Security resources for home and online
Home > Online Security > Best Password Manager: Dashlane vs LastPass vs 1Password vs RoboForm vs KeePass

Best Password Manager: Dashlane vs LastPass vs 1Password vs RoboForm vs KeePass

Credit cards, bank accounts, social media, email…the list goes on and on. All of us have these online accounts with login details we can’t keep straight. We’re told never to use the same password twice but how are we supposed to remember them all?! Not to mention the requirements—you must have 1 capital letter, 1 symbol, 1 lowercase letter, 1 number, 1 unicorn—ok maybe not the unicorn. Keeping a document with a list of your usernames and passwords isn’t the smartest idea, so what should you do to keep them straight? Get yourself a password manager! No, not an actual person. A password manager is a system online that stores your passwords. We’ll tell you more about them below.

What does a Password Manager do?

A password manager stores all of your account information for website logins including your username and password. This keeps you from having to write them down and risking someone seeing them and hacking into your account. All you have to do is remember one strong password to keep your password vault safe and secure. Once you login to your vault, you have access to all of your logins.

What are Form Fillers?

Password managers can also store other information for bank accounts, debit/credit cards, driver’s license, contacts, addresses and more. That way when you’re making a purchase online or filling out a form, all you have to do is click your form fill button and all the boxes will be filled out with your information. However, not all password managers have this form fill option.

What is Multi-Factor Authentication?

As we discuss the different password managers available you’ll want to know what multi-factor authentication is, also known as two-factor authentication. Multi-factor authentication is a form of security that requires more than one form of authentication for you to access an account. For example, most logins require a password, this is one form of authentication. However, you can set some logins to require two forms of authentication. For example, the second form could be a code sent to your smartphone or a number you look up on a smartphone app. In order to be considered multi-factor authentication, it must contain two of these three factors: a knowledge factor (a password), a possession factor (a physical item that only you have) or an inherent factor (biometrics).

Dashlane Review

Dashlane logo

#1-Best Experiece

Visit Website

Dashlane is tied as our winner for best password manager. Dashlane stood out from other password managers to me. Everything was simple about using it. It was easy to adjust to, easy to import passwords, easy to save passwords, and more. It sounds cheesy, but I found myself wishing I had tried it sooner. It has a cool feature that allows you to set an emergency contact for your important accounts in case of an urgent and critical matter. This can be utilized at work or for a personal account. Set your emergency contact to one of your coworkers or loved ones so they can temporarily access your accounts. Another feature I loved was the auto login feature. When I pulled up my email to log in it would automatically do it for me—no excess clicking. Dashlane claims this feature as well as the form filler saves each person 50 hours a year, which sounds crazy but after experiencing it I totally believe. The downside, is that it’s more expensive than other password managers.

Compatible with: Chrome, Firefox, Internet Explorer, Opera, Safari, Android, iOS, Mac, Windows

Pros

  • Easiest password manager to use
  • Password sharing
  • Determines the strength of each password
  • Claims that their auto login and form filler will save each person 50 hours a year
  • Password Changer, automatically changes all or a selected set of passwords with one click
  • Best looking password manager

Cons

  • Expensive
  • Not the best email support
  • Setting up 2FA required research, it wasn’t self-explanatory

Price

  • Dashlane Free works on one device, Mac, PC, iOs, or Android. You can share up to 5 logins with other users, but you have no access to your Dashlane passwords online and cannot sync information across different devices.
  • Dashlane Premium costs $39.99/year and allows unlimited login shares with other users. It works on multiple devices so your devices will continuously be syncing up.

Coupon Code

Try Dashlane Premium 30 days for free by clicking this link!

Now through 8/31: Save 10% on a 1-year Dashlane Premium plan with code DASHLANE10 and never forget another password!

Click here to read our Dashlane Review

Video

The video below gives you a glimpse of what Dashlane looks like on various platforms.

Lastpass Review

lastpass-logo

#1-Best Value

Visit Website

Lastpass is also tied for best password manager. I have used LastPass since August 2013 so I am fairly familiar with it. A company I work for uses it so I’m able to store all my business and personal accounts. Overall, Lastpass has been easy to use, secure, and very dependable. When the Heartbleed Bug hit, Lastpass notified users of the hack, it allowed users to run a security check against their accounts to see if there were any breaches. It also made recommendations on the websites it felt may have been compromised and it was easy to update passwords as needed. One of my favorite features is the password generator. All of us have many work and personal web accounts. So it is crucial that we have unique, strong, and complex passwords to lessen the chances of our accounts getting hacked. This is when the password generator is extremely beneficial.

Compatible with: Chrome, Firefox, Internet Explorer, Opera, Safari, Android, Blackberry, iOS, Linux, Mac, Windows

Pros

  • Works with iPhone, Android, Linux, Mac, Windows and Blackberry
  • Share and send login information to other Lastpass users securely
  • Notifications appear in toolbar to save new usernames and passwords
  • Unlimited stored logins
  • Password strength report

Cons

  • Tries to save passwords multiple times which results in duplicate entries or outdated entries
  • Not the best reputation for customer service
  • Doesn’t work on the Kindle very well
  • The mobile app could use some work
  • Setting up multi-factor authentication can be difficult, but it’s worth it since you get added security
  • Hacked in 2015, but nothing was stolen and Lastpass handled it well

Price

The basic version of Lastpass is free, so you don’t have to make a commitment before you try it.

The Premium version of Lastpass is $12 per year. The added service is having access on your mobile phone with the Lastpass app.

Lastpass Enterprise is available for businesses. Admins have the ability to enforce password requirements, share sites with individuals and teams and track system activity. Pricing is as follows:

  • 1-100 employees – $24/user per year
  • 101-1,000 employees – $20/user per year
  • 1,001-10,000 employees – $18/user per year
  • More than 10,000 employees – contact LastPass for a custom quote.

