Best Password Manager Review and Comparison
By: Ofir Beigel | Last updated: 5/4/20
Nothing gets you more educated about security than losing money. I’ve learned that the hard way. In today’s post, I’m going to show you why your passwords are weak, what it could cost you and also review some of the best password managers around (including a 100% free option).
Best Password Manager Summary
Most human made passwords are inherently unsafe. In order to create a robust unique password for each site you use, it’s best to use a program known as a password manager.
These programs usually use one “Master Password” that grants access to the various passwords they store. Most password managers are paid services but there are some free open source versions.
Here are the best password managers around
That’s password managers in a nutshell. If you want a more detailed review of how to select a good password in general and of the best password managers in particular, keep on reading. Here’s what I’ll cover:
- The Weak Password that Cost Me $1500
- How to Test Your Password’s Strength
- Roboform Password Manager
- LastPass Password Manager
- Dashlane Password Manager
- TREZOR Password Manager
- Keepass Password Manager (free)
- Conclusion – How to Stay 100% Safe
Somewhere around 2010, I was running all sorts of marketing campaigns on Google Ads, Yahoo! and Bing. I had my credit card on file with each of these accounts, and not being too concerned with security I used the same password on all of my accounts (sounds familiar?).
At the time I thought my password was secure, it was “x9Jevslt” – seems pretty hard to guess right?
However, one day I received an email saying that my account was reloaded with funds. Since I didn’t have any active campaigns running at the time I decided to check what was this email all about.
When I logged into my account I found out that $1500 were spent from my credit card on Google Ads in order to promote some scam website that claims to sell computers.
At the same time, my Paypal account (that of course had the same password) was drained completely as well.
Ever since I’ve been taking password management pretty seriously by employing the following methods:
- I use a different password for every site
- I use lengthy passwords with symbols and non standard characters
- I change my most important passwords once every few months
Even though it may sound hard to “live such a lifestyle”, today’s password managers can easily take care of all 3 tactics for you. But before getting into that, let’s see just how easy it is to crack your password.
Many people out there think that their password is super strong (I was one of them). Here’s a very simple tool that will show you just how strong (or weak) your password really is.
If you try entering my old password (x9Jevslt) you can see that it will take a computer about 2 hours to crack it. Put any password with less characters (mine had 8) and it will take a computer around 7 minutes to crack it.
So does this mean your password is going to get cracked? Not necessarily…
There’s an old joke about two men who were walking through the woods when a large bear walked out into the clearing no more than 50 feet in front of them.
The first man dropped his backpack and dug out a pair of running shoes, then began to furiously attempt to lace them up as the bear slowly approached them.
The second man looked at the first, confused, and said, “What are you doing? Running shoes aren’t going to help, you can’t outrun that bear.” “I don’t need to,” said the first man, “I just need to outrun you.”
I know, the joke sucks…but it makes a good point. When dealing with password security most of the time you don’t need to have THE most secure password, you just need to be more secure than the guy next to you.
Using a password manager will make sure you don’t have any repeating passwords, so even if one gets hacked all of the others are safe. It will also allow you to generate much more complex passwords than the ones you currently have.
Moreover, password managers have an “auto fill” feature so that you can log into most websites with just a mouse click. This prevents any malicious keyloggers that spy on your keystrokes to know your password.
Now that I’ve hopefully convinced you of the advantages of a password manager, let me introduce you to some of the more recommended ones around.
I decided to start out with reviewing Roboform since it was my personal password manager for a very long time (I’ve recently switched to Dashlane). As most password managers, it allows you to generate different passwords to every website you sign up to, store these passwords in its databases and autofill forms online.
Every time I want to log into a website, I can use the Roboform chrome extension to auto-populate the username/password settings and quickly log me in.
Roboform is a cloud based solution so you can easily access your passwords from multiple devices.
The way your passwords are kept secure on Roboform is through the use of one “master password”. The master password shouldn’t be written down anywhere and should be memorized by heart.
This is somewhat of a standard practice with all password managers as you’ll soon see, and it’s also their major disadvantage. Since if someone hacks your master password all of your passwords are basically exposed.
Public opinion about Roboform is pretty solid with a score of “Great” on TrustPilot.
All in all, I’ve used Roboform for 6 years and was very satisfied. I finally moved to Dashlane due to compatibility issue with my Mac and the fact that Dashlane supports automatic password changes.
