Security resources for home and online
Home > Online Security > Best Password Manager: Dashlane vs LastPass vs 1Password vs RoboForm vs KeePass

Best Password Manager: Dashlane vs LastPass vs 1Password vs RoboForm vs KeePass

1st
Lastpass Logo
2nd
Dashlane Logo
3rd
RoboForm Logo

Best Password ManagerDid you know 20-30% of all IT service desk volume can be traced back to password problems1? That means each person in your IT department is spending 1 1/2 to 2 hours a day resetting passwords and helping employees get back into their locked accounts. So much time is wasted remembering and resetting passwords. In addition to being more productive at work, you could also keep your data more secure by using a password manager. With credit card fraud everywhere and security hacks around every corner (including Heartbleed Bug and Bash Bug), you’ll be glad you’ve got a password manager.

What does a Password Manager do?

A password manager stores all of your account information for website logins including your username and password. This keeps you from having to write them down and risking someone seeing them and hacking into your account. All you have to do is remember one strong password to keep your password vault safe and secure. Once you login to your vault, you have access to all of your logins.

What are Form Fillers?

Password managers can also store other information for bank accounts, debit/credit cards, driver’s license, contacts, addresses and more. That way when you’re making a purchase online or filling out a form, all you have to do is click your form fill button and all the boxes will be filled out with your information. However, not all password managers have this form fill option.

What is Multi-Factor Authentication?

As we discuss the different password managers available you’ll want to know what multi-factor authentication is, also known as two-factor authentication. Multi-factor authentication is a form of security that requires more than one form of authentication for you to access an account. For example, most logins require a password, this is one form of authentication. However, you can set some logins to require two forms of authentication. For example, the second form could be a code sent to your smartphone or a number you look up on a smartphone app. In order to be considered multi-factor authentication, it must contain two of these three factors: a knowledge factor (a password), a possession factor (a physical item that only you have) or a inherent factor (biometrics).

Lastpass Review

#1 LastPass logo

Visit Website

Lastpass is our #1 pick for best password manager. We at A Secure Life use Lastpass and have been very pleased with our experience. Over the years, we have tried our best to find a company that is better than Lastpass, but we came up empty-handed. In our experience, Lastpass has been easy to use, secure and very dependable. When the Heartbleed Bug hit, Lastpass notified us of the hack, it allowed us to run a security check against our accounts to see if there were any breaches. It also made recommendations on the websites it felt may have been compromised and it was easy to update passwords as needed. One of our favorite features is the password generator. We all have many work and personal web accounts. So it is crucial that we have unique, strong and complex passwords to lessen the chances of our accounts getting hacked.

PRos

Cons

  • Works with iPhone, Android, Linux, Max, Windows and Blackberry
  • Works on major browsers: Internet Explorer, Firefox, Chrome, Safari and Opera
  • Share and send login information to other Lastpass users securely
  • Notifications appear in toolbar to save new usernames and passwords
  • Unlimited stored logins
  • Password strength report
  • Not the best reputation for customer service
  • Doesn’t work on the Kindle very well
  • The mobile app could use some work
  • Setting up multi-factor authentication can be difficult, but it’s worth it since you get added security

Price

The basic version of Lastpass is free, so you don’t have to make a commitment before you try it.
The Premium version of Lastpass is $12 per year. The added service is having access on your mobile phone with the Lastpass app.
Lastpass Enterprise is available for businesses. Admins have the ability to enforce password requirements, share sites with individuals and teams and track system activity. Pricing is as follows:

  • 1-100 employees – $24/user per year
  • 101-1,000 employees – $20/user per year
  • 1,001-10,000 employees – $18/user per year
  • More than 10,000 employees – contact LastPass for a custom quote.

Click here to read our Lastpass Review

See how easy it is to add and login to websites using LastPass in this video…

Dashlane Review

#2 Dashlane logo

Visit Website

Dashlane is our runner-up for best password manager. It has a cool feature that allows you to set an emergency contact for your important accounts in case of an urgent and critical matter. This can be utilized at work or for a personal account. Set your emergency contact to one of your coworkers or loved ones so they can temporarily access your accounts.

Pros

Cons

  • Password sharing
  • Determines the strength of each password
  • Claims that their auto login and form filler will save each person 50 hours a year
  • Password Changer, automatically changes all or a selected set of passwords with one click
  • Expensive
  • Not the best email support
  • App problems

Price

  • Dashlane Free works on one device, Mac or PC. You can share up to 5 logins with other users, but you have no access to your Dash Lane passwords online.
  • Dashlane Premium costs $39.99/year and allows unlimited login shares with other users. It works on multiple devices so your devices will continuously be syncing up.

Coupon Code

Try Dashlane Premium 30 days for free by clicking this link!

Click here to read our Dashlane Review

Roboform Review

#3 Roboform logo

Visit Website

RoboForm is our third pick for best password manager and it was close to taking the #2 spot. What really held them back? The free version only allows 10 stored logins and the paid version is more expensive than Last Pass. They do offer multiple forms of customer service including live chat, email and phone support. Not many password managers offer so many support options. One really cool feature of Robo Form is Batch Login, which allows you to login to 3-5 websites at once. So if you find yourself logging into the same few sites every day you can click one button and be logged into them all.

