Managing multiple passwords
We wrote a piece earlier this year about the importance of security and especially passwords and referenced an article from Wired magazine about a sophisticated hacker attack.
As a follow-up we have been reviewing a number of Password tools to help create, manage and administer strong passwords.
These days, it’s hard for me to imagine life without password-management software. Good “password hygiene” is essential to protect my online data from prying eyes, and it would simply be impossible to handle the dozens of passwords I use every day in a safe way if all I relied on was my poor, overtaxed brain. We all know that using the same password for multiple logins is bad, but many people do it as it’s the easy option. The risk is that if you get hacked once you could open the door to total wipe-out. We you are managing your data that bad, but when you are managing others people’s data that is just not acceptable.
Alas, many users are still on the fences when it comes to a password manager; scared away by high prices and overwhelming features, they end up relying on unsafe practices that could cost them dearly if their information falls in the wrong hands.
Luckily, there are plenty of choices in this market: In this article we review three:
LastPass, 1Password and Intuitive Password. They all claim multi browser support and cross-platform support with iPad editions. How do they stack up?
Protection for all
1Password is a three-part solution. First you install the application on your PC or Mac and then configure your browsers to work with 1Password. There is the main application which is the central depository for your passwords. There’s also a mini version of the menu bar. The last part of the triad is going to be the one you most interact with, the browser extension. The extension is available for Safari, Chrome, Firefox, and new for IP4, Opera as well. With either a right-click to the contextual menu, or the cmd- \ keyboard command, you have most options of the full 1Password software when it comes to adding and storing passwords.
The interface of the main application is easy to use and very familiar if you’ve ever used a 3-pane mail or RSS app. It’s been overhauled since 1Password 3 for a little more colour to match Mavericks. It’s also got some new features, like designating favourites for immediate access. You have your main menu on the far left. This gives you your items and categories. The next pane over is the list of items. You’ll have all your logins here. This is generally also the largest pane. To make things easy, there’s a search above the second pane on the toolbar. The interface is clean, but not customizable. It makes it really easy. It really doesn’t have to be though, it does what it needs to. Almost everything can be done from the graphical interface that includes accessing a built-in audit for your passwords.
Pricing and Availability
In the world of the App Stores, software has been really devalued in most cases. AgileBits chose not to go this route and for that reason, you’re probably going to balk a bit with what I’m about to tell you. For a new user, or someone coming over from an older non-Mac App Store version, 1Password costs $49.99 in the MAS. If you need the Windows version, that is $49.99 as well. You can buy both for $69.99 and save some money The iOS version is $17.99 and the Android reader app is free. No, that’s not $1.99. Yes, they have to pay their bills and their employees. If you got 1Password 3 from the Mac App Store, you’re probably not reading this because it’s a free update.
1Password makes it easy to save your own bacon. No, it’s not cheap, but then again it’s neat. You can save everything you need to keep safe and easily access it across multiple platforms. Just pay the $50 already and get to it.
LastPass:Unlike many other password managers that store your data in a file and use third-party cloud providers like DropBox to synchronize it among different devices, LastPass is entirely Web-based. Your information is saved directly to the company’s servers, from where it is readily available any time you need it.
This arrangement comes with a couple of key advantages; for one thing, file-based synchronization is sometimes hard to set up, especially for those who are less experienced; in addition, saving everything on the Web means that your passwords are at your fingertips even if your computer isn’t—at least as long as you have access to a browser and are connected to the Internet.
Naturally, entrusting your passwords to LastPass’s cloud-based system raises some questions of privacy and trust. The company accounts for this by ensuring that all the data you pass to its service is encrypted using your master password before it actually leaves your computer. That way, LastPass has no way of snooping on your secrets, and, even if the company’s servers were hacked, the criminals would have a very hard time getting their hands on it.
Extending the Web
LastPass is entirely web-based, but the service can also be accessed through browser extensions, which are available for most popular browsers.
Since there is no “client” app, most of the interaction between LastPass and its users happens inside the browser. In addition to plain-old Web access, the company helpfully makes a number of extensions available for popular browsers, including Safari, Chrome, Firefox, and Internet Explorer.
Upon registration, the app allows you to set up a personal profile that contains pretty much every single piece of information about you that can ever be useful in filling out a Web-based form, like your name, address, date of birth, credit cards, and so forth. You can set up an arbitrary number of “profiles” this way, and later use the information you store in them to save keystrokes when, say, registering on a website, or purchasing from an online store.
Naturally, LastPass’s primary function is that of helping you remember passwords, which it does pretty well, even offering a convenient feature that helps you generate secure passwords that can then be saved directly into your profile, thus making creating a completely separate—and completely random—set of credentials for each site. Upon returning to the site, even from another computer, the app remembers all your details and can log you in automatically.
