Password Managers - 5 of the best reviewed

Andrew LeniartIT Professional, Freelance Journalist, Certified Editor
IT Professional - Helping others to help themselves. https://andrewleniart.com & https://www.computerhelpzone.com.au/testimonial/
Published:
Updated:
Each password manager has its own problems in dealing with certain websites and their login methods. In Part 1, I review the Top 5 Password Managers that I've found to be the best.

In Part 2 we'll look at which ones co-exist together and why it's often useful to use more than one.

Update: Part-2 of this article is now available by clicking this link.


It never ceases to amaze me how often I still notice people (and business clients) that don't employ the use of a Password Manager. Despite the warnings plastered all over the web about why you should use one, I constantly see sticky notes with passwords stuck to monitors, under desks and unprotected spreadsheets with lists of websites and all the login information needed to access the accounts. So many still use the same passwords used on most of the websites they visit as well.  


My hope is that this article will help encourage folks to change their habits and secure their online information and identities.


I've been using Password Managers for several years and I've tried out just about all of the popular (and some not so popular) ones.  Here I'm going to review what I think are the Top 5 password managers currently available and discuss some of their strengths and weaknesses. 


All the Password Managers reviewed in this article are the absolute latest current versions available at the time of writing.


Preliminary ramble and side note:  Please note that I am aware of, and have tried, many popular other "Free" password managers over the years, including KeePass, LastPass, PassPack, EnPassLogMeOnce and a few others that slip my mind at the moment.  


Feel free to check them out for yourself (links have been provided) however, none of the above have been included in this review because I personally found them to be either lacking in what I consider important features or just plain clunky in their day to day use.   If you disagree, I encourage you to say so and provide your reasoning in the comments section below this article.


That said and out of the way...


What I'm going to cover in Part-1 of this series is review and take a look at the following Password Managers;


  • RoboForm
  • Avast Password Manager
  • Sticky Password
  • Dashlane
  • 1Password


All of the above Password Managers have paid models and fully functional 30-day trials, which basically means that if you want to continue using them after your 30 day trial (with all of their advanced features enabled), you'll need to purchase a subscription.   They will all revert to Free versions after your 30-day trial, however, you can keep using them without the advanced capabilities that must be paid for, the most noteworthy of those being losing the ability to Sync your passwords and account with a cloud server.


Along with looking at the strengths and weaknesses I've found in the above managers, I'm also going to show how it can be useful to use more than one password manager to overcome the problems you might face with your favourite password manager and tell you which ones I've found can play and co-exist together nicely to overcome those issues. I personally do this because I've yet to try a Password Manager that handles all of the problems that I hear people complaining about.


For instance, a website changes its login page and breaks your Password Manager, causing you to jump through hoops to get it to work again. This can be a pain if you're in a hurry to get into your Online Banking website for example!


Other problems include the way websites ask you to log in, which you find that your Password Manager doesn't recognise.  I've solved all of these problems for myself by using not one, but two (and recently three) password managers. But in using more than one Password Manager,  not all of them play well together, so in Part-2 of this series, we'll explore which ones do and which ones don't, based on my personal experiences.


Note: At the time of writing, ALL of the above-listed Password Managers were installed on my system and at times, were all active (unlocked).  When problems were struck and conflicts found, certain managers were deactivated to eliminate the issues encountered. All of that will be explained in detail in the second part of this article (Part-2) where I'll explain which Password Managers can co-exist and play well together.


On with the reviews...


RoboForm

RoboForm is the password manager I've used the longest - for several years in fact.  It's served me well and handles most situations admirably. It's never crashed or corrupted on either of my Win 7 or Win 10 systems, so I've never had to restore my database from the cloud. It's a solid piece of coding and does its job well, on both my computers and smartphone / iPad and Tablets.


Installation is a breeze and extensions are available for all browsers. It's major capabilities include;


  • Automatically save your password when you first log in to a website
  • Logs you into your websites with a single click
  • A configurable strong password generator with a single click of a button
  • The ability to organise your websites into folders, just like you can with your browser favourites
  • Strong AES256 bit encryption with PBKDF2 SHA256 to defy dictionary, brute force or other attacks
  • A password Audit function to analyse the strength of your passwords
  • Warnings if you inadvertently happen to use the same password on more than one site
  • Importing of passwords from other password managers via CSV format. No need to train it from scratch
  • The ability to remember and fill in Web Form information for you with a single click
  • Saving of Encrypted Text notes with sensitive information to keep the information away from prying eyes
  • The ability to share login information with trusted friends or families securely
  • Emergency Access which allows you to select a trusted friend or family member to securely obtain access to your RoboForm Data in the event of death, incapacitation, or as a method of account recovery
  • RoboForm Everywhere secure cloud synchronisation keeps your passwords backed up and in sync across all of your browsers and devices.
  • Multi-platform support - RoboForm is available for Windows, Mac, iOS, and Android with support for all their respective major browsers, including Microsoft Edge. Note that a separate app available from the Microsoft Store for RoboForm must be downloaded and installed to enable its use in Microsoft Edge.
  • Support is sensational - I can say that from personal experience. Customer support staff answer email 24/7/365. Live Chat and phone support is also available between 9 AM - 6 PM EST Monday - Friday


Using it is a breeze and very intuitive, even for new players.  Once installed, browser extensions are added and your online cloud account created, the first time you log into a website, RoboForm asks if you would like to save the login information for the next time. Check out the pic below.