Pros

Cons

  • Free version includes mobile
  • Batch Login
  • Browsers: Chrome, Safari, Firefox and Internet Explorer
  • Works with: Windows, Mac, Linux, Android, iOS, Blackberry, Palm, Symbian and Windows USB drives
  • Free version stores only 10 logins
  • No secure password sharing
  • No password strength report
  • Form fill doesn’t work on smartphone apps

Price

  • RoboForm Free saves 10 logins from which you have access on mobile devices, PCs and Macs.
  • RoboForm Everywhere is $9.95 for the first year and then increases to $19.95/year. You get unlimited stored logins and free upgrades.
  • RoboForm Desktop is $29.95 for the first license and $9.95 for each additional license. This version works on a single computer and has no online storage or syncing. You get unlimited stored logins and free minor updates. You only need one license per computer and it works on Macs and PCs.
  • RoboForm2Go 7 – $39.95 per license. Stores all your passwords, logins, bookmarks, etc., on a USB to use on any Windows-based computer anywhere in the world.

Password Manager Comparison Table

LastpassDashlane LogoRoboForm LogoKeeper Password LogoSticky Password LogoPasswordBox LogoKeePass Logo1Password Logo

Visit Website

Visit Website

Visit Website

Visit Website

Visit Website

Visit Website

Visit Website

Visit Website

Visit Website

Read Review

Read Review

Read Review

Read Review

Read Review

Read Review

Read Review

Read Review

Read Review

Overall Ranking

1st

2nd

3rd

4th

5th

6th

7th

8th

Free Version

Checkmark

Checkmark

Checkmark

Checkmark

Checkmark

Checkmark

Checkmark

Checkmark


Up to 20 Items

Password Generator

Checkmark

Checkmark

Checkmark

Checkmark

Checkmark

Checkmark

Checkmark

Checkmark

Form Fills

Checkmark

Checkmark

Checkmark

Checkmark

Checkmark

Checkmark

Checkmark

Checkmark

Password Strength Report

Checkmark

Checkmark

Checkmark

Checkmark

Secure Password Sharing

Checkmark

Checkmark

Checkmark

Checkmark

Checkmark

Checkmark

Two-Factor Authenication

Via App

Via App

Partial via Email

Checkmark

Stored Logins

Unlimited

Unlimited

10 (Free Version)


Unlimited (Paid Version)

Unlimited

15 (Free Version)


Unlimited (Paid Version)

Limited (Free Version)


Unlimited (Paid Version)

Unlimited

Unlimited

Browser: Chrome

Checkmark

Checkmark

Checkmark

Checkmark

Checkmark

Checkmark

Checkmark

Checkmark

Browser: Firefox

Checkmark

Checkmark

Checkmark

Checkmark

Checkmark

Checkmark

Checkmark

Checkmark

Browser: Internet Explorer

Checkmark

Checkmark

Checkmark

Checkmark

Checkmark

Checkmark

Checkmark

Checkmark

Browser: Opera

Checkmark

Checkmark

Checkmark

Checkmark

Checkmark

Checkmark

Checkmark

Checkmark

Browser: Safari

Checkmark

Checkmark

Checkmark

Checkmark

Checkmark

Checkmark

Browser: Other

Dolphin and other Android browsers

Comodo, Dragon, Pale Moon, Seamonky & Yandex

Compatibility: Android

Checkmark

Checkmark

Checkmark

Checkmark

Checkmark

Checkmark

Checkmark

Checkmark

Compatibility: Blackberry

Checkmark

Checkmark

Checkmark

Checkmark

Compatibility: Linux

Checkmark

Checkmark

Checkmark

Checkmark

Compatibility: iOS

Checkmark

Checkmark

Checkmark

Checkmark

Checkmark

Checkmark

Checkmark

Checkmark

Compatibility: Mac

Checkmark

Checkmark

Checkmark

Checkmark

Checkmark

Checkmark

Checkmark

Checkmark

Compatibility: Windows

Checkmark

Checkmark

Checkmark

Checkmark

Checkmark

Checkmark

Checkmark

Checkmark

Compatibility: Other

Palm, Symbian & Windows USB Drive

Kindle Fire

Customer Service

Email, FAQs, Forums & Tutorials

Email, FAQs & Twitter

Email, FAQs, Live Chat, Phone & Tutorials

Tutorials, Quick Start Guides, Webinars, Live Chat & Email

Email & FAQs

Email & FAQs

Email, FAQs & Forums

Email, FAQs & Forums

Mobile App

Checkmark

Checkmark

Checkmark

Checkmark

Checkmark

Checkmark

Checkmark

Checkmark

Login to Multiple Sites at Once

Checkmark

Visit Website

Visit Website

Visit Website

Visit Website

Visit Website

Visit Website

Visit Website

Visit Website

Visit Website

Read Review

Read Review

Read Review

Read Review

Read Review

Read Review

Read Review

Read Review

Read Review

LastpassDashlane LogoRoboForm LogoKeeper Password LogoSticky Password LogoPasswordBox LogoKeePass Logo 21Password Logo

Other Password Manager Reviews

1Password | KeePass | Keeper Password | PasswordBox | Sticky Password

1Password Review

1 Password logoVisit Website

1Password is a fairly expensive password manager. Its performance isn’t always the best and, in our opinion, it doesn’t have any features that really pop out. We wouldn’t spend our money on a password manager that is inconsistent and expensive when we could use a free version of Lastpass that is more dependable.