Click here to read our Lastpass Review

Dashlane vs Lastpass

To sumarize, between Dashlane and Lastpass, Dashlane is my absolute favorite. If price weren’t an issue, I’d choose Dashlane over Laspass. However, since price is a factor, I would go with Lastpass since it’s less expensive. Lastpass does basically everything Dashlane does it just doesn’t work as smoothly and you may incur some hiccups.

1Password Review

1 Password logo

Runner Up

Visit Website

1Password recently changed its pricing structure. It now offers a family plan as well as a one time purchase for a 1Password license that works on both Mac and Windows. Before, you had to purchase a license for Mac and a license for Windows. This is definitely an improvement. The most frustrating thing with 1Password for me was that it wouldn’t keep me logged in. So I had to constantly login with my master password throughout the day. Because of this annoyance, we didn’t feel it fit in our top three.

Compatible with: Chrome, Firefox, Internet Explorer, Opera, Safari, Android, iOS, Mac, Windows

Pros

  • Secure password sharing
  • Syncs with Dropbox
  • App integrations for mobile
  • Easy to import passwords

Cons

  • Doesn’t keep you logged in
  • Asks to save a password that’s already been saved
  • Search bar to find saved passwords doesn’t work well
  • Performance is not consistent

Price

  • 1Password – $64.99 one time purchase
  • Families – $5/month for up to 5 people
  • Teams Standard – $3.99/month per user (billed annually) or $4.99/month per user (billed monthly)
  • Teams Pro – $11.99/month per user (billed annually) or $14.99/month per user (billed monthly)

Password Manager Comparison Table

Below is a comparison table of our password manager reviews. You can see what each company offers in its password manager.

Free Version
Pro Pricing
Password Generator
Form Fills
Financial Auto-Fills
Password Strength Report
Secure Password Sharing
Two-Factor Authentication
Unlimited Stored Logins
Customer Service
Mobile App
Multi-Site Login
Face Recognition
1st: Dashlane
Read Review
Visit Website
­<\/i>
$39.99/year
­<\/i>
­<\/i>
­<\/i>
­<\/i>
­<\/i>
­<\/i>
­<\/i>
 Email, FAQs & Twitter
­<\/i>
­<\/i>
­<\/i>
2nd: Lastpass
 Read Review
 Visit Website
 ­<\/i>
 $12/year
­<\/i>
­<\/i>
­<\/i>
­<\/i>
­<\/i>
­<\/i>
­<\/i>
 Email, FAQs, Forums & Tutorials
­<\/i>
­<\/i>
­<\/i>
3rd: 1Password
 Read Review
Visit Website
 ­<\/i>
 $64.99
­<\/i>
­<\/i>
­<\/i>
­<\/i>
­<\/i>
­<\/i>
­<\/i>
 Email, FAQs & Forums
­<\/i>
­<\/i>
­<\/i>
4th: KeePass
Read Review
Visit Website
 ­<\/i>
N/A
­<\/i>
­<\/i>
­<\/i>
­<\/i>
­<\/i>
­<\/i>
­<\/i>
 Email, FAQs & Forums
­<\/i>
­<\/i>
­<\/i>
5th: Keeper Password
Read Review
Visit Website
 ­<\/i>
$29.99/year
­<\/i>
­<\/i>
­<\/i>
­<\/i>
­<\/i>
­<\/i>
­<\/i>
 Email, FAQs & Forums
­<\/i>
­<\/i>
­<\/i>
6th: Roboform
Read Review
Visit Website
 ­<\/i>
$39.95
­<\/i>
­<\/i>
­<\/i>
­<\/i>
­<\/i>
­<\/i>
­<\/i>
Email, FAQs, Live Chat, Phone & Tutorials
 ­<\/i>
 ­<\/i>
­<\/i>
7th: Sticky Password
Read Review
Visit Website
­<\/i>
$29.99/year or $149.99
­<\/i>
­<\/i>
­<\/i>
­<\/i>
­<\/i>
­<\/i>
 ­<\/i>
Email & FAQs
­<\/i>
­<\/i>
­<\/i>
8th: True Key
Read Review
Visit Website
­<\/i>
$19.99/year
­<\/i>
­<\/i>
­<\/i>
­<\/i>
­<\/i>
­<\/i>
 Up to 2,000
FAQs, Live Chat, Phone
 ­<\/i>
­<\/i>
­<\/i>

Keepass Review

Keepass logo

Visit Website
When you go to the KeePass website you feel like you’re entering a time warp to the 90s. It’s a little disappointing that they don’t have a modern design, but don’t write them off yet. They have one of the best reputations we have seen (just take a look at our comment section below). We were pretty excited to test this password manager out. However, I have a Mac computer, which I learned that KeePass is NOT Mac friendly. Although there’s a Mac version available for download I came across two big issues: 1) figuring out how to download it was frustrating, and 2) once I had it downloaded I was unable to even open it. I was pretty bummed out that out of all of the password managers I wasn’t able to test this one out since it had great reviews in our comment section. However, if you’re a Windows user we recommend testing this one out since so many others have had a great experience with KeePass.

Compatible with: Chrome, Firefox, Internet Explorer, Opera, Android, Blackberry, iOS, Linux, Mac, Windows

Pros

  • Performs well on Windows
  • Password strength report
  • Great reputation
  • Users love it
  • 100% free

Cons

  • Downloading the Mac version was confusing and once it was downloaded it wouldn’t open
  • Wasn’t able to use this password manager due to the inability to open after download
  • Difficult to keep synced between devices
  • No secure password sharing
  • Outdated looking site

Price

KeePass is completely free.