Save your Password


At this point, you have the opportunity to change the Name: to anything you like, accept Home as the folder to save your login information to, save to a folder you've already created or create a new folder of your own choice. Folders are saved within RoboForm itself.


RoboForm (like most) can be configured to Auto Start each time your computer is restarted.  The first thing you need to do when you reboot your computer (or if RoboForm has locked during a session), is to put in your "Master Password"



It's important to note that your Master Password is not stored anywhere and can not be retrieved, not even with the help of RoboForm Support, so make sure you use one that you won't forget or take advantage of the Emergency Access function with a trusted family member or friend. It's also useful to mention that you can set how many minutes of computer inactivity can pass before RoboForm will automatically lock itself to protect your vital information in case you forget to lock it manually and walk away from your PC. 


If you look at the graphic above, you notice that there is a Change Account option. This allows you to share your RoboForm license with family members on a family computer. To complete RoboForm's review here are some snaps of what RoboForm looks like in action, along with some of its more interesting features... The first snap is what my RoboForm looks like with 479 Websites login information. 


Every single website saved has a unique password that is at a minimum of 8 characters long and up to 16 characters or more where the site permits long passwords to be used. They also all have special characters and numbers such as #%$#@ in them as well. Brute force guessing my passwords? I'm confident it's an almost impossible scenario! As are my chances of remembering them all.


MyRoboForm


                                       Save your Safenotes                                                         Generate a Strong Password

                                              


In the interest of brevity, that's all the screenshots I'll share, but there is a ton more to see. The Security Centre in particular, where you can Audit your Passwords and identify potentially problematic (weak) ones or duplicates to take care of.


One other benefit worth mentioning is that you can log into RoboForm on the web using your login information and password - so if you're at a computer and don't have a device with RoboForm installed on it, just log into your online account and all of your saved logins are available to you via a web console.  


Important note: If you do use this method, especially on a public computer, be sure to use an Incognito browser and to log off your account when you're done. Don't just rely on RoboForm auto locking for you.


Some Cons I've found with RoboForm


There aren't a lot of cons I've found with RoboForm.  One, however, is it having difficulty with some websites where the login page has changed. It can handle most OK, but it takes a few manual clicks and adjustments to correct an entry on some websites. 


Another con is that with some login pages, particularly where a box pops up, RoboForm will not automatically see that as a website login, so you may need to add the website manually to make it work. This also causes an extra step when logging in so it's not as automatic as it could be.


Other than those few issues, I think it's a great (and very affordable) password manager. 


The FREE Version


RoboForm does provide a totally FREE option which provides you with the following features.


  • Unlimited logins
  • Fills forms
  • Password audits
  • Password generator


The free version does not sync with the cloud, so your information is only available on your device.


My Recommendation: Definitely give RoboForm a 30-day trial run.  I think you'll love and keep it!



Avast Password Manager


Avast's Password Management system doesn't come as a stand-alone program. Rather, it's bundled with both their Free and Paid versions of their Antivirus product.  The Free bundled version of Avast Password Manager gives you some generous benefits that include;


  • Automatically saving your passwords when you first log into a website
  • Generate strong unique passwords for all of your website accounts
  • Imports passwords from your browsers where they are less than safe
  • Allow you to save encrypted notes to keep your information from prying eyes
  • Synchronizes your login passwords across all of your devices that have Avast installed
  • Form fill capabilities


Installation is simple. After a default install, Avast will first perform a Smart Scan of your machine to try and identify any issues it thinks needs to be addressed.


   


To get to the Password Manager, which is what we're interested in here, simply click on the "Privacy" button, and then "Passwords" in Avast and you'll be presented with the following screen.

Click the "Get Started" button to, well, get started!


Avast Passwords will proceed to activate itself ( insert plug-ins/extensions) into all of your available browsers.  



You can skip any browsers you don't want Avast Passwords to activate in.  Clicking the Activate in "Google Chrome" button shown above will open the Chrome browser with an Install button ready for you to click.  Rinse and repeat for the rest of your browsers.  Once done, you'll get the following screen.



Assuming you've activated your free version and already created an online account with Avast, you're now good to go.  Don't worry if you forgot to activate or create an online account for yourself at this point as you can do that anytime.


So how does it look once you've entered a few websites into your Avast Password Manager?  Well here's a screen grab of mine...



I subscribe to Avast Internet Security, but the free version looks exactly the same once populated with website logins. Each of those logins can be edited and changed.  The "Lock" function that I've circled in the above graphic is just a way to manually lock Avast Password Manager - in other words, turn it off.



As you can see, you can modify the Colour, Account Name, Web address, your Username, Password and even add a Note for this particular login and save your changes.  Alternatively, from here you can also delete the login completely to make Avast forget about the login.  


Note that the above is a standard feature available in all of the password managers reviewed here.


Logging into a website for the first time activates Avast Passwords where it offers to save your login information for you.  You can also set Avast to not enable Auto-Fill on websites you've saved if you prefer to do it manually, or just save login information for you without asking you if you want it to save all your passwords automatically.