Pros

Cons

  • Secure password sharing
  • Syncs with Dropbox
  • Great Mac versions
  • App integrations for mobile
  • Doesn’t always bring up the correct password
  • Asks to save a password that’s already been saved
  • Search bar to find saved passwords doesn’t work well
  • Performance is not consistent

Price

1Password sells their software by providing licenses that don’t expire. Licenses are available for Android, iOS, Windows and Mac. One license can be used for one platform and can be used by up to six family members living in the same household. A license from 1 Password is not based off the number of devices.

  • Android and iOS – Free
  • Windows$34.99
  • Mac$34.99
  • Mac and Windows Bundle$48.99

Keepass Review

Keepass logoVisit Website

When you go to the KeePass website you feel like you’re entering a time warp to the 90s. It’s a little disappointing that they don’t have a modern design. Website aside, KeePass is a dependable password manager that will keep your data safe and secure. The simplicity of the platform is what most users like best about Keep Pass. It it is easy to learn and get started.

Pros

Cons

  • Dependable and performs well
  • Password strength report
  • Very simple platform
  • Difficult to keep synced between devices
  • No secure password sharing

Price

KeePass is completely free.

Keeper Password Review

Visit WebsiteKeeper Password logo

I tested Keeper Security and was fairly pleased with my experience. Keeper Password has all of the features that the other password managers have except for a password strength report. Instead, Keeper has a “find duplicates” feature to help make each password unique. Keeper has potential of making it into our top three but what’s really holding them back is all the clicking you have to do to get your login and form fills completed. Other password managers automatically fill in your data when you’re logged into your vault and you pull up a webpage. Keeper has you click “fill” for your username, password, credit card number, name on credit card, etc. It would be nicer if this just all got filled in one big swoop.

Pros

Cons

  • Free 30 day trial
  • Pre-loaded onto AT&T devices
  • Secure file storage
  • Ability to import/export stored data
  • Find duplicates feature
  • Form fills are more difficult to use
  • No password strength report

Price

  • $9.99/year for a single device
  • $29.99/year for unlimited devices
  • $299.99/year for offices plus an additional $14.99 for each additional user

PasswordBox Review

Password Box logo

Visit Website

PasswordBox is a partner with Bionym, the makers of the Nymi wristband. The Nymi wristband uses your heartbeat to validate that you are you. This gives PasswordBox a unique way to authenticate your identity.

Pros

Cons

  • Unlock with your heartbeat
  • Legacy Locket – in the case of your death, leave your account information with someone you trust
  • Secure password sharing
  • No password strength report
  • Nymi is not out yet so no option to authenticate your identity in multiple ways
  • Free version has a limited number of stored logins

Price

  • Password Box offers a free version with a limited number of stored logins
  • PasswordBox Unlimited for unlimited for $11.99/year

Sticky Password Review

Sticky Password logoVisit Website

Sticky Password lacks some of the features many have come to love about password managers including multi-factor authentication. However, if you use a less popular browser chances are Sticky Password integrates with it. A random tidbit is that a portion of your money spent on Sticky Password goes toward saving endangered manatees.

Pros

Cons

  • Covers the largest variety of browsers: Chrome, Firefox, Internet Explorer, Opera, Seamonkey, Yandex, Comodo Dragon and Pale Moon
  • Memo storage
  • Easy to get started with
  • No password strength report

Price

  • Sticky Password Free
  • Sticky Password Premium
    • $19.99 for 1 year, 1 user
    • $39.99 for 3 years, 1 user
    • $49.99 for a lifetime, 1 user

Which Password Manager Should I Pick?

We’ve researched a number of password managers and we know all too well that it can be overwhelming to decide which one to pick. Although our team is very pleased with our Lastpass experience, it doesn’t mean they will be the best choice for you and your needs. There are many great password managers out there and one may give you a better experience than another. Make sure you’re comfortable with your decision because the password manager you choose will be protecting all your important data.

What do you think the best password manager is?

Sources: [1] Garter

Our site's mission is to help consumers make more informed purchase decisions. This website accepts financial compensation from some of the companies mentioned which allows us to provide this free service to our readers. Compensation does not influence the rankings of products. More info on our disclosure page.

Sign up to Receive a Free Home Safety Checklist, and Monthly Security Tips & Reviews!


About Kimberly Kurimski
Kimberly has always taken security seriously. Whether it's making sure she locks all the doors or using complex passwords, she tries her best to live a secure life. She has years of experience with testing, reviewing, and writing about security systems. One of her favorite parts of her job is being able to inform consumers of the best security products available.
Previous:
Next:
  • Having tried LastPass, KeepPass and 1Password, I’d agree with you that LastPass is the best. However (to reverse Shakespeare’s quip) that’s “praising with faint damnation”, as they’re all pretty dire on mobile. In fact, while I don’t mind paying for LastPass premium, it does irk me somewhat that, notionally, the “premium extra” I’m getting for that is the clunky Android integration, which is LP’s poorest feature.

  • I tried using LastPass, and found it a nuisance.

  • Jessie

    If you are looking for an alternative password manager, take a look “Intuitive Password” online password mansger. I have more than 200 passwords and they are all different for each site, I use it everyday. It works on all devices including smartphones, tablets, laptops and desktop PCs without installation required. Intuitive Password provides a Data Restore Points feature so you can’t lose your data using their service.

