RoboForm Enterprise, and TrendMicro DirectPass. All use a master password vault to store information in encrypted form. And (except TrendMicro) can generate a complex password and insert it into the login process so users don't have to try to come up with something on their own. (Read the story version.) Here are the reviews:

LastPass Enterprise
LastPass Enterprise

LastPass Enterprise offers excellent price/performance and boasts strong management features. LastPass also has the widest desktop and mobile platform support of any of the products we tested. This is the policy screen:

LastPass
LastPass

The LastPass notification system includes many canned messages that can easily be customized. LastPass also has a separate management console. LastPass is free for the individual user, so IT managers can easily check it out and see how it works. Once you are ready to upgrade to the enterprise version, you can start a free two-week trial, after which it will cost you $24 per user per year.

Lieberman Enterprise Random Password Manager
Lieberman Enterprise Random Password Manager

Lieberman has the best features for local server password management, and the Lieberman tool was the only one in our tests that worked flawlessly. Here is Lieberman’s main dashboard.

Lieberman Enterprise Random Password Manager
Lieberman Enterprise Random Password Manager

ERPM handles passwords on Windows, IIS, SQL Server and Oracle database accounts, SharePoint, Directory Services, Linux and other major platforms, both physical and virtual servers. It works with configuration management repositories such as CA, IBM and BMC's CMDB software and with system management tools such as Microsoft System Center, HP Operations Center and Arcsight.

Kaspersky Pure
Kaspersky Pure

Kaspersky’s Pure offers a basic password manager as part of a larger suite that includes other security tools. The downside is that it is Windows only, which means you can’t sync your vault with non-Windows devices.

Kaspersky Pure
Kaspersky Pure

Pure has modules that improve browser security, and this is probably more of a reason to purchase it than just for password protection and management. For example, the SafeMoney module sets up protected browser sessions for online banking and ecommerce sites, and another module can securely erase your browser history or analyze your Internet Explorer settings. Pure also supports a wide variety of browsers.

Agilebits 1Password
Agilebits 1Password

1Password is a consumer-focused product that allows you to store more than just passwords in your vault. 1Password has numerous security options, including the ability to automatically lock the vault after inactivity or when the screensaver comes on.

1Password
1Password

One of the biggest advantages with 1Password is that it has an extensive collection of things that it can protect inside its vault, including credit card numbers, text notes, and software license information, along with the login identities. Everything in the vault can be accessed on every other platform, which is very convenient. You can also add file attachments to each login record.

RoboForm
RoboForm

RoboForm has a nice balance of enterprise features and strong bulk password management, but we had some support issues. The product has the second widest mobile OS support, including iOS, Android, BlackBerry, and Windows Phone. It supports Chrome, IE, Firefox and Opera browsers and has a status screen showing you which browser plug-ins have been installed.

RoboForm
RoboForm

The Enterprise version of RoboForm includes the ability to recover any of your user's master passwords, because they are stored encrypted on a network share. This is something most of its competitors currently lack. It also has the ability to bulk import AD users to help with the initial setup. RoboForm is mostly accessed via its browser plugin.

TrendMicro DirectPass
TrendMicro DirectPass

Like the other consumer-grade tools, DirectPass has no enterprise management features. It also had the fewest overall features and the most issues in its use, and we would recommend that you wait until its next release before seriously evaluating it. For example, of the six products tested, it was the only one that didn't include a password generator.

TrendMicro DirectPass
TrendMicro DirectPass

DirectPass synchronizes your vaults through its own cloud-based service, which is simple. Its vault can contain text files and also general Web form data. You can force the synch through buttons on the interface, or it should automatically do so when you bring up the software.