         


The next time you log into a website with saved information, with one click, Avast will auto-populate the required login fields for you and log you in. 


To create a random strong password for any website, take advantage of the "Generate a strong password" feature. 


Some Cons I've found with Avast Password Manager


Avast's Password Manager does the job, but there are a few features I've found to be lacking.  You can't, for instance, open up your list of logins and click on them to go to the website - you'll need to rely on your favourites list to do that.  


Changes in website login procedures can be a bit of a pain as well because Avast seems to consider it to be a new website and creates a new login entry, rather than modify/update the existing one.


No support for Windows 10's Microsoft Edge browser.


Nags!  Avast will periodically nag you to Upgrade to their Premium Version and this can get annoying after a while.


The Benefit of Subscribing


All of the above Avast Password Manager features are available for free!  Compared to some of the other offerings, Avast is quite generous with what they provide you at no cost.  To get the benefit of a potentially useful feature though, you'll need to purchase a subscription.  


  • Password Guardian - This is a highly useful feature that monitors the web 24/7 and warns you if one of your passwords have leaked.  I've never been warned of such an occurrence myself, but if it works as advertised, then it's well worth having.  It will also warn you if you are using the same password on more than one website.


For the purposes of this review, I went and changed a number of passwords on a variety of websites to be the same, as well as made some passwords weak. Here's what Password Guardian reported...



Note: For all you budding hackers reading this review, don't bother trying. The passwords have already been changed to 16+ generated strong passwords and duplicates removed before publication of this review! :-)


My Recommendation:  If you don't want to pay for a commercial password manager, yet still enjoy a bundle of neat features, then Avast's Password Manager is an excellent choice.  Give it a try.. not only will you enjoy the protection of an excellent and highly rated Antivirus, but a free Password Management tool that is way safer than your browser's built-in password tool(s).


                                                           


Sticky Password is a Password Manager that was recommended to me by another Experts Exchange Member during a conversation we were having about Password Managers and has quickly turned into my second favourite password management tool. Also impressive is that it earned the PCMag Editors’ choice award. I've used Sticky Password now for several weeks and can happily report that I'm more than suitably impressed.


One of the best things about this software is that it is very intuitive to use.  Its features include;


  • Autofill of Passwords and Form Filling capabilities
  • Biometrics, which allow you to verify you're the account holder with a swipe of your finger
  • AES-256 Encryption of your data
  • Two-factor Authentication giving you the option of unlocking Sticky Password using your Master Password and a unique time-based code generated every 30 seconds on your smartphone
  • Supports all major platforms including PC, Mac, Tablet, Smartphone, Windows, Mac OS X, Android and even iOS systems are supported
  • Cloud Sync and Backup are of course supported and available
  • Local Wi-Fi Sync is supported so that your encrypted data need never leave your devices if that's what you choose
  • Premium and quick support for paid customers
  • Saving Endangered Manatees.  

  If you choose to purchase a premium subscription, part of your subscription goes to saving these endangered animals.


As with all of the offerings I'm reviewing here, there are FREE and Paid versions of Sticky Password available. To see the differences between the Free and Premium versions, visit their website here.  


You automatically get Premium access for 30-days when you install Sticky Passwords so that you can explore all of its features - after 30 days it will revert to the Free version, but none of your saved data will be lost or discarded.


One of the major things Sticky Passwords brags about is the number of browsers it supports and that it works across all major platforms. Its browser support includes;


  • Google Chrome
  • Chromium
  • Firefox
  • Thunderbird
  • Internet Explorer
  • Comodo Dragon
  • Opera
  • Pale Moon
  • SeaMonkey
  • Yandex
  • Dolphin
  • UCWeb
  • Safari


An impressive list to be sure, but one major browser not supported which is gaining more and more popularity every day is Microsoft Edge.

Sticky Password claims that this is because Edge does not support extensions, however, that's not totally true (see my RoboForm review at the start of this article).   Extensions must be developed, vetted and approved by Microsoft and then made available for download via Microsoft's Online Store. Let's hope that Sticky Password developers take advantage of this and add support for Edge in the near future.


Installation of Sticky Password is via a downloaded file that must be run.  Select your operating system when you go to the download page and click on the download button - then just run the file you've saved. The version I tested was for Windows v8.1.0.103.  Download a copy of the latest version from here.


I found the installation wizard to be excellent and one of the quickest and easiest of all the password managers being reviewed, so I think it's worth going through the process here to show you what I mean...


                                         



Upon clicking the Finish button, after 3 easy to understand explanatory screens, Sticky Password automatically launches and leads you through four easy steps...


       

       


Here's where you get to Create your new online Account.  Your online account is where you set your synchronisation and backup options, as well as manage your mobile devices like Smartphones, Tablets etc.  


Let's go through the steps.



First, enter your Email address.  Choose carefully though, as your email address will be a unique identifier of your online Sticky Account so all Email communication from Sticky Password will be sent to the address you enter.  


Next, you must select a Master Password.  Once again, choose very carefully.  As with all of the Password Managers being reviewed, your Master Password is what will provide you with access to all of your personal information and your online database.  