  • Michael Salm

    We are looking at Pleasant Password server to replace LastPass Enterprise. When it works LastPass is great, but it only works with maybe 66% of the sites our users access. For the rest of the sites we have to use spreadsheets with the credentials in plain-text, which completely defeats the purpose of a password manager in the first place. Any browser plug-in based system is doomed to fail due to variations in browser version, plug-in version, and the technology used to build the target site. Pleasant uses tried & true Keepass for the client, so you avoid the browser/plug-in/site version issue all together.

  • Mitchblue

    LastPass, imo, is incredible. I’ve only tried a couple others, Password Box and 1Password, didn’t like either. LastPass fits the bill for me.

  • TeacherMac

    Enable multi-factor authentication

    This is the most important step you can take if you haven’t already. Even if the worst happens and hackers get your master password, they’ll still need the authentication code to access your account if you have two-factor authentication enabled. Multi-factor authentication isn’t important just for LastPass—you should be using it on any site that offers it, including social networks, email accounts, and so on.

    Speaking of which, cracking that master password is going to take a long time unless your LastPass password is unbelievably weak, such as 1234LastPass or something similar. To crack your master password, hackers first have to get past your authentication hash—which includes 100,000 rounds of PBKDF2-SHA256 hashing—on the LastPass servers. Hashing uses an algorithm to convert one string of text into a longer string so that is difficult to reverse engineer and discover what the original text was.

  • TeacherMac

    Having to install 1Password on every device you need to access limits the use to non-professionals and for that market it’s way over priced. Using multi-factor authorization and LastPass allows full flexibility and security anywhere in the world (Even when using remote access) without any installation and is much less the price (More Users?) and is much easier to use across platforms and devices.

    Perhaps this app is more intended for Apple device users as it’s quite awkward for Windows and Android users.

  • Lots of great points to think on here, thanks for your feedback. Depending on an individuals security needs, comfort level with technology, and personal preferences, I think the “best” option kind of changes. For most users, I think online password management is a decent option because they’re trying to avoid common hacks and reduce time spent on forgotten passwords. For those that are looking for fort knox level security, it might make more sense to take some of the steps you mentioned.

  • Peter Southwell

    “Keeper Password has all of the features that the other password managers have except for a password strength report.” For the record.. Keeper security now offers this.

    • Thanks for providing this update, Peter! We will be sure to update.

  • You bring up great points! We will definitely consider adding this in for our next update to the article. Thank you for taking the time to add your insight!

  • pictor

    I am stunned. I use 1Password, and I find it brilliant (and much better than LastPass which I have also used). I haven’t used the others, but 1Password gives me a flawless experience.

    • PikeLife

      I wish! I agree — inconsistent. It used to be very reliable. But now, sometimes it will autofill name and password, sometimes not. And every upgrade costs money, so I don’t see any advantage over LastPass Premium. I haven’t used LastPass yet, but seriously thinking of defecting now because 1Password is driving me crazy.

      • The basic version of LastPass is usually enough for the average user. If you have needs for more, we feel the premium subscriptions are great options in this space.

        • PikeLife

          I can’t imagine using it without Premium — if you have both a laptop/desktop and mobile devices, it’s a no-brainer that you’ll want to have access on all of them, unless you like looking passwords up on one device and typing them into another. I don’t think the yearly Premium fee is unreasonable, mind you — it’s fine. But I think it’s rather silly to say the free basic version is enough for the average user. I don’t know anyone savvy enough to use a password manager program who wouldn’t want access to it on both mobile and desktop devices, other than the few folks I know who’ve ditched laptops altogether.

    • TeacherMac

      I suspect that you’re an Apple device user since 1Password is useless with Windows and Android. Having to install the app on devices that I don’t own is a waste of my time. As much as I’d love to dump LastPass, only because of being bought by LogMeIn, it blows away the competition in terms of security, flexibility and ease of use, no matter where you are in the world and at a price that can’t be beat.

      Dashlane just over priced themselves and when I saw the price on installation it was immediately removed.

  • revelated

    As a long time LastPass customer, I’m sad to say I have to leave them now.

    I know others are a bit nervous about cloud-based password archive storage. LastPass can work fully offline if you want, just storing the backup in the cloud. If someone compromised that, they’d have to figure out your master password to do anything with it. It’s as secure as it could get. And LastPass worked extremely well across devices and browsers with slight exceptions (IE).

    But LogMeIn – of all companies – buying LastPass is not acceptable. To me, that compromises the purported security, because LogMeIn has no real concept of secure access.

    KeePass is a good password manager, but I found it rudimentary compared to LastPass. Manual keystore copying, etc.

    • Barbara

      That is exactly why I am looking for another company. I have DashLane but as the trial runs out I do not have $40 to go premium. Some things are also easier with LastPass, Heartbreaking,

    • TeacherMac

      I agree that it was an incredible mistake selling out to LogMeIn for all your reasons however… LastPass does beat the competition for security and ease of use and, since I’ve been using and recommending LastPass for four plus years, the price and ease-of-use across devices and platforms can’t be beat.

      I’m sure to leave once there are any issues associated with LogMeIn and, like yourself, I’ll bite the bullet and return to KeePass.

  • johncAtl

    Seems like a pretty biased (maybe paid for) review. But other than clicking on a Google link on about the third page of a search I would never have heard of A Secure Life. And I have no reason to ever come back. Complete trash.

    • I’m so sorry that you are not pleased with our site. I can assure you that this article is not biased and is not paid for by any company. You can read more about how we value our unbiased reviews here: http://www.asecurelife.com/int/our-review-process/
      I hope you do not write us off completely and I wish you the best of luck in your password manager search.