Keeper Password Review

Keeper Password logo

Visit Website

When I first signed up for Keeper and was filling out my login details it didn’t have me type my vault password twice. This could have been problematic had I entered it wrong. For a password manager, this is a no-no in our book. The interface is a bit outdated, it gives the feeling of a spy game mixed with Windows 98. There was a lot of excess clicking with this one—click the lock icon, click fill username, click fill password, etc., it needs to be more seemless. For my work and personal accounts I sometimes have multiple logins for a website. Sometimes Keeper would take the username of one account and the password from another and try to log me in. At the end of the day, I wasn’t a fan of Keeper Password. It caused me more stress and didn’t save me any time.

Compatible with: Chrome, Firefox, Internet Explorer, Opera, Safari, Android, Blackberry, iOS, Linux, Mac, Windows, Dolphin, other Android browsers

Pros

  • Free 30 day trial
  • Pre-loaded onto AT&T devices
  • Secure file storage
  • Ability to import/export stored data
  • Find duplicates feature

Cons

  • Form fills are more difficult to use
  • No password strength report
  • Expensive
  • Didn’t simplify the login process
  • Outdated interface

Price

  • Free: 1 user, 1 device, only password storage
  • Personal: $29.99/year for unlimited devices
  • Enterprise: must contact Keeper

Roboform Review

Roboform logo

Visit Website

Previously, RoboForm was a top contender for the Best Password Manager but after talking with our readers and conducting more research, we’ve learned that their reputation is not as good as it used to be. Importing a CSV file from Lastpass was taking forever, so I decided to call Roboform for assistance. The man was very nice and friendly but he told me that Roboform doesn’t have a way to import passwords on a Mac. It was on a previous version but was buggy so they removed it. This is a basic feature for password managers and the fact that Roboform doesn’t have it is surprising. The rest of my experience with Roboform wasn’t good either. The interface was clunky and not user-friendly. It tried to save the same login multiple times and overall it was a confusing experience.

Compatible with: Chrome, Firefox, Internet Explorer, Opera, Safari, Android, Blackberry, iOS, Linux, Mac, Windows, Palm, Symbian, Windows USB Drive

Pros

  • Free version includes mobile
  • Batch Login lets you log into 3-5 sites at once

Cons

  • Free version stores only 10 logins
  • No secure password sharing
  • No password strength report
  • Form fill doesn’t work on smartphone apps
  • Complaints from users in our comment section
  • Clunky interface
  • No option to import passwords on Mac

Price

  • RoboForm Free saves 10 logins from which you have access on mobile devices, PCs and Macs.
  • RoboForm Everywhere is $9.95 for the first year and then increases to $19.95/year. You get unlimited stored logins and free upgrades.
  • RoboForm Desktop is $29.95 for the first license and $9.95 for each additional license. This version works on a single computer and has no online storage or syncing. You get unlimited stored logins and free minor updates. You only need one license per computer and it works on Macs and PCs.
  • RoboForm2Go 7 – $39.95 per license. Stores all your passwords, logins, bookmarks, etc., on a USB to use on any Windows-based computer anywhere in the world.

Sticky Password Review

Sticky Password logo

Visit Website

My experience with Sticky Password was less than stellar. Again, I couldn’t import passwords onto a Mac with a CSV file from Lastpass—a feature we think all password managers should have. Saving passwords was difficult, the box pops up so quickly and then disappears that it’s impossible to click to save the login details, so you have to go in and add it manually. I was adding my identity to a form fill and it changed my birthday to a different date. It also added values that I did not select (timezone). It also opened the desktop dock at times it wasn’t prompted to. Overall, Sticky Password caused more trouble than help.

Compatible with: Chrome, Firefox, Internet Explorer, Opera, Android, iOS, Linux, Mac, Windows

Pros

  • Covers the largest variety of browsers
  • Memo storage

Cons

  • No password strength report
  • Changes form fill data
  • Does not import passwords onto a Mac
  • Saving a password isn’t easy
  • Clunky desktop dock

Price

  • Sticky Password Free
  • Sticky Password Premium – $29.99 for 1 year, 1 user or $149.99 for a lifetime license

True Key Review

Visit Website

True Key, previously known as PasswordBox, is a password manager from Intel Security. What sets it apart from competitors is the fact that you can login with face recognition. You can test True Key out with the free version which stores 15 logins and for $19.99 per year you can get unlimited passwords. True Key is still fairly new so we’re still getting user feedback from this password manager.

Compatible with: Chrome, Firefox, Internet Explorer, Android, iOS, Mac, Windows

Pros

  • Face recognition and fingerprint scanner

Cons

  • Wouldn’t import my passwords from Lastpass
  • Free version only stores 15 logins
  • No password strength report or secure password sharing

Price

  • $19.99/year

Which Password Manager Should I Pick?

We’ve researched a number of password managers and we know all too well that it can be overwhelming to decide which one to pick. Although we think Dashlane and Lastpass are the best password managers, it doesn’t mean they will be the best choice for you and your needs. There are many great password managers out there and one may give you a better experience than another. Make sure you’re comfortable with your decision because the password manager you choose will be protecting all your important data.

What do you think the best password manager is?

Our site's mission is to help consumers make more informed purchase decisions. This website accepts financial compensation from some of the companies mentioned which allows us to provide this free service to our readers. Compensation does not influence the rankings of products. More info on our disclosure page.

Sign up to Receive a Free Home Safety Checklist, and Monthly Security Tips & Reviews!


About Kimberly Kurimski
Kimberly has always taken security seriously. Whether it's making sure she locks all the doors or using complex passwords, she tries her best to live a secure life. She has years of experience with testing, reviewing, and writing about security systems. One of her favorite parts of her job is being able to inform consumers of the best security products available.
Previous:
Next:
  • Laurence Pitt

    Good reviews – but if the one thing that kept 1Password out of the top is that it kept logging you out then I’d point out a couple of things which could change your mind.