Your Master Password should be something that's easy for you to remember, but difficult for anyone else to guess, including your family members! 


Note: No-one, including Sticky Password developers and support staff, will be able to recover your data if you ever forget your Master Password.  


Finally, when selecting this password, take note of strength bar when you enter your master password.  It will give you an indication of how strong or weak the password you select will be.  


For those who fear they may have a keylogger or other malware on their system, make use of the Sticky Password's virtual keyboard shown below.


 


When you tick the "Anti spy" option (circled in red), no one can see which keys you've really pressed. Extremely useful if you're logging into your account from a public computer such as Internet Cafes or even a friends place. Having entered your information, click on "Create my Account"  and Sticky Password will double check that you remember your master password at this point and ask you to type it in again.



Click the green Continue button to set up your Cloud Synchronization option - or not - the choice is yours - you can change the settings later.



Clicking Continue again at this point will create your online account with your initial settings and then prompt you for which browsers you want the app to work in.  Any passwords saved in your browsers you select will automatically be imported into your Sticky Password database.



Clicking Continue at this point will take you to a screen that installs the required extensions into the browsers you've selected. Once done, a web page opens up and allows you to setup your name, phone number and date of birth for Autofilling web pages.



Clicking the "Let's see how it works ..." button gives you an example page to check out how Autofilling works. You can skip this page and end up here...



Now just click the Start button and you're set to go, with 30-days of free Premium Access.  


Another screen will pop up giving you the option to view a 3 minute tutorial on using Sticky Password and though I found this to be unnecessary because of how intuitive Sticky Password is to use, I encourage you to go through the tutorial as it does show some useful information.  If you want to skip it, just close the window with the X at the top right of the window. Note: If you've already purchased a license for Sticky Password, simply click "I have a License Key" to log into your account.


As I've said earlier, using sticky password is simplicity itself.  Despite that fact, for the purpose of this review, I'll go to a new website login and show you how it works.


First-time login where Sticky Password doesn't know your details...



As soon as you click Login, Sticky Password pops up the following box...



At this point, you have a few options.  You can change the Account name: to something that you prefer. You can accept the default "Web accounts" Group: to save or save to a group like "Technical Sites" or similar which you have previously created.  Or just accept the defaults and click the blue Add button to save the login information for the next time you want to log into the site.  


Note the "Ignore site" option, which is another great feature that some password managers lack. This tells Sticky Password not to prompt or bother you with saving your login information for this site in the future.  Now we've saved the login information for this site, (and logged back out) the next time you go back to the site, Sticky Passwords enters all of your required login information and you can log in with ease!


Another really useful feature of this password manager is that like my other favourite password manager (RoboForm), Sticky Passwords also creates a type of Favorites list inside where you can select and click on a website to go to and automatically log you in with a single click.  Here's how it looks...



If you have a ton of websites saved as I do, the Search function is invaluable, as is the Favorite Accounts tab.  If I wanted to log into my LinkedIn account for example, then I just click once on the LinkedIn entry and Sticky Passwords takes me to the page in my browser, logs me in and I'm set to go. It doesn't get much easier than that.


But let's take a look at some of its other great functions...  

 Identities is where you can setup AutoFill entries



Bookmarks allow you to save a particular page (or pages) that might be deeply nested in a website. Clicking on a Bookmarked link takes you directly back to the page you want with a single click, logging you into the site if necessary as well.


Clicking the "Open application" link is where you'll find most of the power and options Sticky Passwords provides.



From this console, you can do any number of nifty things.


  • Quick Access - this is where Sticky Passwords automatically adds your most visited websites. You can also manually add a website to appear in the Quick Access list. 
  • Security Dashboard - A "Security Dashboard" tool is also available to check the overall score of your password security and help you identify any unsafe accounts.  This is only available in the Windows version of Sticky Password at this time.
  • Web Accounts (as shown in the above screen grab) is a list of all of your saved logins. Here you can launch a website, edit the login information, rename it to something else and a host of other things.
  • App Accounts - A very handy tool for launching other applications you have installed that are set to require you to enter login information, such as Skype, iTunes, Microsoft Outlook and others.
  • Bookmarks allow you to organise, open, edit, remove or add bookmarks to your favourites.
  • Identities is where your AutoFill entries are kept. You can edit and create as many as you need to save filling in forms over and over again with the same information.  Credit card information can also be entered for online stores in here and auto-filled when required.
  • Secure Memos is pretty self-explanatory.  Create notes about anything you like and save them securely to keep the information within away from prying eyes.
  • 2 Factor authentication (2FA) is also available for those who want to take advantage of the additional security.  More info available here.


The Menu option at the top right is where you Lock the app manually, Import and Export login information in a variety of formats, but most importantly, open the Settings Options where you can adjust the configuration of how you want Sticky Passwords to behave.



Pretty self-explanatory providing a host of adjustments you can make so that Sticky Passwords performs exactly as you want it to, such as adjusting it to auto lock after 10 seconds, 10 hours or never - you're in total control.


Cons I found with Sticky Password


No support for the Microsoft Edge browser. Recent updates have made extensions possible, but Sticky Password's developers tell me they're actively working on making it available!   