      • Barbara

        More gracious than most!

    • TeacherMac

      Why waste time posting an empty thought since you provided nothing useful?

  • ciborg

    Roboform is available for Opera.

  • Thales Claro

    Keepass on 7? You have no idea what are you talking about then.

    • Hi Thales, would you like to share more about your experience with Keepass? We love hearing about what our readers think and getting feedback from them helps us with our audits in the future.

  • Jim Dawkins

    So you rank security software based on ease of use versus security? I would like a review that is more exact. For example some of these solutions store everything locally or give you that option. Others store and sync with the cloud. Considering those factors the rankings would be different.

  • stephendt0

    Thank you for this detailed review. It makes life a lot easier for those who are unsure on what’s best for them these days.

    • Glad you like the article! Let us know if you have any questions about password managers!

  • Red Raleigh

    Lastpass got hacked a few days ago. They recommend setting up 2-Factor Authentication, but if you have 2-Factor Authentication already set up (without Lastpass) do you really need a super strong PW Manager?

    • That’s a great question! The purpose of a password manager is to simply store all of your passwords. It’s never a good idea to have the same password for all your accounts and depend solely on the changing of your two factor authentication code every 30 seconds. You want all passwords to be unique and that can cause some confusion for you when entering your credentials and a potential hacker when trying to crack your password. That’s why password managers are handy. No matter which company you choose, you don’t have to remember all of the uppercase, lowercase, numbers and symbols in your passwords. All you have to remember is one master password for your password manager and setup two factor authentication (ideally for all accounts possible, including the password manager). Let me know if you have any more questions!

  • Dan

    Two things missed for 1Password, it does have IE browser support and a free version that is limited to 20 logins.

    • Thanks for mentioning those to us Dan! We have updated our table to reflect that information!

  • Shawn

    The “Intuitive Password” online password manager should be included in the review as well.

  • It looks like LastPass forces you to sync your password vault with their server. I have a big problem with any vendor forcing me to send them a copy of my passwords–even if they’re encrypted. Computer security always begins with physical security. Once that encrypted password vault is sent to someone else, you have no idea who can get a copy and try to crack it. Yes, I’m paranoid, and you should be too!

    • Jim Dawkins

      I agree.

  • Holcreek

    This comparison table while very well done, definitely misses the most important factor: self-hosting capability. NSA and proof of massive surveillance and leaks gave user’s trust a hard hit. Self-hosting feature is a no-brainer for many people now.

  • Ignitos

    First of all a great research for password managers. According to your table Dashlane supports Opera, which is not the case. I’ve used Dashlane for last 2 years and this is the reason why I’m searching for an alternate.

    • Mathias Thorsen

      I got the Chrome extension to work in Opera a while ago when I used it. I think I found the how-to by just searching.

  • Shawn

    If you are looking for a password manager that works on all devices without installation, try “Intuitive Password”. It’s a great web-based password manager ever!

  • Very interesting review, but you are forgetting a great feature: fill forms on softwares.
     
    This is the big feature for me on RoboForm: he fills almost any fill forms on Windows. Things like all setting on my IMAP account in Outlook, log in at softwares like Evernote, and many others. This is a killer feature for me.
     
    Another big advantage of RoboForm is that he fills logins and passwords that neither LastPass, Dashlane or 1Password fills. Last time I examined all of these softwares was 6 months ago.
     
    I know that because I am tired of RoboForm. I was trying to change to any other for the last 3 years already, but every time I essayed a new one, I realized that they do not get many websites that RoboForm do, as my bank account website and many others.
     
    As a LastPass user, you may did not notice the difference, otherwise would know that several sites that LastPass does not capture the fields filled, the RoboForm capture. How do you do with websites that LastPass do not grab?
     
    One thing that I do not like on RoboForm is that, different of 1Password, I cannot create my own items that are not related to login on the web or an app, like my software licenses. That is nice on 1Password. In addition, his design and integration with the iPhone are great.
     
    Now I am stuck on RoboForm because there are not an export option. I hate this! This is not a cool way to retain customers. They take forever to make updates and add new features. To date the RoboForm does not have Touch ID! Moreover, the design too, this is something that any tech company need to renew all the time and not every 5 years.

    • Bruce

      LastPass has form filling. And has had it for years.

    • Allen

      Lastpass has instructions and link for for downloading Roboform 6.9 which will export to HTML and the the Last Pass instruction page instructs how to convert and encode it for LastPass import. I have been on Roboform probably over 15 years, just completed the export/import in about 10 minutes after reading instructions and downloads. So far, I like what I see. I am keeping RoboForm for now (I did renew for 3 years 1 yr ago), but if everything continues to go well then in a couple months, I will ask for a refund (I wonder how that will go with the company that has an import function and eliminated the export option when they went to version 7 (keep and don’t allow customers to leave).

  • Andre J

    I don’t see how this article can be trusted, given that the links to the services are affiliate links.

  • Michael Charvet

    The big problem with Roboform is there is no EXPORT feature. The Roboform folks stopped allowing printing to a file or exporting way back in version 6.9. Once in Roboform you’re stuck unless you use some third-party utility or import feature to move your data and I’ve found those don’t work 100%. I’m trying a move from Roboform to LastPass right now and I’m seeing some glitches. I loved Roboform at one time, but they haven’t kept up with the various login methods available to site developers, the woefully inaccurate login suggestion box pops up all the time, the account registration is convoluted, and worst of all, there’s no EXPORT. Roboform was great years ago, now second tier.