Playing nice with your data
LastPass makes exporting all your information a breeze; upon request, the data is saved in a plain-text comma-separate file that can be used to import all your passwords into another software product like 1Password. This ensures that, should the company go out of business, your data won’t sink alongside the ship and become unusable.
Interestingly, LastPass also features the ability to import data from a remarkable list of third-party password managers, ensuring that the migration from another system will be just as smooth and worry free. In my tests, the app was able to load up a test 1Password file with hundreds of passwords in a matter of seconds, preserving all the essential data stored in it.
Finally, the complete deletion of your account can be accomplished in a matter of seconds, and without any human interaction or any hassle. The LastPass website has a dedicated page that asks you a couple of questions and, upon confirmation (which the page asks for twice as a matter of safety), instantly wipes everything clean and even sends you an email with helpful instructions on uninstalling your browser extensions.
Take the challenge
Despite its unbeatable price point, LastPass offers many different features, such as the ability to generate (and store) secure passwords of arbitrary length and complexity.
LastPass covers all the basics you’d expect from a password manager quite well, but it also offers a couple of features that are fairly unique.
For example, the app features something called the Security Challenge, which analyzes your stored data and flags potential areas of concerns, such as weak passwords or credentials that are reused across multiple accounts. At the end of the process, the system assigns you a score between zero and one hundred, and compares it with the scores of other users of the site.
I must confess that I originally discounted the challenge as little more than a gimmick, but it occurs to me that it is a brilliant way to help ease users into proper security practices in a simple and non-threatening way. In fact, even if you’re well-acquainted with good password maintenance, this feature can help you make sure that you’ve covered all your bases well.
The only significant tradeoff that the app makes is in its lack of a true OS X look and feel. The Safari and Chrome extensions that I tested work fine, but they don’t feel as though they were built with Mac users in mind; obviously, this is a consequence of the fact that LastPass calls the Web its home and that it was designed with cross-platform access in mind. On the flip side, if you happen to own both a PC and a Mac, the ability to share your credentials between them might well be worth this small inconvenience.
LastPass is a pretty good product, particularly if you consider that all the functionality I have listed so far is available free of charge. Unfortunately for us Apple users, native iOS support is only available to premium subscribers; luckily, this can be had for a mere $12 per year—much less than many other solutions—and comes with some neat additional features, like the ability to store your passwords on a USB key for offline use and even sharing your logins on a one-off basis with friends and coworkers without having to reveal your credentials.
Considering its ease of use and wide range of features, LastPass is a great password management solution for beginners and experienced operators alike; hopefully, the attractive pricing will be enough to convince even the most hesistant user to give this great way of managing your online persona a go.
Pricing and Availability
LastPass is a pretty good product, particularly if you consider that all the functionality I have listed so far is available free of charge. Premium subscribers get mobile access for only $12 per year—much less than many other solutions—and comes with some neat additional features, like the ability to store your passwords on a USB key for offline use and even sharing your logins on a one-off basis with friends and coworkers without having to reveal your credentials.
At a Glance
LastPass is a great browser-based password management solution for beginners and experienced operators alike.
This looked at first glance a neat and powerful solution with an intriguing website and a slick interface. But dig a little deeper and you find that it is very much work in progress. We will return when the product offers a real solution on par with 1Password or Last Pass.
Here are the details:
Getting started with Intuitive Password is just a matter of signing up for a free account. As always, you’ll need to create one strong yet memorable password to protect all your other password. You’ll also write your own security question and answer—this is important, as you’ll need to supply the answer each time you log on from a new location. Make sure the answer isn’t something anybody could find out about you; choose a question that only you will know how to answer.
Your free account lets you store 100 passwords, associate three tags with each password, share the account among three users, and append notes up to 255 characters long. The company plans five premium tiers of service with prices ranging from AUD $2 to AUD $50 per month (roughly $1.80 to $44.95), but these aren’t in place yet. The Enterprise tier, the AUD $50 one, would get you 20,000 passwords with 200 tags each, 2,000 shared users, and notes up to 8,000 characters.
For additional security, the company plans SMS-based two-factor authentication. However, since it costs them money to send each verification text, this feature will be limited to the paid editions.
Intuitive Password is among the minority, the password managers that don’t offer automation. This feature is on the horizon, according to my contact at the company. “We don’t want to just repeat a similar functionality that already exists in the market,” he said. “Instead we are doing some technical research on how to capture passwords from a browser without any plugin or extension.” That sounds amazing, but also a bit alarming. So, one tab in my browser can capture passwords from another tab, or another browser window? I hope they promise to only use their powers for good.
1Password from Agile Bits: https://agilebits.com/onepassword
Last Pass https://lastpass.com/
Intuitive Password: https://www.intuitivepassword.com/
LastPass ***** The best solution and the best price.
1Password *** Powerful and easy to use with a neat graphical interface. Expensive.
Intuitive Password * Work in progress