The Import from other Password Managers does work, but I found it got a few of the more complex sites I had saved in RoboForm wrong. Importing is also only supported from RoboForm, KeePass, LastPass, Dashlane, Kaspersky and 1Password. Note that only RoboForm was tested, so I can't say how well the Import function works with the other Password Managers it supports.


My Recommendation:  This is definitely a password manager you'll want to try.  It plays well and co-exists with most other password managers that you may already be using and should you decide to subscribe to it, you'll very much enjoy the premium features. It may not be as feature packed as other Password Managers, but it's certainly up there with the best of them.  Highly recommended!


                                                      


Dashlane's Password Manager I found to be a robust tool that I've been using for several weeks now. Like the others, it has Free and Premium (Paid) versions available. I did strike a couple of 'minor' hiccups with its ability to co-exist with other installed password managers that were active, but workarounds were relatively easy to find and that point will be discussed in Part-2 of this series.


Compared to some of the others reviewed here, Dashlane is pretty featured packed.  It has the ability to;


  • Automatically save your logins to websites
  • Enable you to sort your logins into a variety of categories ways for ease of use
  • Log you into websites from its console with a single click
  • Secure Credit Card and other Payment Method storage
  • Provides Auto-Fill capabilities for online forms
  • A Password generator and changer is included
  • The ability to store password protected notes
  • Import your existing credentials from Chrome, Safari, 1Password, LastPass, RoboForm and perhaps some others via an exported CSV (comma separated) file
  • Two Factor authentication is available if desired
  • Provides a Security Alert should one of your passwords become compromised
  • Has support for all major mobile devices


Installation is simple, with a wizard-driven installer leading you through all the steps you need to complete in order to get started. Dashlane doesn't come with a fully fledged offline installer, so you'll need to be online to install it. 


Download its installation executable, run it and the installer will connect to Dashlane's servers and begin the installation process. Once done, the products configuration wizard will launch...



The first thing you'll want to do is create your free account.  Enter your Email address and Master Password and continue with the wizard. It will prompt you one more time to enter your Master Password to make sure that you didn't miss-type it the first time.


After a few screens that tell you what Dashlane can do for you, including the opportunity to import your saved login information from other password managers, you'll have the option of adding Dashlane's extensions to your default browser.  Any passwords already stored in your browser(s) will be imported automatically.


Here we strike a little setback.  If you're on Windows 10 and have Microsoft Edge set as your default browser, then you'll get a screen advising you that you need to change that default to another browser.  As with most of the other Password Managers reviewed here, Dashlane still hasn't caught up with the fact that Edge can, in fact, support extensions.



You can skip this step and do it later, but if you follow the instructions, Dashlane will add its extension to your newly selected default browser and present you with a tutorial screen you can go through to learn how to use its functions. Go through this tutorial or skip to do it at a later time.  You'll now have Dashlane's Console up in front of you that looks something like this...



Let's examine what we have available to us from here...


  • Passwords:  This is where all of your website login information is stored. You can, of course, edit each item and one of the things I like that others lack, is the ability to turn "Always log me into this website" on or off. This means that Dashlane will either automatically log you into the website if you go to it, or if you turn this option off, will just take you to the website, fill in the information for you and leave the pressing of the login button to you when you're good and ready. Highly useful if using more than one password manager.  You can also add a double protection to sensitive websites (such as your bank) by enabling a setting to "Always require Master Password" to enter that site. 
  • Security Dashboard:  Provides you with a quick overview of your entire password database security score and makes suggestions to correct accounts where it finds things lacking. There is also the ability to automatically replace passwords on individual sites identified which can be highly useful and time-saving.
  • Secure Notes:  Is where you can save Encrypted Text notes to keep the information away from prying eyes
  • Personal Info:  Here's where you add Auto-Fill information for any number of websites with different information. A great time saver for online purchase stores or sites that require you to fill in the same information over and over again.
  • Payments:  This is Dashlane's digital wallet of sorts. You can add your Bank Account, Credit Cards or PayPal Account information to auto-fill the required fields with a couple of clicks of your mouse.
  • IDs:  Securely store information about your countries ID Card, Passport, Social Security Card, Driver's License and Tax Numbers here
  • Receipts:  Keep a copy of online purchase receipts here, including the currency used, price, date of purchase and web store address.  Dashlane can also be configured to always ask for a receipt at the completion of a purchase for those online stores that support it.
  • Sharing Center:  The sharing centre allows you to encrypt and share items from your database in just a few easy steps with others.  As updates to items you've shared occur, they will synchronise automatically.
  • Emergency:  Here you can add an emergency contact who can request to view all of the passwords and notes in your Dashlane account.  You can also specify which passwords or notes you want them to have access to. Useful if you use a Master Password that you've forgotten and had someone that you can 100% trust with your information.


Dashlane's Password Generator is up there with the best of them.  Choose between 4 and 28 characters in length to generate almost impossible to guess or brute force attack passwords.



The Preferences menu (found under Tools) provides a myriad of ways you can configure and customise the way you want Dashlane to work.  Highly useful if using more than one password manager on your system.



One thing I found Dashlane particularly good at is handling logins to websites where you may have different login accounts.  


