Review: 7 password managers for Windows, Mac OS X, iOS, and Android

1Password and KeePass lead the field in features, flexibility, browser integration, and ease-of-use

LastPass works entirely in your browser, syncing your passwords to a cloud-based service. Note that the paid version is required to use the LastPass mobile apps.

Password SafeAn open source program that feels like a stripped-down KeePass, Password Safe has many of the same functions but they don't feel as complete. Working with Password Safe requires a bit more manual effort to get the same results.

Password Safe's core feature set should be familiar by now. Passwords are stored in an encrypted, password-protected file, and they can be arranged in categories and searched for by keyword. A selected password entry can have its username and password autotyped into another window by pressing a user-defined hotkey. The import function is designed to accept files exported from KeePass, but I was only able to get files exported from the 1.x version of KeePass to import properly.

Drag-and-drop is also supported, in an intriguing way. Drag and drop one of a set of icons (username, password, URL) into a target window, and the text for the selected entry will be pasted to the target. This is a handy way to deal with Web pages where autotype doesn't work correctly. You can also create custom rule handlers for specific Web pages. (KeePass has a similar feature.)

Password Safe has an assignable global hotkey system, but it falls a little short of its counterpart in KeePass and 1Password. With those programs, a single master hotkey activates those programs and performs autotype for a password for the current domain. With Password Safe, you can define a global hotkey to bring up the main program menu (it's not assigned by default), but from there you have to select the appropriate entry and perform autotype yourself.

It's a minor drawback, but it becomes annoying after a while. To use autotype reliably with this feature, you need to store the log-in URL with the username/password entry, and not just the general domain name as you can with KeePass.

Cost: Free open source. Platforms: Windows, Linux, Java

Password Safe is reminiscent of KeePass, but doesn't integrate as tightly with the rest of your system as KeePass does.

RoboFormRoboForm has been around since 1999, growing from a general Web-form-filling program to a full-blown password and credential manager. It stores not just log-ins, but also browser bookmarks, user identities, personal contacts, and sundry notes and comments. It's broadly useful outside of just browser log-ins.

RoboForm comes with plug-ins for close integration with most common Web browsers -- Firefox, Chrome, Opera, and IE -- which you have the option to install when you first set up the program. You can always change which plug-ins you use, should you happen to switch browsers later.

Once set up, browsers that use RoboForm integration sport a toolbar. Passwords and other form information you submit to a website are automatically captured by RoboForm and saved into the program's database. You can also add arbitrary fields to each record, such as another password field or a comments line. RoboForm integrates with regular Windows applications, not just Web browsers, but if you're leery of doing that, you can always resort to copy and paste to get data out of RoboForm.

To use the captured form information -- for instance, to log into a given site -- you either click the appropriate button on the toolbar or use a keystroke combination to perform an autofill action. I wasn't crazy about the look of the toolbar, and the in-browser hotkeys for RoboForm work even without it. Thus, I hid it without disabling it and was none the worse for the action.

One of RoboForm's major selling points is the ability to rapidly fill out forms that require a name, address, phone number, and so on. Once you've entered this information into RoboForm via an "identity" entry, it can be automatically filled into any Web form that asks for it. The program's heuristics for figuring out what information to put into which fields is very good; I rarely had to make changes by hand. Another nice feature is a way to automatically log into multiple websites at once -- for instance, as a first-thing-in-the-morning routine.

If you've been using another program to store passwords, RoboForm can probably tap into it. RoboForm imports data from LastPass, KeePass, 1Password, SplashID, Firefox's own password store, and a number of other formats. I ran into a little issue importing data from KeePass, however. KeePass saves previous versions of changed entries, and RoboForm tried to import the old versions of those entries along with the new -- but considered them to be dupes. Fortunately, the importer let me change the names of each duplicated entry to work around this problem.

RoboForm sports a number of professional-grade features I wasn't expecting to see. It works with Windows Biometrics and UPEK-compliant fingerprint readers (like the one in my Toshiba notebook), and it has a dual-password mode to allow employees and supervisors to share credentials without sharing usernames and passwords, although the latter is available only if you use AES, Blowfish, or RC6 encryption on the password database, as opposed to DES or 3DES. You can switch encryption modes easily.

RoboForm comes in a few different editions. RoboForm2Go runs from a flash drive or other portable device. RoboForm Lite for Chrome or Firefox works solely as a browser extension, offering no integration with other Windows apps. The for-pay and professional versions of the program add features like the ability to autofill multiline fields or allow secure credential deployment throughout an organization. There's also the RoboForm Everywhere service, which allows syncing between all installations of RoboForm for $9.95 a year. RoboForm used to have an unlimited lifetime-upgrade policy, but sadly this was phased out after version 7 was introduced.

The biggest reason to choose RoboForm over one of the other password managers listed here, aside from the smart form-filling technology for names and addresses, is if you find yourself submitting a lot of form information into Windows applications other than Web browsers.

Cost: Free version; RoboForm Everywhere, $9.95; RoboForm Desktop for Windows or Mac, $29.95; RoboForm2Go, $39.95. Platforms: Windows, Mac OS X, iOS, Android, BlackBerry, PalmOS, Symbian. 

The RoboForm toolbar (here, for Chrome) lets you perform form fills and other RoboForm actions with one click.

SplashIDSplashID is not a bad program on the whole, but like Password Safe, it suffers from a lack of direct integration with the desktop.

Fire up SplashID and the first thing you're likely to notice is the similarity to Microsoft Office 2007. SplashID has the same look, complete with the ribbon and the orb. Records in the database consist of up to nine customizable fields and a free-form notes area, so you aren't limited to mere username/password pairs. Databases come prepopulated with some sample data, including the likes of credit cards and software serial numbers, so you can see for yourself what all the fields are intended to hold. The database can be locked with either a password or a drawn pattern.

The biggest drawback with SplashID is how it focuses more on storing and managing this data than anything else. First problem: the lack of integration with any browser but Internet Explorer. No other browsers are currently supported for direct integration by the program, which seems bizarre given that IE has become an also-ran next to Firefox and Chrome.

Second problem: no global hotkey. There's no way to get the program to autotype a given password entry into anything except Internet Explorer. If you want to use it with any other program -- browser or not -- you have to copy and paste from the program. SplashID does have an option to automatically clear the clipboard after a given number of minutes, but it's not enabled by default.

As with Keeper, the main selling point of SplashID is the synchronization features provided by the vendor. SplashData offers a startling range of mobile clients -- Android, iOS, BlackBerry, WebOS, Palm, Windows, and more -- which is handy if you're using a phone of a rarer make. (The desktop edition of the program syncs natively with BlackBerry phones.) But if you have a mobile device supported by one of the other, better password managers described here, there's little reason to use SplashID.

Cost: $19.95; no trial version available. Platforms: Windows, Mac OS X, iOS, Android, BlackBerry, Windows Mobile, PalmOS. 

Snazzy Microsoft Office-style interface aside, SplashID's feature set just isn't that impressive.

 

This story, "Review: 7 password managers for Windows, Mac OS X, iOS, and Android," was originally published at InfoWorld.com. Keep up on the latest developments in mobile technology and security at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.

Read more about security in InfoWorld's Security Channel.

This story, "Review: 7 password managers for Windows, Mac OS X, iOS, and Android" was originally published by InfoWorld.

Related:
| 1 2 Page 7
ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon