<

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

Password Managers - (Part 2) - Final Conclusions

Published on
3,822 Points
622 Views
2 Endorsements
Last Modified:
Andrew Leniart
Helping others, to help themselves...
This is the conclusion of the review and tests for using two or more Password Managers so you don't need to rely on just one. This article describes the results of a lot of testing in different scenario's to reveal which ones best co-exist together. Enjoy...

In my previous article "Password Managers - 5 of the best reviewed!  (Part 1)", I reviewed 5 of what I considered to be the best password managers available at the time of writing - both free and paid versions. As promised, this article provides (my) conclusions and recommendations as to which ones can co-exist together, and why it can be beneficial to not just rely on one solution.


My motivation to write this 2 part article was to find out which of the password managers I reviewed could co-exist together, with as few annoying pop-up interferences as possible. 


The following five password managers were tried in a variety of combinations, in both Windows 7 Professional, and Windows 10 Professional installations using Virtual Machines that I set up and used for the express purpose of performing my tests.


  1. RoboForm
  2. Avast Password Manager
  3. Sticky Password
  4. Dashlane
  5. 1Password


Note that to get a list of features provided by each of the password managers listed above, please refer to my first article.


Benefits of using more than one Password Manager


I've been using dual password managers for a long time now, and for what I believe are solid reasons. Here's a couple of the most beneficial reasons:


  • If one password management site is temporarily down for some reason, you can always use the other
  • Website login procedures frequently change - Banks and Financial institutions in particular. 
  • When login screens change, your preferred password manager may not handle the change very well, but your backup one may do and will get you into your site without having to go to too much trouble until you can adjust your favorite.
  • Finally, what if your password managing site suddenly decides they no longer want to play? This can happen more often than you may think. Recently, My favorite BookMarks solution "Xmarks" have decided that as of the 1st of May 2018, they will be dropping support for Xmarks completely and that users will no longer be able to use Xmarks. (See screenshot below)



Who's to say (or can guarantee) that the same can't or won't happen with Password Managing sites? There are other reasons I like to use more than one Password Manager, but the reasons I've listed above are my main ones.


Running them together


For the sake of brevity, let me first explain which ones I tried that did work together, but in a way that I considered unacceptable because of the number of popups that I constantly got when I tried running two of any of the following turned on at the same time.


                

              Avast                                              Dashlane                                 StickyPassword                 1Password


Firstly, let me state that as per my Password Managers review, all of the above managers are excellent solutions when used on their own. They do their job exceptionally well once setup correctly and all have some excellent features, for both free and paid versions. With that said and made clear though, I couldn't configure any combination of the above to work together without getting a myriad of conflicting popups offering to save login passwords for me.


They also clashed when going to a site that had been saved in both and in some cases, (although rare) also caused a browser freeze that could only be resolved by using Task Manager to end task on one or both of them. The one exception was Avast's Password Managing solution. It was the least annoying popup wise, and I only had to deal with the occasional popup when combined with any of the other three.


I also tried using each of the four of them with my favorite password manager, RoboForm. Though not as many problems, the only way I could prevent multiple frustrating popups was to have either RoboForm or one of the above three turned off, (the exception here again was Avast) but even then, I still got unwanted popups because Dashlane, StickyPassword or 1Password would popup asking for the Master Password to be entered so they could log me into the site I was visiting. 


So in essence, they all worked, but not to my satisfaction because I found the number of popups I had to deal with to be annoying and too distracting. 


                So which two work best together?


                                            

                         RoboForm                             and                                      Avast


                               This is the combination that gets my tick of approval and what I'm continuing to use right now!


Both RoboForm and Avast Password Manager, the latter available for free with any version of Avast (even the Free one) I found to co-exist the best. I keep them on at all times and the popup problem is minimal to non-existent for the most part. I was pleased with the combination before I wrote the first review and continue to be pleased with it now after trying three others.


When logging into a new website for the first time, both will offer to save your login information for you, and all it takes is one click on both of their Save buttons and you're done. To illustrate what I mean, I deleted the saved login information for my LinkedIn account on both RoboForm and Avast Password Managers and then took screenshots of the entire process of saving my login information in both managers below.


1.    First I went back to to the LinkedIn site, put in my details and clicked the Sign in button:



2.    The first prompt I got was from Avast:



3.    Having clicked SAVE on the Avast Prompt, RoboForm presented me with its offer to also save:



4.    And that's it, I was done!  Logging back out of LinkedIn and then going back to the LinkedIn home page, Avast was the first to respond and just automatically entered my login details for me. All I needed to do was click the "Sign in" button and I was logged back in. 



No annoying popups or prompts from Roboform at all.  The same was true for every other website that I tried. If I decided to use RoboForms "Logins Menu" to browse the site and have it automatically log me in, Avast never bothers me with any annoying popups at all. It just accepts that RoboForm had already logged me in and stays quiet in the background, realizing there is nothing it needs to do.


For me, the beauty of this system for me is that sometimes when a website changes its login process (as mentioned happens occasionally earlier), Avast will almost always still pick up the Log In fields in the changed page and automatically fill in my saved login details. As soon as I'm logged in, RoboForm then pops up and offers to update the login saved to that website, to which I click yes, so the next time, it works fine with Roboform as well.


These two excellent Password Managers are a perfect combination and I recommend using the both of them, turned on all the time, without any reservations whatsoever. 


Both will allow synchronizing your passwords across different devices and I even trust Avast with my Credit Card details, so that when I want to make an online purchase the I want to pay by credit card, I simply select the saved card in Avast I want to use, and it fills in all the correct details for me. A brilliant time-saving feature and totally secure!


Conclusion


In truth, I actually thought I could achieve similar results that RoboForm and Avast Password Managers give me with the other three reviewed as well, but many hours of testing proved that though it's possible to use two of the others simultaneously, they're simply not as convenient and work as well together as RoboForm and Avast.


Till the next time....


Andrew Leniart


2
Comment
2 Comments

Expert Comment

by:Otto Didact
Thank you, Andrew Leniart;

Parts 1 & 2 of both of these articles were excellent.  

I actually like the idea of being able to carry around or safely stash a flashdrive as a alternate vault for passwords.  Being able to plug a USB stick into Laptop`s USB port & gain access through whatever gateways, even without WiFi, Bluetooth, Ethernet cables, &/or cell service & unlimited data minutes for an Internet connection seems like a beneficial advantage to me.  I as yet have never used a password manager, though have been following reviews their use for several years now, but then have usually felt they fell short of being applicable to how I & my wife would use them.  I especially like your innovation in deciding to redundantly use two password managers together.  

I think your article was the first time that any reviewer mentioned being able to print or save all of one`s passwords as a PDF, though for the purpose of keeping it with my passport doesn`t seem like a good idea, but in a safe deposit box, or in an other such safe place does.  And so does saving it to a USB thumbdrive, to then be placed in a safe place or carried on one`s person as necessary.  Saving a copy to the cloud, where an operational version of one`s password manager exists at one`s beck & call, & for syncing different devices & browsers, seems unnecessary.  

I am still a bit consternated by them not working with Microsoft Edge (is this the fault of the password manager industry or that of Microsoft), & with them not being able to figure out how to autofill or sign in on some login situations.  The latter especially sounds like someone needs to assign some set of universal criteria for login methodology, for both the password managers & the password  requiring gateways to adhere to in order to operate efficiently together, for the sake & necessity of the users of password managers, & of the sites & applications that rightly require security precautions.
1
LVL 23

Author Comment

by:Andrew Leniart
Hi Otto,

Parts 1 & 2 of both of these articles were excellent.

Firstly, welcome to Experts Exchange and thank you for reading my articles and especially for your kind comment! I'd be grateful if you could take a moment to endorse the articles by clicking the thumbs-up icon right underneath the end of them :)

I actually like the idea of being able to carry around or safely stash a flashdrive as a alternate vault for passwords.  Being able to plug a USB stick into Laptop`s USB port & gain access through whatever gateways, even without WiFi, Bluetooth, Ethernet cables, &/or cell service & unlimited data minutes for an Internet connection seems like a beneficial advantage to me.

You're not the only one. Others have expressed the same desire, yet the password developers seem to continue heading in the direction of making your vault fully available to you in a browser on their website instead. RoboForm is a typical example that moved away and dropped support for exactly what you prefer doing. I see that as a huge responsibility on the developers part, so it's important to consider who you are going to trust with the storage of such sensitive information.

That said, the only way I can see of influencing password manager developers is to continue showing them there is still a need for this type of technology and function. Keep giving them feedback - if they get enough of it, they may just start to listen.

I as yet have never used a password manager, though have been following reviews their use for several years now, but then have usually felt they fell short of being applicable to how I & my wife would use them.

You make an interesting comment. Obviously, I'm one of those that always recommends the use of Password managers. In my field of work, far too often I see people using the same password on multiple websites (and confess I've been guilty of that myself at times) and still frequently see real-life examples of sensitive password information being stuck to monitors via sticky notes, in totally unsecured spreadsheets or on a piece of paper laying on a desk or in a drawer. I'm not just talking about your average home user here either. I support many Accounting and Legal Firms who I've still noticed doing things like that. Basic human nature tendencies kick in, regardless of educational and professional achievement levels.

Everyone has unique requirements, so I'd be genuinely interested to hear "how" the variety of password managers fell short for your particular circumstances?

I especially like your innovation in deciding to redundantly use two password managers together.

Thank you so much. I've actually been doing that for years because I could never find a single solution that wouldn't break for me under one circumstance or another when a website changed its login steps. The use of two solved that, but the trick was finding two that could work together in harmony and not constantly fight one another for control of logging me into the websites I was visiting, or password protected applications on my computer. Currently, Roboform and Avast play very well together, but if I had to make a choice between the two, then I would probably keep the Avast solution. Despite the lack of features that Roboform offers, it seems to handle changed login pages far more effortlessly.

I think your article was the first time that any reviewer mentioned being able to print or save all of one`s passwords as a PDF, though for the purpose of keeping it with my passport doesn`t seem like a good idea, but in a safe deposit box, or in an other such safe place does.

Indeed, and you make an excellent observation that I perhaps should have clarified on a bit more. I would certainly never encourage people to save to PDF or even print out their passwords, but there have been times when that's helped folks out of a  jam. The capability is actually there in just about every password application I've tried, but I don't tend to encourage its use except under specific scenarios that a client may explain to me that they have.

And so does saving it to a USB thumbdrive, to then be placed in a safe place or carried on one`s person as necessary.

I do hope you have that USB thumb drive encrypted with a nice strong password in the event you ever lost it though? :)

Saving a copy to the cloud, where an operational version of one`s password manager exists at one`s beck & call, & for syncing different devices & browsers, seems unnecessary.

This again falls back to personal requirements and circumstances I think. For me, the option is invaluable, because I have a couple of laptops that I use when I travel, sometimes need to access my bank using my phone, or a website on an Ipad when showing a demo of a proposed solution to a client. Everything is available to me, all the time. But in order to have that luxury, I must trust that both Roboform and Avast will keep all my information secure - per my earlier statement.

In circumstances where such functionality isn't needed, such as perhaps yours, there is no need to use it just because it's available. There are functions in my Password managers that I simply ignore because I have no use for them. In fact, if "you" don't need cloud access to synchronize different devices and browsers, then you are in a somewhat enviable position of taking advantage of the freely available versions of those tools, where Cloud Synchronization is often offered as a "paid" feature.

I am still a bit consternated by them not working with Microsoft Edge (is this the fault of the password manager industry or that of Microsoft), & with them not being able to figure out how to autofill or sign in on some login situations.

A combination of both is my understanding. To have an application available as a plug into Microsoft Edge, it has to be vetted and approved by Microsoft first. How much work and/or expense this involves on the part of the developers I couldn't guess. But I am confident in one thing - from the feedback I received from all the password manager developers that were included in this review, all will at some point be updated to support Microsoft Edge. They will be forced to as the popularity of Microsoft's latest browser grows, if they want to retain their current userbase, subscribers and gain new ones over other competitive offerings.

The latter especially sounds like someone needs to assign some set of universal criteria for login methodology, for both the password managers & the password  requiring gateways to adhere to in order to operate efficiently together, for the sake & necessity of the users of password managers, & of the sites & applications that rightly require security precautions.

I don't believe it's so much as how to fill in the required information or security precautions, which would be a given. It's more about getting their application approved as a plug-in for Microsoft Edge, and subsequently even approved to be available on the Microsoft Store, strongly promoted in Windows 10. Again, this falls into how much effort is required to get past that vetting process. As I'm not a developer, that's something I'm not very familiar with.

My thanks for all of your feedback and comments Otto!

Regards, Andrew
0

Featured Post

Challenges in Government Cyber Security

Has cyber security been a challenge in your government organization? Are you looking to improve your government's network security? Learn more about how to improve your government organization's security by viewing our on-demand webinar!

Join & Write a Comment

If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month