For instance, I have 4 different accounts at a particular website I often visit where I need to use different usernames and passwords to enter the area I need to work in.  In situations like that, Dashlane pops up a requestor as shown below...



I tested this function extensively and found that it worked flawlessly every time.  Clicking the appropriate login account gets Dashlane to log me into the correct area with a single click. This is a highly useful feature that is lacking (or doesn't work as well) in most of the other password managers I've used.


The Benefit of Subscribing


If you choose to purchase a Premium subscription, you have the ability to Synchronise your passwords across all of your devices, Backup your account securely on their servers, Unlimited Password Sharing, Priority VIP Support and the ability to use YubiKey (U2F) authentication.


Cons I found with Dashlane


The lack of extension support for Microsoft Edge is an obvious one.  Compared to the others, the subscription cost is a little pricey and is charged yearly. No monthly payment option is available. I also found the import process to not work so well, with quite a few of my RoboForm entries doubled up or mangled to a point where they had to be reset. Finally, not all features are available from the browser extension icon and require the opening of the console to configure many items. All in all, not such a big deal.


My Recommendation:  Dashlane is certainly amongst the top three Password Managers I've used.  Its Free features are generous and security is as good as it gets.  Give it a try.  Highly Recommended!




1Password is not as intuitive to setup and use in my opinion.  When installing it, I found myself scratching my head at times as to what was going on. Its GUI also doesn't seem to be as polished as the others I've reviewed.


Unique, But Confusing Sign up!


1Password's initial setup can be more than a little confusing.  Firstly, there's no setup program to download. Rather, you go to their website, click on "Try it FREE" which takes you to the following page...



I chose the "Just Me" option which took me to a page to enter my email address (or sign into an existing account if I had one).  Having entered my email address, I needed to wait until an email arrived with a link to follow so that I could "sign in".  The email arrived promptly so I duly clicked the link as instructed to "Verify My Account".


A new tab opened in my browser asking me for my "First Name", "Last Name", along with the opportunity to upload a picture of myself and sign up for the 1Password newsletter - both of the latter which I declined to do.  


Clicking the Continue button presented me with a page to add my Credit Card Details for a seamless trial.  I could select to be billed $3.29 AUD per month if billed annually, or $4.39 AUD a month if I wanted to select monthly billing. Fortunately, there was also a link that allowed you to skip that step so I did just that, otherwise I would have probably aborted the install.


The next page was unique and something I'd never seen before in any setup process.  A "Secret Key" was generated as shown below, in full view of anyone that may have been looking over my shoulder or able to view my computer's screen.  



Given that you're told not to write it down, I honestly can't figure the purpose or reasoning behind this step. Anyway, I clicked Continue again and was asked to create my Master Password.  



I also have a problem with doing this online, even on a secured website.  Information like this should (in my opinion) be entered offline and transferred to the server in an encrypted form. I clicked Continue again...



Intuitive? Well, kind of. Easy, I guess so, but what's with this Secret Key?  I click Sign In expecting to finally be in my account. 


But wait there's more!  


Now I finally found out what this Emergency Kit is all about...



I decide to Save the Emergency kit and as you'll see a little later, it's a good thing that I did.  


At this point, I was prompted to either 


  • Print it and keep it with my passport
  • Save it on a USB key or backup drive
  • Copy it to my personal cloud storage


None of which I thought were a good idea, but I just printed it to PDF and saved it to my USB key for the sake of the exercise.


I clicked the "Got it" button to confirm I'd complied with the options and finally found myself in my online account!



But wait, what about the browser extensions?  That's not automated like with all the other Password Managers I'd installed and used - you must go through and do that manually.



I felt like giving up on it at this point, but determined to see how well it performed in day to day use, I decided to install the 1Password app for Windows on both my Windows 10 and Windows 7 Pro machines. Clicking on the required link, I was presented with another file to download and save. With no instructions as to what to do next, I ran the file to see what would happen.


A "Ready to Install" box popped up to setup 1Password.  I clicked the Install button on the box and let it do its thing.   



At the end of "that" part of the Installation process, per the screen grab above, I still needed to enter my "Sign-in address", (I had no idea what that was at this point), my Email address, Secret Key and my Master Password.


Nowhere during the install thus far was I told about having any sort of "Sign-in address" so I started going through the online help pages to try and figure out what it could be. The help pages turned out to be of no help, so I opened the Emergency Kit PDF I'd saved to my USB stick which revealed that my "Sign-in" address was just a generic address of https://my.1password.com.  


What's so secret about that address and why it's needed to sign in to the app I've yet to figure out?! You'll note I didn't even bother to blur the address out in in the above graphic.  


Anyway, I entered the required information, clicked the Sign In button and hallelujah, I was finally logged into the app!


Before I go on with this product's review, I'd like to stress at this point that the installation and initial account creation used by 1Password (in this writers opinion) is ridiculously long-winded and unnecessary. It is overly complex for no apparent reason and I suspect has, without doubt, made some potential customers abort the installation process and move on to a competing product. I almost did that myself.


That said, 1Password is actually not a bad little password manager once you've jumped through the initial installation hoops, which is the reason it ended up making it into this Top 5 review.