    1. This is a security setting – people do walk off and leave their screens unlocked, 1Password means that even if someone accesses your laptop they cannot access your personal passwords. So it’s a huge PLUS that it does this.
    2. There is a setting under preferences to either increase the time before login is required (default 5 minutes) or switch it off. Honestly having invested these $ in the product switching it off seems insane, but you could increase it to ten minutes.

    Perhaps worth a second look?

    Also – LastPass may be the best value, but it’s also had a number of vulnerabilities exposed. Most recently Google have given them a 90 day warning for some areas which need to be addressed. So best value is not really a measure that I would consider for something this important.

  • Having tried LastPass, KeepPass and 1Password, I’d agree with you that LastPass is the best. However (to reverse Shakespeare’s quip) that’s “praising with faint damnation”, as they’re all pretty dire on mobile. In fact, while I don’t mind paying for LastPass premium, it does irk me somewhat that, notionally, the “premium extra” I’m getting for that is the clunky Android integration, which is LP’s poorest feature.

  • I tried using LastPass, and found it a nuisance.

  • Jessie

    If you are looking for an alternative password manager, take a look “Intuitive Password” online password mansger. I have more than 200 passwords and they are all different for each site, I use it everyday. It works on all devices including smartphones, tablets, laptops and desktop PCs without installation required. Intuitive Password provides a Data Restore Points feature so you can’t lose your data using their service.

  • Michael Salm

    We are looking at Pleasant Password server to replace LastPass Enterprise. When it works LastPass is great, but it only works with maybe 66% of the sites our users access. For the rest of the sites we have to use spreadsheets with the credentials in plain-text, which completely defeats the purpose of a password manager in the first place. Any browser plug-in based system is doomed to fail due to variations in browser version, plug-in version, and the technology used to build the target site. Pleasant uses tried & true Keepass for the client, so you avoid the browser/plug-in/site version issue all together.

  • Mitchblue

    LastPass, imo, is incredible. I’ve only tried a couple others, Password Box and 1Password, didn’t like either. LastPass fits the bill for me.

  • TeacherMac

    Enable multi-factor authentication

    This is the most important step you can take if you haven’t already. Even if the worst happens and hackers get your master password, they’ll still need the authentication code to access your account if you have two-factor authentication enabled. Multi-factor authentication isn’t important just for LastPass—you should be using it on any site that offers it, including social networks, email accounts, and so on.

    Speaking of which, cracking that master password is going to take a long time unless your LastPass password is unbelievably weak, such as 1234LastPass or something similar. To crack your master password, hackers first have to get past your authentication hash—which includes 100,000 rounds of PBKDF2-SHA256 hashing—on the LastPass servers. Hashing uses an algorithm to convert one string of text into a longer string so that is difficult to reverse engineer and discover what the original text was.

  • TeacherMac

    Having to install 1Password on every device you need to access limits the use to non-professionals and for that market it’s way over priced. Using multi-factor authorization and LastPass allows full flexibility and security anywhere in the world (Even when using remote access) without any installation and is much less the price (More Users?) and is much easier to use across platforms and devices.

    Perhaps this app is more intended for Apple device users as it’s quite awkward for Windows and Android users.

  • Lots of great points to think on here, thanks for your feedback. Depending on an individuals security needs, comfort level with technology, and personal preferences, I think the “best” option kind of changes. For most users, I think online password management is a decent option because they’re trying to avoid common hacks and reduce time spent on forgotten passwords. For those that are looking for fort knox level security, it might make more sense to take some of the steps you mentioned.

  • Peter Southwell

    “Keeper Password has all of the features that the other password managers have except for a password strength report.” For the record.. Keeper security now offers this.

    • Thanks for providing this update, Peter! We will be sure to update.

  • You bring up great points! We will definitely consider adding this in for our next update to the article. Thank you for taking the time to add your insight!

  • pictor

    I am stunned. I use 1Password, and I find it brilliant (and much better than LastPass which I have also used). I haven’t used the others, but 1Password gives me a flawless experience.

    • PikeLife

      I wish! I agree — inconsistent. It used to be very reliable. But now, sometimes it will autofill name and password, sometimes not. And every upgrade costs money, so I don’t see any advantage over LastPass Premium. I haven’t used LastPass yet, but seriously thinking of defecting now because 1Password is driving me crazy.

      • The basic version of LastPass is usually enough for the average user. If you have needs for more, we feel the premium subscriptions are great options in this space.

        • PikeLife

          I can’t imagine using it without Premium — if you have both a laptop/desktop and mobile devices, it’s a no-brainer that you’ll want to have access on all of them, unless you like looking passwords up on one device and typing them into another. I don’t think the yearly Premium fee is unreasonable, mind you — it’s fine. But I think it’s rather silly to say the free basic version is enough for the average user. I don’t know anyone savvy enough to use a password manager program who wouldn’t want access to it on both mobile and desktop devices, other than the few folks I know who’ve ditched laptops altogether.

    • TeacherMac

      I suspect that you’re an Apple device user since 1Password is useless with Windows and Android. Having to install the app on devices that I don’t own is a waste of my time. As much as I’d love to dump LastPass, only because of being bought by LogMeIn, it blows away the competition in terms of security, flexibility and ease of use, no matter where you are in the world and at a price that can’t be beat.

      Dashlane just over priced themselves and when I saw the price on installation it was immediately removed.

  • revelated

    As a long time LastPass customer, I’m sad to say I have to leave them now.

    I know others are a bit nervous about cloud-based password archive storage. LastPass can work fully offline if you want, just storing the backup in the cloud. If someone compromised that, they’d have to figure out your master password to do anything with it. It’s as secure as it could get. And LastPass worked extremely well across devices and browsers with slight exceptions (IE).