    • Agreed.

    • Jim

      Everyone interested in Roboform should heed this man’s points. Roboform is now a complete MESS. I too liked it over Lastpass at one time. Not now, and worst I don’t even trust Roboform going forward.

  • Paul Moore @ Rambling Rant

    That’s key splitting, not 2FA.

    • SpaceWalker0720

      Thanks for clarifying. So at this point I’m sure there is a knowledge deficit on my end (and obviously most others) if we think being asked for 2 things = 2 Factor Authentication. That being said, even if KeePass is really offering “Key Splitting”, it still requires multiple pieces to the key, and to an intruder they have no idea how many “pieces” are required to make the key, so to my mind that’s still a valid English definition (even if not a correct technical description) of requiring “2 factors” in order to “authenticate”. So, since you say they are not the same, could you state that between “split keys” or “2FA” which is inherently safer and why? (Note: I’m’ not trying to have any harsh tone here, I really would like to understand this better.) Thanks.

      • Paul Moore @ Rambling Rant

        You’ve hit the nail on the head… the confusion lies between the English definition of “factor” and the technical definition which developers use.

        This is a complex topic and a Disqus thread isn’t ideal for explaining it properly. I’m going to blog this tomorrow (I have seen your other comment on the blog too; I’ll reply shortly), but I’ll try to keep this short & sweet.

        Every authentication process has a verifier and a relying party. When you login, you’re sending your credentials to the verifier which takes your passwords, OTPs etc and checks them against known information already stored about you. The relying party relies on the result from the verifier before deciding if you should be logged in. For the most part, the verifier and relying party are one and the same. If you use a Yubikey for example, Yubico is the verifier and the site in which you’re trying to login is the relying party.

        When we talk about 2SV, 2FA, 3FA etc, we’re actually saying the verifier requires a higher level of assurance before you’re granted access; beyond a traditional password-based, 1FA scenario.

        Take the word “PASSWORD” as an example…

        Using PASSWORD in a 1FA (username & password -> verifier) scenario is insecure. All you’re required to present to the verifier is a single, weak credential.

        Using PASS (from memory) and WORD (from a USB stick) is called key-splitting. Whilst it’s true that YOU need both something you know and something you have (suggesting 2FA), the application (KeePass for example) concatenates those two values into one and presents them to the verifier as one string, PASSWORD. The verifier has absolutely no way to know if those values were entered by an attacker as PASSWORD, or by you as PASS (from memory) and WORD (from a usb stick). It cannot assert that the bearer (the one handing the information over) “has” anything, thus it’s not multi-factor. However, it does provide a slight security benefit, as keyloggers would only capture the memorized portion of your key; requiring an entirely different attack to capture the data stored in the key file. Use it by all means, but be mindful that PA SS W ORD (4 keyfiles) is insecure, regardless of how it’s presented to the verifier.

        Most 2FA/Multi-Factor devices fall into 2 categories… OTP generators and cryptographic devices.

        As the name suggests, an OTP generator provides a cryptographically-random one-time-password derived from a shared (between you and verifier) crypto seed. The seed itself is never presented to the verifier (thus can’t be captured over HTTP/HTTPS etc), but it’s used as the basis of generating the OTP. When the verifier receives the OTP, they create their own OTP derived from the shared seed. If they match, the verifier asserts that you, the bearer, must “have” the device which contains the seed. That, combined with your password constitutes multi-factor authentication. It’s worth keeping in mind, it’s not an absolute assurance. A 4 digit OTP has just 10,000 combinations, though most use 6 digits (1 million combinations). Using 6 digits, the attacker has (for the sake of argument) a 1 in a million chance of getting the right OTP. It’s that probability factor (English definition 😉 ) which allows the verifier to assert that the bearer almost certainly “has” the device.

        A cryptographic device works in a similar fashion, but relies on asymmetric/shared-symmetric keys and variable inputs before splitting out a token authenticator (not to be confused with a password) which is subsequently handed to the verifier.

        Hopefully, that’s a bit clearer 🙂

        • SpaceWalker0720

          Thanks – I think so. I’m getting a picture in my head of how to illustrate this in a “normal” non-internet fashion as you’ve split out the verifier and the relying party. And so now it strikes me this is similar to how PGP does or might work (and also alludes to it’s weakness as well in some lack of verification of parts of the issuing chain.) Thanks.

  • Dima

    KeePass should be higher ranked. I have been using it for years across multiple platforms including Android, Linux, Windows and Mac. The way to sync is simply via Dropbox or ownCloud or any other sync service most of us already use.

  • Tim

    Last Pass is only free if you don’t use any of the mobile device apps. Apps require a subscription of $12 per year.

  • 9to5Slavery

    You should make one that is best for Apple related Products and one for Windows and one for Google Products as well. More flavor.

  • Paul Moore @ Rambling Rant

    Hi Kimberly,
    Technically, none of the password managers you’ve outlined offer 2 Factor Authentication…although some claim to offer it.
    I’m curious though, what makes you think Roboform and 1Password offer it?
    Thanks.

    • Hi Paul, thanks for the comment! Great catch with 1Password. They do not offer multi factor authentication, but hope to do so in the future. According to this article (http://www.roboform.com/blog/multifactor-authentication) Roboform does offer multi factor authentication.
      I’m curious why you say that none of the password managers offer 2 factor authentication? Do you see different requirements for this feature?
      Thank you again for commenting and we have updated our article accordingly.

