Password managers are a must in today’s internet. Here I look at the top ones and evaluate them on security, ease of use, and cost.
In summary, a password manager stores your encrypted passwords in a vault that is only accessible by using a master password.
The ones we’re going to look at are (in no special order):
- Dashlane
- Keeper
- 1Password
- KeePass
- LastPass
Now all of these password managers offer support for all major operating systems and browsers. They have the ability to create random passwords, autofill passwords, and sync among devices. None of them store your master password on their server.
Dashlane
Dashlane has been around since 2012, making them the youngest of the 5. On the front page of their website, Dashlane touts “Patented, zero-knowledge security architecture”, “Smart Spaces that keep work & personal data separate”, and “The easiest and safest way to share business passwords.
Pricing
Now let’s look at pricing. For the purpose of this article, I’m only looking at personal plans.
Dashlane has 4 tiers: Free, Advanced ($33.00), Premium ($59.88), and Friends & Family ($89.88). Those, and all of the prices I will give here are yearly prices which they say is a $20% discount from monthly.
Free gets support for 1 device, Advanced adds Unlimited devices plus “dark web monitoring”. Premium adds a VPN, and Friends & Family includes everything in premium, but for up to 10 accounts.
Ease Of Use
I didn’t install any of these myself, so I relied on some YouTube videos to walk me through the process of installing and using the service.
Dashlane appears to be very user friendly, their interface it clear as to what each function does. Setup seems simple, and the service walks you through each step.
Security
On their website, they say that they’ve “never been breached”, and from what I can gather, that is true. They, like all the others here say that they don’t store your master password on their servers, and your data is encrypted using AES 256-bit encryption with a 32-byte salt. That is industry standard for encryption. They and the others offer 2FA as well
They do, however store your data on a third-party server (AWS), so their security is only as good as Amazon’s.
overall impression
Dashlane seems to be a good option for a password manager, and the price is pretty much in line with others.
Keeper
Keeper has been around since 2011, with the password manager app being created in 2009. Their front page appears to be mostly geared toward enterprise users.
Pricing
Keeper has only two individual plans: Personal ($35) and Family ($75)
Personal has unlimited passwords and devices, and unlimited sharing. Family adds 5 private vaults, which I assume means 5 accounts, and 10GB cloud storage. They do have some add-ons, such as dark web monitoring, secure file storage, and concierge service.
ease of use
Like Dashlane, Keeper seems very intuitive and easy to setup and use. It has many options right up front where you don’t have to dig for them.
Security
On their website, Keeper makes no claims that I can see about never being breached, However, Wikipedia states that “In December 2017, Keeper was bundled with Windows 10 by Microsoft. Google security researcher Tavis Ormandy disclosed that the software recommended installing a browser addon which contained a vulnerability allowing any malicious website to steal any password. A nearly identical vulnerability was already previously discovered and disclosed to Keeper in 2016. Within 24 hours, the company issued a patch.”. And ZDNET reported in 2018 that an AWS server containing some of the company’s software was left exposed. Keeper said that there was “no private keys” on the server.
overall impression
Like Dashlane, Keeper seems to be a good password manager, although like Dashlane, using a third party server to protect your data has it’s own risks.
1Password
1Password has been around since 2006, making it one of the oldest password managers. They say on their website that they’re “The world’s most loved password manager”.
pricing
Like Keeper, 1Password has two plans: 1Password ($35.88), and 1Password Family ($59.88).
The less expensive plan has unlimited passwords and devices, and 1GB document storage. Family adds 5 accounts ($1/month for each additional).
ease of use
1Password also walks you through the setup procedure, and additionally, has you enter your information on a pdf form that you can store securely just in case. It even includes the secret key that you will need to setup a new device.
In addition, 1Password can intercept some 2FA codes and enter them for you. I’m not so sure if that’s a service I would use though, it seems to defeat the “something you know and something you have” purpose of 2FA.
security
1Password does not say anything that I can see about not being breached, and I cannot find any report of any security incidences. Their “security white paper” states that data for team accounts are stored on AWS, but makes no mention of individual or their other enterprise plans. They use the same AES 256-bit encryption with a 32-bit salt.