    But LogMeIn – of all companies – buying LastPass is not acceptable. To me, that compromises the purported security, because LogMeIn has no real concept of secure access.

    KeePass is a good password manager, but I found it rudimentary compared to LastPass. Manual keystore copying, etc.

    • Barbara

      That is exactly why I am looking for another company. I have DashLane but as the trial runs out I do not have $40 to go premium. Some things are also easier with LastPass, Heartbreaking,

    • TeacherMac

      I agree that it was an incredible mistake selling out to LogMeIn for all your reasons however… LastPass does beat the competition for security and ease of use and, since I’ve been using and recommending LastPass for four plus years, the price and ease-of-use across devices and platforms can’t be beat.

      I’m sure to leave once there are any issues associated with LogMeIn and, like yourself, I’ll bite the bullet and return to KeePass.

  • johncAtl

    Seems like a pretty biased (maybe paid for) review. But other than clicking on a Google link on about the third page of a search I would never have heard of A Secure Life. And I have no reason to ever come back. Complete trash.

    • I’m so sorry that you are not pleased with our site. I can assure you that this article is not biased and is not paid for by any company. You can read more about how we value our unbiased reviews here: http://www.asecurelife.com/int/our-review-process/
      I hope you do not write us off completely and I wish you the best of luck in your password manager search.

      • Barbara

        More gracious than most!

    • TeacherMac

      Why waste time posting an empty thought since you provided nothing useful?

  • ciborg

    Roboform is available for Opera.

  • Thales Claro

    Keepass on 7? You have no idea what are you talking about then.

    • Hi Thales, would you like to share more about your experience with Keepass? We love hearing about what our readers think and getting feedback from them helps us with our audits in the future.

  • Jim Dawkins

    So you rank security software based on ease of use versus security? I would like a review that is more exact. For example some of these solutions store everything locally or give you that option. Others store and sync with the cloud. Considering those factors the rankings would be different.

  • stephendt0

    Thank you for this detailed review. It makes life a lot easier for those who are unsure on what’s best for them these days.

    • Glad you like the article! Let us know if you have any questions about password managers!

  • Red Raleigh

    Lastpass got hacked a few days ago. They recommend setting up 2-Factor Authentication, but if you have 2-Factor Authentication already set up (without Lastpass) do you really need a super strong PW Manager?

    • That’s a great question! The purpose of a password manager is to simply store all of your passwords. It’s never a good idea to have the same password for all your accounts and depend solely on the changing of your two factor authentication code every 30 seconds. You want all passwords to be unique and that can cause some confusion for you when entering your credentials and a potential hacker when trying to crack your password. That’s why password managers are handy. No matter which company you choose, you don’t have to remember all of the uppercase, lowercase, numbers and symbols in your passwords. All you have to remember is one master password for your password manager and setup two factor authentication (ideally for all accounts possible, including the password manager). Let me know if you have any more questions!

  • Dan

    Two things missed for 1Password, it does have IE browser support and a free version that is limited to 20 logins.

    • Thanks for mentioning those to us Dan! We have updated our table to reflect that information!

  • Shawn

    The “Intuitive Password” online password manager should be included in the review as well.

  • It looks like LastPass forces you to sync your password vault with their server. I have a big problem with any vendor forcing me to send them a copy of my passwords–even if they’re encrypted. Computer security always begins with physical security. Once that encrypted password vault is sent to someone else, you have no idea who can get a copy and try to crack it. Yes, I’m paranoid, and you should be too!

    • Jim Dawkins

      I agree.

  • Holcreek

    This comparison table while very well done, definitely misses the most important factor: self-hosting capability. NSA and proof of massive surveillance and leaks gave user’s trust a hard hit. Self-hosting feature is a no-brainer for many people now.

  • Ignitos

    First of all a great research for password managers. According to your table Dashlane supports Opera, which is not the case. I’ve used Dashlane for last 2 years and this is the reason why I’m searching for an alternate.

    • Mathias Thorsen

      I got the Chrome extension to work in Opera a while ago when I used it. I think I found the how-to by just searching.

  • Shawn

    If you are looking for a password manager that works on all devices without installation, try “Intuitive Password”. It’s a great web-based password manager ever!

  • Very interesting review, but you are forgetting a great feature: fill forms on softwares.
     
    This is the big feature for me on RoboForm: he fills almost any fill forms on Windows. Things like all setting on my IMAP account in Outlook, log in at softwares like Evernote, and many others. This is a killer feature for me.
     
    Another big advantage of RoboForm is that he fills logins and passwords that neither LastPass, Dashlane or 1Password fills. Last time I examined all of these softwares was 6 months ago.
     
    I know that because I am tired of RoboForm. I was trying to change to any other for the last 3 years already, but every time I essayed a new one, I realized that they do not get many websites that RoboForm do, as my bank account website and many others.
     
    As a LastPass user, you may did not notice the difference, otherwise would know that several sites that LastPass does not capture the fields filled, the RoboForm capture. How do you do with websites that LastPass do not grab?
     
    One thing that I do not like on RoboForm is that, different of 1Password, I cannot create my own items that are not related to login on the web or an app, like my software licenses. That is nice on 1Password. In addition, his design and integration with the iPhone are great.
     
    Now I am stuck on RoboForm because there are not an export option. I hate this! This is not a cool way to retain customers. They take forever to make updates and add new features. To date the RoboForm does not have Touch ID! Moreover, the design too, this is something that any tech company need to renew all the time and not every 5 years.

    • Bruce

      LastPass has form filling. And has had it for years.