1Password Console App


This is what you end up with on your computer once you've finished with the rather (for want of a better word) "unique" installation process.  Let's take a look at the various categories.


  • All items: Is as the name suggests.  You can bring up anything saved in your 1Password database by using the Search function, or by scrolling up and down
  • Favorites: A handy function which allows you to flag websites and other items that you use on a regular basis
  • Logins: Here is where all your website logins are stored.  They can be sorted by Title, Categories you've created to store them in, Date Created or Modified and Vault
  • Secure Notes: Is as the name suggests. It's the default location you can store notes in a secured encrypted form to keep their contents away from prying eyes.
  • Credit Cards: Store your Credit Card(s) information here. 1Password handles this admirably, with fields to cover just about any card in existence.
  • Identities: Here's where all of your personal information is stored and where 1Password gets its Auto-Fill information from for online forms. To cater for different website, you can create more than 1 identity to store in here
  • Passwords: I confess that I'm not entirely sure of what the purpose of this storage field is. It allows you to store certain passwords about anything. There are labels for website addresses, notes, tags and the option to never display the password in a browser. The date the password was created and modified is also recorded. My best guess is that these passwords can be copied and pasted into websites that 1Password may have difficulty in populating automatically.
  • Trash: Works in a similar way as the trashcan on your Windows installation. It gives you one last chance to not delete an item accidentally.


  • The use of 256-bit AES encryption ensures your data is about as safe as it can be.


The  +New Item menu option, as shown below, offers a handy way to get to a host of pre-prepared templates which many will undoubtedly find useful.  Once populated with the required information, they are automatically saved in the correct category on the main 1Password dashboard.



Closing the 1Password Console minimises it down to your System Tray as shown below.



1Password's performance in capturing login information and logging you into websites is quite good. In the following example, I'll log into a forum and show what you can expect.  


The first time you log into a website successfully, 1Password pops up the following window...



From here, you can select the Vault you want to save this entry to (in this above case I've selected my Personal Vault), change the name of the Login to something that means more to you than the default entry taken from the website's name, Enter a Tag and then just click Save Login.  From here on, you'll never need to enter your login information again. Just go to the login section, click on the 1Password extension icon and it will log you in automatically.


If you decide you don't want 1Password to save the Login for this particular website, simply click "Not now" and 1Password will never bother you to Autosave for this site again. A handy option for a variety of reasons, like if you're also using another password manager that you prefer logs you into this particular website.


Cons I found with 1Password


The installation process as explained at the start is a pain, as is the installation of extensions into supported browsers.  To install extensions, you need to go to their extensions website using the browser you want to enable 1Password in and click on the Install button.  I found this clumsy and long-winded. If there's a simpler way to install 1Password's browser extensions, then I still haven't found it.  Browser extension support is also only available for Google Chrome, Safari, Firefox and Opera.


I tried the Auto-Fill capabilities and they didn't work quite right. Entries ended up in the wrong fields at times and a lot of tweaking was required to get it to work right. Finding helpful information when you run into something you're not sure about on the 1Password help website is a chore which needs a major overhaul in my opinion.  


The tools lack of automation in many areas can be annoying, to say the least.  As are the hoops you must just through to approve a new device or browser.


My Recommendation: Intuitive it's not.  If you're relatively new to Password Managers I think you're going to struggle with this one and should opt for one of the other four Password Managers I've covered in this review. 


Seasoned computer users, however, should be able to find their way around without too much trouble, so it's worth giving it a try because of the number of features it provides. For me, this isn't one I'll be keeping on my system but we're all different and your mileage may differ.


Concluding Remarks


I have considerable experience with all of the Password Managers that have been included in this article. I've installed and used them all so you are strongly encouraged to leave a comment with your thoughts. 


If you agree or disagree with some of the things I've written, or conclusions that I've reached and have something constructive to say, I'd love to hear from you. All comments will be answered.


Update: Part-2 of this article is now available by clicking this link.


Until the next time...


Andrew Leniart


12
11,850 Views
Andrew LeniartIT Professional, Freelance Journalist, Certified Editor
IT Professional - Helping others to help themselves. https://andrewleniart.com & https://www.computerhelpzone.com.au/testimonial/

Comments (19)

Thomas Zucker-ScharffSenior Data Analyst
CERTIFIED EXPERT

Commented:
Andrew,

Have you read the latest information regarding password managers?  I saw something this morning on LinkedIn and did a search and found this:

https://www.komando.com/happening-now/547660/hackers-find-security-flaws-in-5-popular-password-managers-are-you-safe

It comes down to password managers exposing your passwords!!

This is extremely disconcerting as I have several hundred passwords stored in my PM.
Andrew LeniartIT Professional, Freelance Journalist, Certified Editor
Author of the Year 2019
Distinguished Expert 2020

Author

Commented:
Thank you for the heads up, Thomas. No, I hadn't read that article as yet and am as alarmed as you are about the prospect.

at least five popular password managers, including 1Password, Dashlane, KeePass and LastPass, could potentially leak unencrypted credentials and passwords while they're running in the background.