They state that even with the master password, no one can gain access to your vault without the secret key which they had you print out and store securely.
In 2020, researchers from the University of York released a study were they were able to demonstrate how a malicious website could trick both 1Password and LastPass into revealing a password.
overall impression
1Password is one of the most experienced password managers around, and their history of no breaches is pretty impressive.
KeePass
KeePass is a bit different than he previous 3 password managers, as it is open source. This means the source code is open for anybody to view and check for vulnerabilities like back doors. They’ve been around since 2003, making them the oldest of the 5 I am reviewing. Their website looks like it was built in 1992, but I’m not judging.
Pricing
Not only is KeePass open source, it is free.
ease of use
KeePass is primarily a Windows application, but it does support MacOS, Linux, Android, and iOS. Setup is not as easy as the others, so this is best for experienced users.
Security
Like all of the password managers I am reviewing, KeePass uses AES 256-bit encryption with a salt. They don’t disclose how big the salt is though.
The big difference between KeePass and other password managers, is they do not store your passwords on their servers, nor do they store them on any third-party servers. They are all stored on your device. You can, however choose to store them on any cloud server so they can be synced between devices.
KeePass does disclose some issues on their website. Most are pertaining to the software running on an unsecure device. They state that “KeePass nor any other password manager can magically run securely in a spyware-infected, insecure environment.”
overall impression
KeePass has the advantages of being FOSS (Free Open Source Software), plus one doesn’t have to rely on the company for security, as the user holds everything locally. Software, keys, and data.
The disadvantage is that if someone wants to sync across different devices, they have to either manually copy and paste the data, or store it on a cloud server where they have no control over security.
LastPass
The big dog. Mostly due to it’s extensive advertising campaign. LastPass has been around since 2008, and disclosure: I have been a user since 2009, although I’m not sure how long I’m planning on staying a customer.
Pricing
LastPass has three tiers: Free, Premium ($36), and Family ($48).
Free has unlimited passwords, and support for one device. Premium adds support for unlimited devices and 1GB encrypted storage. Family adds 6 accounts, each with their own storage.
Ease of use
As a Last pass user, I can say that the service itself is easy to setup (or at least it was 13 years ago), and has extensions for most browsers as well as Android and iOS.
Security
Now this is where this article came from. Due to a recent breach of LastPass, I have been looking into other options for password managers. I decided to use my research in this post. See my article on why I am so upset with LastPass here.
In a nutshell, LastPass suffered a breach back in August, saying that no customer data was taken, just some code. Then they came back in November and said that the thieves used that code to compromise an employee and gain access to “certain elements of our customers’ information.”
Then almost a month later they disclosed in an email that “an unauthorized party was able to gain access to a third-party cloud-based storage service which is used by LastPass to store backups.” and pointed to a blog post. In the post they said “The threat actor was also able to copy a backup of customer vault data from the encrypted storage container which is stored in a proprietary binary format that contains both unencrypted data, such as website URLs, as well as fully-encrypted sensitive fields such as website usernames and passwords, secure notes, and form-filled data.”
Oh, by the way, your passwords have been stolen. (I know I’m being cynical, but…)
That’s all I’m going to say about that, go read my post and see how I really feel.
overall impression
I have been a LastPass user for 13 years, but I’m really thinking about moving. I believe LastPass will fix the problem that caused this breach, but you know what they say about horses and barn doors. You be your own judge, but I can no longer recommend them like I did here.
Password manager bottom line
While no password manager is perfect, and although Dashlane, Keeper, and 1Password have not been breached, that’s not to say that they never will be. Overall, a password manager service is only as the employees. Compromise one of them, and a bad guy might be able to gain access to your data.
Don’t rely on just strong passwords. Back that up with 2-Factor Authentication, so if your data gets stolen, you can still be assured that the thieves cannot access your sensitive services without your permission.