LastPass is probably the most popular password manager out there. It has a very robust free version that will allow you to save all of your passwords, autofill forms and also sync password across devices of the same type (i.e. desktop, tablets, etc).
LastPass has some extremely useful features such as password sharing, among others.
This means that if you want someone to log into an account you own you can just send them an email that will allow them to log in but not view your actual password for that account. I think this can come handy if you’re working a lot with freelancers who need access to your servers.
LastPass also gives you the protection of 2FA to your account using Google Authenticator, so even if your master password is compromised, the hacker will still not be able to access your account.
You can also install a 2FA application to any flash drive and enable authentication only when the flash drive is connected to the computer (similar to how a TREZOR wallet works).
At $3/month, LastPass is one of the more expensive password managers you can find. Additionally, public opinion doesn’t seem to be very favorable with LastPass as it receives a “poor” rating on TrustPilot.
Even though it’s not as popular as LastPass (yet), Dashlane seems to be gaining traction fast. Here are some of the more interesting features Dashlane offers:
Dashlane can act as a digital wallet that saves all of your different payment methods. You can then pay with one click.
Dashlane has a password changer feature which is HUGE in my opinion. I tend to change my most important passwords every month or so manually.
Tech experts at Dashlane have analyzed hundreds of popular sites in order to devise scripts that automate the password change process. That lets Dashlane perform a hands-off password update for any supported site.
Dashlane also has an “emergency contact” feature. So if something unfortunate happens to you, you are able to define who will get access to what passwords.
All of the other features I’ve mentioned in other password managers are also included here, and there’s also a free version that’s pretty robust. Public opinion seems to be very favorable of Dashlane with a TrustPilot score of ”Great” from over 1800 reviewers.
Price: $99 (one time payment for the TREZOR wallet)
SatoshiLabs, creators of the Bitcoin Hardware wallet TREZOR, released their own Password Manager, a lightweight application designed to store and manage passwords. The Chrome extension is available for public beta testing for all TREZOR hardware wallet owners.
TREZOR Password Manager aims to bring advanced cryptography into the hands of computer users, regardless of their skill level.
With one click, the user encrypts each password entry with his personal TREZOR device. The Password Manager then automatically uploads the encrypted data to the user’s private cloud storage, making them always available when needed.
The most refreshing thing about using TREZOR’s password manager is that it eliminates the use of a master password that can be hacked.
Similar to the use LastPass does with a flash drive, the TREZOR device itself can serve as a physical 2FA (two factor Authentication), unlocking your passwords only when your device is physically connected to your computer.
Here’s a short video about how the device works:
Your passwords are saved on your Dropbox or Google Drive account and encrypted with a unique encryption key derived from TREZOR. So even if someone hacks your Dropbox account, it would be impossible to read the stored password.
At the moment TREZOR’s password manager is probably the most secure password manager around, but also the most inconvenient for everyday use since it requires you to physically connect your TREZOR and approve certain actions on it.
TREZOR’s password manager also lacks some key features like password sharing, auto changing passwords and more. On the upside, aside from the one time payment to buy the device, the password manager application is free of charge.
As always, there is the free open-source solution.
Keepass is a pretty popular solution that allows you to store your passwords on an encrypted file on your computer. It has all basic password manager features that include autofill and password generation. Keeping the file on your cloud storage will enable you to access your passwords from anywhere you are.
The main downside to Keepass is that it’s pretty unintuitive, but if you’re willing to go the extra mile in order to save a few bucks that’s totally fine. As with other open source products, KeePass is frequently updated and maintained by its vibrant community.
Here’s a video preview of the product (with some annoying music so turn off the speakers):
I am not a security expert. I’m just a guy who has a lot of sensitive information stored online that’s trying to secure it as much as possible. Nothing will ever be 100% secure and if someone is deliberately targeting your passwords, they’ll probably find a way to get them.
To illustrate my point you can read the story of Shapeshift’s hack, which is one of the most interesting articles I’ve ever read about a theft from a digital currency exchange. In this case, someone was deliberately targeting a specific site and person.
However, in most cases, no one is targeting you directly. Hackers are just trying to catch the “low hanging fruit”, the passwords that are easiest to obtain. So making it that much harder for them by using a password manager and two factor authentication where possible will probably be worth the investment.
If you are using any password manager I’d love to hear your own experience with them in the comment section below. Stay safe!