      • Paul Moore @ Rambling Rant

        Essentially, 2FA isn’t possible in the context of encryption. The only instances where “2FA” exists (LastPass etc) is to mitigate risks introduced by LastPass, not the encryption process. Even then, it’s not actually 2FA as there’s no authentication going on.

        I blogged this recently.
        https://ramblingrant.co.uk/password-managers-facts-fallacies-fud/

  • Just a thought

    A thought after reading this.

    Seems like the author made a huge misstep as far as not mentioning the privacy of your data (i.e., where it’s stored and, by extension, who has access to it).

    For example, a huge benefit of 1Password that isn’t mentioned in your chart is that you can keep your data on your local machine so that the only person(s) who have access to it are you or anyone you give the master password to. That way, it’s never sitting on a cloud server of any kind. To contrast with your number 1 pick, it looks like LastPass syncs your private data up to a server. Personally, this is a huge no-no for me (don’t care that it’s encrypted). So I really love that I can use 1Password and my data stays on my local machine. Oh, and I can sync that data to my iOS devices via WiFi (i.e., my secured home WiFi network), again avoiding using cloud services to sync my private data.

    I reckon this is a huge point for folks.

    • This is a great point you make, but I think others may disagree with you. Some may not want to use their local drive because it could crash. The cloud on the other hand is a good back up to have.
      There are pros and cons to both so the preference of where the passwords are stored will vary by user.

      • Tim

        The chance that all of your devices that you keep your passwords synced with would crash at the same time is about 2,723,468 to 1.

        • Gary Wooding

          I don’t yet have a password manager and none of the reviews indicate that any can cope with websites that say something like, “Enter the 2nd, 5th and 8th characters of your password”
          If your password has been generated for you, and you can’t see it, how do you enter the requested parts?

          • Great question Gary! Typically password managers have a “vault” where all of your data is stored. If you enter your master password you can then see what passwords you have stored. So say you had your password manager generate a password for your PayPal account and PayPal asked you to enter the 2nd, 5th and 8th characters of your password. You could login to your password manager with your master key and go to your PayPal data and see your password so you could then enter your three characters. Let me know if you have any other questions!

            • Gary Wooding

              Thank you Kimberly, that answered my concern totally.

          • Tim

            I am curious what websites do that? I have never seen a site ask for that. In fact, I would be EXTREMELY suspicious of a site that asked for any characters of your password in a particular order because it could be phishing for your password. If a site is already asking for your full password, then there is absolutely no reason to ask for particular characters in a particular order.

            • Dingus McFlaggan

              This is how most 2FA with forward thinking works, e.g. enter the first then 3rd number of your pin; now enter the 6th and 3rd characters of your password. This is done so the full password cannot be captured and also so you don’t have to carry around a stupid token or rely on your phone for a soft token.
              Other companies go a step further with this logical approach (like Kiwibank in New Zealand implemented in about 2002 as they are much further ahead than US or UK banks) where you have to click a virtual keyboard to select the random characters so key loggers cannot have any success, nor screen scraping or man in browser attacks.

          • AndyGBrown

            Keepass does this out of the box: it shows a form, you click the buttons “2”, “5”, “8”, and it fills in just those characters. You don’t have to count characters to work out which ones to use, and you don’t have to display the password in plain text on the screen at any point in the process. I don’t know if other password managers do the same, just that keepass is quite good at this.

      • Doug

        Kimberly is completely right here.
        Having passwords stored locally, contrary to popular belief, is NOT as safe as having it stored in the cloud. Even if someone was to hack the cloud they could not access your details without the salt which is your master password, not mentioning that a lot of these services offer local storage as an alternative.
        I think you also lack a little knowledge thinking that locally makes it secure because it’s not online, if you get malware, say goodbye to those passwords.

        • Tim

          If someone is able to hack the cloud where your data is stored they will most likely also know how to be able to hack your master password.

        • Mark

          I think you’re conflating two aspects of safety – security and availability.

          Losing access to your data (such as all the places storing your data, be that the cloud or local storage devices, losing your data; losing one factor in two-factor auth, such as cell access to receive a SMS; or even just forgetting your master password) is availability, which seems to be the only one that you’re concerned about.

          However, the extra points of access (data no longer just flows through your device, but also through several networks and through another company’s servers) involved with a cloud storage system likely decreases security (not necessarily though, since a password manager that leaves the data in a plain text file on a phone that is frequently lost by its owner will be worse than a decent cloud based system – of course a bad cloud based system could let your passwords be harvested by someone that doesn’t even have physical access to your device).

    • Jim Dawkins

      Exactly.

  • bubbles

    Hi Kimberly. I have to say that you have a few things wrong with regards to 1Password:
    No password strength report–There is a password strength indicator (http://www.quora.com/How-does-the-1Password-password-strength-indicator-determine-the-strength-of-a-password)
    Doesn’t always bring up the correct password-It recognizes passwords based on the saved URLs associated with them. If you have the correct URL stored (e.g. https://www.facebook.com/login rather than https://www.facebook.com/), it will always bring up the correct password.
    Asks to save a password that’s already been saved–see the URL issue on my previous point.

    • Thank you for the information! I have changed the note about the password strength report in our article. However, from our research the other two notes can vary by user. So because you don’t have problems with this doesn’t mean others aren’t. Thank you again for posting in our community! I’m sure our readers will appreciate it!