    • Allen

      Lastpass has instructions and link for for downloading Roboform 6.9 which will export to HTML and the the Last Pass instruction page instructs how to convert and encode it for LastPass import. I have been on Roboform probably over 15 years, just completed the export/import in about 10 minutes after reading instructions and downloads. So far, I like what I see. I am keeping RoboForm for now (I did renew for 3 years 1 yr ago), but if everything continues to go well then in a couple months, I will ask for a refund (I wonder how that will go with the company that has an import function and eliminated the export option when they went to version 7 (keep and don’t allow customers to leave).

  • Andre J

    I don’t see how this article can be trusted, given that the links to the services are affiliate links.

  • Michael Charvet

    The big problem with Roboform is there is no EXPORT feature. The Roboform folks stopped allowing printing to a file or exporting way back in version 6.9. Once in Roboform you’re stuck unless you use some third-party utility or import feature to move your data and I’ve found those don’t work 100%. I’m trying a move from Roboform to LastPass right now and I’m seeing some glitches. I loved Roboform at one time, but they haven’t kept up with the various login methods available to site developers, the woefully inaccurate login suggestion box pops up all the time, the account registration is convoluted, and worst of all, there’s no EXPORT. Roboform was great years ago, now second tier.

    • Agreed.

    • Jim

      Everyone interested in Roboform should heed this man’s points. Roboform is now a complete MESS. I too liked it over Lastpass at one time. Not now, and worst I don’t even trust Roboform going forward.

  • Paul Moore @ Rambling Rant

    That’s key splitting, not 2FA.

    • SpaceWalker0720

      Thanks for clarifying. So at this point I’m sure there is a knowledge deficit on my end (and obviously most others) if we think being asked for 2 things = 2 Factor Authentication. That being said, even if KeePass is really offering “Key Splitting”, it still requires multiple pieces to the key, and to an intruder they have no idea how many “pieces” are required to make the key, so to my mind that’s still a valid English definition (even if not a correct technical description) of requiring “2 factors” in order to “authenticate”. So, since you say they are not the same, could you state that between “split keys” or “2FA” which is inherently safer and why? (Note: I’m’ not trying to have any harsh tone here, I really would like to understand this better.) Thanks.

      • Paul Moore @ Rambling Rant

        You’ve hit the nail on the head… the confusion lies between the English definition of “factor” and the technical definition which developers use.

        This is a complex topic and a Disqus thread isn’t ideal for explaining it properly. I’m going to blog this tomorrow (I have seen your other comment on the blog too; I’ll reply shortly), but I’ll try to keep this short & sweet.

        Every authentication process has a verifier and a relying party. When you login, you’re sending your credentials to the verifier which takes your passwords, OTPs etc and checks them against known information already stored about you. The relying party relies on the result from the verifier before deciding if you should be logged in. For the most part, the verifier and relying party are one and the same. If you use a Yubikey for example, Yubico is the verifier and the site in which you’re trying to login is the relying party.

        When we talk about 2SV, 2FA, 3FA etc, we’re actually saying the verifier requires a higher level of assurance before you’re granted access; beyond a traditional password-based, 1FA scenario.

        Take the word “PASSWORD” as an example…

        Using PASSWORD in a 1FA (username & password -> verifier) scenario is insecure. All you’re required to present to the verifier is a single, weak credential.

        Using PASS (from memory) and WORD (from a USB stick) is called key-splitting. Whilst it’s true that YOU need both something you know and something you have (suggesting 2FA), the application (KeePass for example) concatenates those two values into one and presents them to the verifier as one string, PASSWORD. The verifier has absolutely no way to know if those values were entered by an attacker as PASSWORD, or by you as PASS (from memory) and WORD (from a usb stick). It cannot assert that the bearer (the one handing the information over) “has” anything, thus it’s not multi-factor. However, it does provide a slight security benefit, as keyloggers would only capture the memorized portion of your key; requiring an entirely different attack to capture the data stored in the key file. Use it by all means, but be mindful that PA SS W ORD (4 keyfiles) is insecure, regardless of how it’s presented to the verifier.

        Most 2FA/Multi-Factor devices fall into 2 categories… OTP generators and cryptographic devices.

        As the name suggests, an OTP generator provides a cryptographically-random one-time-password derived from a shared (between you and verifier) crypto seed. The seed itself is never presented to the verifier (thus can’t be captured over HTTP/HTTPS etc), but it’s used as the basis of generating the OTP. When the verifier receives the OTP, they create their own OTP derived from the shared seed. If they match, the verifier asserts that you, the bearer, must “have” the device which contains the seed. That, combined with your password constitutes multi-factor authentication. It’s worth keeping in mind, it’s not an absolute assurance. A 4 digit OTP has just 10,000 combinations, though most use 6 digits (1 million combinations). Using 6 digits, the attacker has (for the sake of argument) a 1 in a million chance of getting the right OTP. It’s that probability factor (English definition 😉 ) which allows the verifier to assert that the bearer almost certainly “has” the device.

        A cryptographic device works in a similar fashion, but relies on asymmetric/shared-symmetric keys and variable inputs before splitting out a token authenticator (not to be confused with a password) which is subsequently handed to the verifier.

        Hopefully, that’s a bit clearer 🙂

        • SpaceWalker0720

          Thanks – I think so. I’m getting a picture in my head of how to illustrate this in a “normal” non-internet fashion as you’ve split out the verifier and the relying party. And so now it strikes me this is similar to how PGP does or might work (and also alludes to it’s weakness as well in some lack of verification of parts of the issuing chain.) Thanks.

  • Dima

    KeePass should be higher ranked. I have been using it for years across multiple platforms including Android, Linux, Windows and Mac. The way to sync is simply via Dropbox or ownCloud or any other sync service most of us already use.

  • Tim

    Last Pass is only free if you don’t use any of the mobile device apps. Apps require a subscription of $12 per year.