That's very disconcerting information on its own! I'm sure glad that RoboForm, Avast, and Sticky Password (the three password managers I'm currently using) didn't make that list, but two of those, 1Password and Dashlane, are in my review as recommended. :-o

Given the large number of Popups that broke through Adblock Plus when I visited your link, I think I'll quote the article here so others can read it without all of the annoying popups.

Crediting Source: Hackers find security flaws in 5 popular password managers. Are you safe? - By "The King Komando Show"

Hackers find security flaws in 5 popular password managers. Are you safe?

Password managers are great tools for hardening your online security and, trust me, they can definitely make your life easier. But as always, like anything that's powered by software, password managers are not perfect and they're not impervious to hacks and malware.

This new research proves just that. According to new information published by Independent Security Evaluators (ISE), at least five popular password managers, including 1Password, Dashlane, KeePass and LastPass, could potentially leak unencrypted credentials and passwords while they're running in the background.

How severe are these issues? Or are they nothing to worry about? Let's break them down.

It's like leaving your keys under your PC's doormat

The researchers from ISE (read: white hats aka the good hackers) said that the password managers they examined don't always encrypt and clear the password from a computer's memory while transitioning from an unlocked (password manager is running) to a locked (user is logged out) state.

1Password, in particular, keeps the master password in memory while unlocked and fails to clear it out when it goes back to its locked state. In some cases, the master password can even be viewed in clear text while the software is locked. Yep, in a way, it's like leaving your keys under your doormat.

Surprisingly, 1Password's newer version, 1Password7, is even worse since it decrypted all individual passwords in ISEs test, cached them all in the computer's memory and failed to clear them out while transitioning from its unlocked state.

In Dashlane's case, only the last active password is exposed in memory while it's running, but once a user updates any information on an entry, it exposes its entire database in plaintext in a computer's memory. Worse, this information then remains there even after a user logs out of Dashlane.

Similarly, KeePass and LastPass also showed vulnerabilities by keeping some of their unencrypted entries in a computer's memory even after they return to their locked states.

In most cases, closing out of a password manager completely (not just logging out of it) is the only way to clear the cached passwords from your computer's memory.

They're only as strong as your computer's defenses

Is it time to panic? Not exactly. Here's an important thing to keep in mind regarding these flaws -- these are only exploitable if a hacker has already managed to install malware on your computer. Your computer's operating system has built-in defenses against these type of memory access attacks, anyway.

If someone can already peer into your password manager's cached data, then your entire system is already compromised and your computer has bigger problems than that. Spoiler alert: Keyloggers, spyware, remote access software and ransomware can do much worse damage, and your password for CuteShoes.com may just be the icing on the cake.

In fact, these security issues on password managers are nothing new and they're all inherent to how they work within, say, an operating system like Windows 10. Thankfully, developers are still coming up with new mechanisms to protect password managers against cleartext password exposures in memory and malware attacks in general.

The bottom line is this - if you are not employing good security measures on your computer, then nothing, not even your password manager, can keep you safe.

Keeping your software updated by patching regularly, using reliable security software, strong passwords and enabling two-factor authentication are just some of the best practices you can do to keep your gadgets safe. Click here for more.  Oh, and before I forget, using a password manager is still highly recommended. Please -- don't stop using yours.

Bonus: Our sponsor F-Secure TOTAL is a complete cybersecurity package that includes password protection. Store all your important credentials in one secure password manager and use them faster and easier to log into your favorite services or pay securely online. Just visit F-Secure.com/Kim.

Will be very interesting to follow this and see how it pans out.

Regards, Andrew
Thank you for sharing this information. I'm currently using 1Password and might look for a more secure way to safe my passwords.
I tested most of the products from your list and I really can't help but I might go with a Solution that's only mentioned in your Intro: Keepass

Reasons for this, if you take security very serious:  I don't trust the cloud
The coud is convenient, but security and convenience are not compatible ;-)

A very suspect example is Sticky Password, where after the Installation on your Device, you get the Message, that your Masterpassword is only known to me and isn't saved anywhere.
In the following Step I have to login to ther Website with my Username and TADA, my Masterpassword :-)
A Website that even doesn't provide 2FA, please correct me, but am I missing a thing in case of Security here?
And how do you login to a website that doesn't know the Users Password???
- Bernhard
Andrew LeniartIT Professional, Freelance Journalist, Certified Editor
Author of the Year 2019
Distinguished Expert 2020

Author

Commented:
Hi Bernhard,

Thanks for your comments. 2FA is an important consideration for many, an unnecessary nuisance for others, and then you have the camp that believes it should be forced (or at least made as an available option) everywhere as standard practice :)

For my own part, if 2FA is an option, I'll always enable and use it, but that's not always so. My bank as an example doesn't have the option available to me to just log into my account - opting instead to only force 2FA on money transfers to accounts that have not been transferred to before. I could give dozens of other examples that don't make much sense to "me" personally.

At the end of the day, everyone must reach their own conclusions and decide on what's best for them.

Regards, Andrew
Thomas Zucker-ScharffSenior Data Analyst
CERTIFIED EXPERT

Commented:
Bernhard has an excellent point.  I love Sticky Password, but how does it know it is you if it doesn't store the credential you are logging in with?  I am actually in the midst of a tech support triage with SP and intend to ask the very question.

And by the way SP does have 2FA.

View More

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.