  • Yes, it’s important to keep your information private and safe. I feel much more comfortable now that I’m using a password manager to protect my privacy.

    As for Thailand I loved their food! I’m actually planning on making Pad Thai soon! Just need to get a couple more ingredients. Wow, what I liked most? That’s a tough question! I think riding an elephant was definitely a fun experience. I also enjoyed the markets. It was fun to try new foods and look at all the vendor tables.

  • Scott Elliott

    Kimberly,
    I’m a little, no, very surprised KeePass is so low on your list. Look at all those check marks! The only real cons that I could think of that would make you rank it where you did was the Multi-Factor and Auth and Secure Password Sharing. That seemed to score high for you in your rankings. However, it does have Password Strength that only LastPass and Dashline have. It also works on all OS’s shown which only LastPass and RoboForm have. Now here’s the kicker: It’s completely free! That is huge for companies and, well, anyone, actually. So in my opinion, it sure seems like it would be a solid #2 for businesses due to the cons I mentioned above, but for personal use, it seems it should be #1. What are your thoughts?

    • Hi Scott, thanks for your well researched comment! You make some valid points, however, we stand by our rankings. Users struggle to keep their devices synced up for KeePass, and yes it is great that it’s free but it doesn’t perform as well as other password managers. Price is not the main factor for these types of reviews. We encourage our readers to test out KeePass before purchasing a password manager subscription and let us know how they like it. Perhaps KeePass can work its way to the top in the future. Again, thank you again for your comment and Happy Holidays! 🙂

      • MichaelColburn

        Hi Kimberly, not sure precisely what rubric you are using for grading but I’m with Scott. I have been a Keepass user for several years now and love it. The greatest selling point for me is precisely what you call a con. I store the file locally on each machine/device that uses it and sync with Dropbox with absolutely zero issues in over 2 years. Within seconds of making a change on any computer the change is propagated to the other machines. I’m not sure what other users are having issues with, maybe they are using it differently than I am. Anyway, it is great that I can use it for free on any platform, that it generates passwords based on complicated rules you can define, that it will tell me how strong passwords are that I generate myself, and that there are no limitations to the number of passwords it will store for free. I don’t use autofill features, so I could see where any weaknesses there or some other feature that others use might make this program fall to the bottom of your reviews, but based on my experiences syncing should not be viewed as its Achilles’s heel. Just a bit of anecdotal evidence for anyone reading this today and looking for an additional perspective.

        • Thanks for posting your experience! I’m sure our reader’s will appreciate seeing another opinion on Keepass!

        • Bruce

          I completely agree. If the con is that it doesn’t sync, it’s a complete non issue. I have the kbdx file on my Dropbox (and I periodically back it to my Google Drive as well). A change on my PC is immediately reflected on my phone. And a change on my phone is immediately synced up on the PC. For the latter to work, I have starred the file on my Android device. Not sure if the iOS version of Dropbox works the same way. I’d think it would, but iOS has some funky file access rules, so maybe not.

          I do use LastPass on the browsers though. It’s completely intuitive and drop dead easy. KeePass I use for all my sensitive data (bank accounts, Passports etc.)

        • I would never store my password on a drive like Dropbox, I’d rather have them in a secure vault. What happens if someone stole your file? Even if Dropbox is secure (and it’s not as secure as LastPass vault), anyone with access to your computer for like 2 minutes could just find and copy that file. Even if it is encrypted, it would be possible to brut force it. (I don’t know what’s the security about the file that contains all passwords using Keepass.)
          With LastPass, everything is sync, even if they get hacked (and they did) the way they store your master password doesn’t allow anyone to decrypt the data.

      • CrocoRyfe Dundee

        Hi Kimberly,

        I have to admit I’m on Scott Elliott and MichaelColburn side on this one, but for an additional reason: Open source.
        Though I admit most users don’t care (even if they should), it is proven that open sourcing your code, when it comes to security is an extra guaranty and security through obscurity is not the best way to go. I would put extra point for that.

        So KeePass is Free, provides Open security, lets the user choose where they can save their data if they don’t want to have them only locally stored (DropBox, Google Drive, Swiss or European servers with specific non US digital laws), or even syncing them through their own NAS… Keepass is the only one offering those advantages but gets stuck at the bottom of the ranking.
        Feels like the ranking metrics are neither fair nor complete enough IMHO.

        I respect your ranking, of course, but I wish those elements were mentioned as well to help users make their choice in full knowledge.

        Thanks for your post (and sorry for replying to an old post)

        • Thanks for your thorough comment! We will take these items into consideration during our next audit of this article!

  • KevinSelton

    Hey Kimberly, thanks for the great overview and comparison of password managers. Very handy! I have already chosen Sticky Password couple years ago, but will definitely check the others ones how they look like and how they are different. What is your own personal favorite one? And how was Thailand?! 🙂

    • Hi Kevin, glad you liked the article! How do you like Sticky Password? Anything you love/hate? My personal favorite is Lastpass. It’s been a total lifesaver for all of my work passwords and personal online shopping needs. Before Lastpass I used the same password for every account. NOT SAFE! Thank goodness I got a password manager haha! Thailand was amazing!! Such a beautiful country and I was able to experience so many new things. Very different from the U.S. and extremely hot!

Stay Informed.
Never miss an important security industry update from
A Secure Life.