  • 9to5Slavery

    You should make one that is best for Apple related Products and one for Windows and one for Google Products as well. More flavor.

  • Paul Moore @ Rambling Rant

    Hi Kimberly,
    Technically, none of the password managers you’ve outlined offer 2 Factor Authentication…although some claim to offer it.
    I’m curious though, what makes you think Roboform and 1Password offer it?
    Thanks.

    • Hi Paul, thanks for the comment! Great catch with 1Password. They do not offer multi factor authentication, but hope to do so in the future. According to this article (http://www.roboform.com/blog/multifactor-authentication) Roboform does offer multi factor authentication.
      I’m curious why you say that none of the password managers offer 2 factor authentication? Do you see different requirements for this feature?
      Thank you again for commenting and we have updated our article accordingly.

      • Paul Moore @ Rambling Rant

        Essentially, 2FA isn’t possible in the context of encryption. The only instances where “2FA” exists (LastPass etc) is to mitigate risks introduced by LastPass, not the encryption process. Even then, it’s not actually 2FA as there’s no authentication going on.

        I blogged this recently.
        https://ramblingrant.co.uk/password-managers-facts-fallacies-fud/

  • Just a thought

    A thought after reading this.

    Seems like the author made a huge misstep as far as not mentioning the privacy of your data (i.e., where it’s stored and, by extension, who has access to it).

    For example, a huge benefit of 1Password that isn’t mentioned in your chart is that you can keep your data on your local machine so that the only person(s) who have access to it are you or anyone you give the master password to. That way, it’s never sitting on a cloud server of any kind. To contrast with your number 1 pick, it looks like LastPass syncs your private data up to a server. Personally, this is a huge no-no for me (don’t care that it’s encrypted). So I really love that I can use 1Password and my data stays on my local machine. Oh, and I can sync that data to my iOS devices via WiFi (i.e., my secured home WiFi network), again avoiding using cloud services to sync my private data.

    I reckon this is a huge point for folks.

    • This is a great point you make, but I think others may disagree with you. Some may not want to use their local drive because it could crash. The cloud on the other hand is a good back up to have.
      There are pros and cons to both so the preference of where the passwords are stored will vary by user.

      • Tim

        The chance that all of your devices that you keep your passwords synced with would crash at the same time is about 2,723,468 to 1.

        • Gary Wooding

          I don’t yet have a password manager and none of the reviews indicate that any can cope with websites that say something like, “Enter the 2nd, 5th and 8th characters of your password”
          If your password has been generated for you, and you can’t see it, how do you enter the requested parts?

          • Great question Gary! Typically password managers have a “vault” where all of your data is stored. If you enter your master password you can then see what passwords you have stored. So say you had your password manager generate a password for your PayPal account and PayPal asked you to enter the 2nd, 5th and 8th characters of your password. You could login to your password manager with your master key and go to your PayPal data and see your password so you could then enter your three characters. Let me know if you have any other questions!

            • Gary Wooding

              Thank you Kimberly, that answered my concern totally.

          • Tim

            I am curious what websites do that? I have never seen a site ask for that. In fact, I would be EXTREMELY suspicious of a site that asked for any characters of your password in a particular order because it could be phishing for your password. If a site is already asking for your full password, then there is absolutely no reason to ask for particular characters in a particular order.

            • Dingus McFlaggan

              This is how most 2FA with forward thinking works, e.g. enter the first then 3rd number of your pin; now enter the 6th and 3rd characters of your password. This is done so the full password cannot be captured and also so you don’t have to carry around a stupid token or rely on your phone for a soft token.
              Other companies go a step further with this logical approach (like Kiwibank in New Zealand implemented in about 2002 as they are much further ahead than US or UK banks) where you have to click a virtual keyboard to select the random characters so key loggers cannot have any success, nor screen scraping or man in browser attacks.

          • AndyGBrown

            Keepass does this out of the box: it shows a form, you click the buttons “2”, “5”, “8”, and it fills in just those characters. You don’t have to count characters to work out which ones to use, and you don’t have to display the password in plain text on the screen at any point in the process. I don’t know if other password managers do the same, just that keepass is quite good at this.

      • Doug

        Kimberly is completely right here.
        Having passwords stored locally, contrary to popular belief, is NOT as safe as having it stored in the cloud. Even if someone was to hack the cloud they could not access your details without the salt which is your master password, not mentioning that a lot of these services offer local storage as an alternative.
        I think you also lack a little knowledge thinking that locally makes it secure because it’s not online, if you get malware, say goodbye to those passwords.

        • Tim

          If someone is able to hack the cloud where your data is stored they will most likely also know how to be able to hack your master password.

        • Mark

          I think you’re conflating two aspects of safety – security and availability.

          Losing access to your data (such as all the places storing your data, be that the cloud or local storage devices, losing your data; losing one factor in two-factor auth, such as cell access to receive a SMS; or even just forgetting your master password) is availability, which seems to be the only one that you’re concerned about.

          However, the extra points of access (data no longer just flows through your device, but also through several networks and through another company’s servers) involved with a cloud storage system likely decreases security (not necessarily though, since a password manager that leaves the data in a plain text file on a phone that is frequently lost by its owner will be worse than a decent cloud based system – of course a bad cloud based system could let your passwords be harvested by someone that doesn’t even have physical access to your device).

    • Jim Dawkins

      Exactly.

  • bubbles

    Hi Kimberly. I have to say that you have a few things wrong with regards to 1Password:
    No password strength report–There is a password strength indicator (http://www.quora.com/How-does-the-1Password-password-strength-indicator-determine-the-strength-of-a-password)
    Doesn’t always bring up the correct password-It recognizes passwords based on the saved URLs associated with them. If you have the correct URL stored (e.g. https://www.facebook.com/login rather than https://www.facebook.com/), it will always bring up the correct password.
    Asks to save a password that’s already been saved–see the URL issue on my previous point.

    • Thank you for the information! I have changed the note about the password strength report in our article. However, from our research the other two notes can vary by user. So because you don’t have problems with this doesn’t mean others aren’t. Thank you again for posting in our community! I’m sure our readers will appreciate it!

  • Yes, it’s important to keep your information private and safe. I feel much more comfortable now that I’m using a password manager to protect my privacy.

    As for Thailand I loved their food! I’m actually planning on making Pad Thai soon! Just need to get a couple more ingredients. Wow, what I liked most? That’s a tough question! I think riding an elephant was definitely a fun experience. I also enjoyed the markets. It was fun to try new foods and look at all the vendor tables.

  • Scott Elliott

    Kimberly,
    I’m a little, no, very surprised KeePass is so low on your list. Look at all those check marks! The only real cons that I could think of that would make you rank it where you did was the Multi-Factor and Auth and Secure Password Sharing. That seemed to score high for you in your rankings. However, it does have Password Strength that only LastPass and Dashline have. It also works on all OS’s shown which only LastPass and RoboForm have. Now here’s the kicker: It’s completely free! That is huge for companies and, well, anyone, actually. So in my opinion, it sure seems like it would be a solid #2 for businesses due to the cons I mentioned above, but for personal use, it seems it should be #1. What are your thoughts?

    • Hi Scott, thanks for your well researched comment! You make some valid points, however, we stand by our rankings. Users struggle to keep their devices synced up for KeePass, and yes it is great that it’s free but it doesn’t perform as well as other password managers. Price is not the main factor for these types of reviews. We encourage our readers to test out KeePass before purchasing a password manager subscription and let us know how they like it. Perhaps KeePass can work its way to the top in the future. Again, thank you again for your comment and Happy Holidays! 🙂

      • MichaelColburn

        Hi Kimberly, not sure precisely what rubric you are using for grading but I’m with Scott. I have been a Keepass user for several years now and love it. The greatest selling point for me is precisely what you call a con. I store the file locally on each machine/device that uses it and sync with Dropbox with absolutely zero issues in over 2 years. Within seconds of making a change on any computer the change is propagated to the other machines. I’m not sure what other users are having issues with, maybe they are using it differently than I am. Anyway, it is great that I can use it for free on any platform, that it generates passwords based on complicated rules you can define, that it will tell me how strong passwords are that I generate myself, and that there are no limitations to the number of passwords it will store for free. I don’t use autofill features, so I could see where any weaknesses there or some other feature that others use might make this program fall to the bottom of your reviews, but based on my experiences syncing should not be viewed as its Achilles’s heel. Just a bit of anecdotal evidence for anyone reading this today and looking for an additional perspective.

        • Thanks for posting your experience! I’m sure our reader’s will appreciate seeing another opinion on Keepass!

        • Bruce

          I completely agree. If the con is that it doesn’t sync, it’s a complete non issue. I have the kbdx file on my Dropbox (and I periodically back it to my Google Drive as well). A change on my PC is immediately reflected on my phone. And a change on my phone is immediately synced up on the PC. For the latter to work, I have starred the file on my Android device. Not sure if the iOS version of Dropbox works the same way. I’d think it would, but iOS has some funky file access rules, so maybe not.

          I do use LastPass on the browsers though. It’s completely intuitive and drop dead easy. KeePass I use for all my sensitive data (bank accounts, Passports etc.)

        • I would never store my password on a drive like Dropbox, I’d rather have them in a secure vault. What happens if someone stole your file? Even if Dropbox is secure (and it’s not as secure as LastPass vault), anyone with access to your computer for like 2 minutes could just find and copy that file. Even if it is encrypted, it would be possible to brut force it. (I don’t know what’s the security about the file that contains all passwords using Keepass.)
          With LastPass, everything is sync, even if they get hacked (and they did) the way they store your master password doesn’t allow anyone to decrypt the data.

      • CrocoRyfe Dundee

        Hi Kimberly,

        I have to admit I’m on Scott Elliott and MichaelColburn side on this one, but for an additional reason: Open source.
        Though I admit most users don’t care (even if they should), it is proven that open sourcing your code, when it comes to security is an extra guaranty and security through obscurity is not the best way to go. I would put extra point for that.

        So KeePass is Free, provides Open security, lets the user choose where they can save their data if they don’t want to have them only locally stored (DropBox, Google Drive, Swiss or European servers with specific non US digital laws), or even syncing them through their own NAS… Keepass is the only one offering those advantages but gets stuck at the bottom of the ranking.
        Feels like the ranking metrics are neither fair nor complete enough IMHO.

        I respect your ranking, of course, but I wish those elements were mentioned as well to help users make their choice in full knowledge.

        Thanks for your post (and sorry for replying to an old post)

        • Thanks for your thorough comment! We will take these items into consideration during our next audit of this article!

  • KevinSelton

    Hey Kimberly, thanks for the great overview and comparison of password managers. Very handy! I have already chosen Sticky Password couple years ago, but will definitely check the others ones how they look like and how they are different. What is your own personal favorite one? And how was Thailand?! 🙂

    • Hi Kevin, glad you liked the article! How do you like Sticky Password? Anything you love/hate? My personal favorite is Lastpass. It’s been a total lifesaver for all of my work passwords and personal online shopping needs. Before Lastpass I used the same password for every account. NOT SAFE! Thank goodness I got a password manager haha! Thailand was amazing!! Such a beautiful country and I was able to experience so many new things. Very different from the U.S. and extremely hot!

Stay Informed.
Never miss an important security industry update from
A Secure Life.