“Hey, I think your email account was hacked.”
Unfortunately, I’ve received this message a few times over the years from friends who got questionable emails from one of my accounts. Each time, I felt annoyed and violated by the invasion of privacy, but then again, I wasn’t being smart with my passwords. I used simple combinations, and committed the ultimate no-no of using the same password for multiple sites.
If this sounds like you, here is your wake-up call.
This week, I took a look at three password-manager apps for consumers: LastPass, by a company of the same name; 1Password , by AgileBits; and RoboForm, by Siber Systems. Each app stores all of your various information in one central place, where it’s protected by a single master passcode. This way, you only have to remember one password, instead of dozens. And since the apps automatically fill in the data for you, they also allow you to use more complex, stronger passkeys for everything else.
All three worked fine in my tests, and I’ll go into detail about each later in this column. But first, how does a password manager work, and how much do they cost?
At its most basic level, a password manager stores your login information for specific Web sites, and automatically fills in the fields with the saved credentials once you revisit the page. In many cases, the apps will do the same with personal data, such as your address, phone number and credit card information, so you don’t have to manually fill out forms every time you want to check out from a shopping site, for example. You can even create multiple “identities,” such as personal or business, for different sets of information.
Many password-manager apps also offer a feature that rates the strength of your passwords, and include a password generator that can create a more unique and complicated passcode. (LastPass, 1Password and RoboForm all offer this.) You might be using your child’s name and birthday as a password because it’s easier to remember, but a random mix of letters, numbers and characters is going to be harder to crack. And you want a different and unique password for all of your various accounts. In short, take advantage of the password generator.
There are several types of password managers. Desktop apps store your passwords locally on your computer. Web-based apps store your information in the cloud, using their servers. And then there are token-based password managers, which require an extra level of authentication (often called multi-factor or two-factor authentication), such as inserting a provided USB thumbdrive, to gain access to your passwords.
Regardless of the type, password managers protect your data in an encrypted file, meaning that your passwords are unreadable unless you have the master password, so it’s important that you have a really strong master password.
Even so, password managers are not immune to attacks. Last year, LastPass, a cloud-based solution, had a possible data breach and recommended that users change their passwords, just in case. It also rolled out stronger encryption standards on its data. If you’re looking for the most secure solution, use multiple types of authentication.
LastPass is a Web-based password-manager app, and works across multiple operating systems and browsers, including Windows, Mac, Chrome and Firefox. It’s free, but you can upgrade to the premium version for $12 a year, which gets you a mobile version of the app, multi-factor authentication, removal of ads and other benefits.
I used LastPass on my MacBook Air and Chrome browser, and found it easy to use. Once it’s installed, you’ll find an asterisk icon in your browser’s toolbar, where you can sign in and out to access your passwords. The app automatically filled in all my credentials for saved sites, and filled in online forms correctly. The free app also offers a good number of feature-management tools, such as setting a time to automatically log out.
Unlike LastPass, 1Password creates an encrypted database on your computer, and not in the cloud. You can manually enter all your information into the vault, but it’s easiest if you download the browser plugin, which will automatically save the information. I thought this app offered the best user interface out of the three, and it even stores such information as software licenses. But it comes with a price.
A single-user license for the Mac or Windows version of 1Password costs $50 after a 30-day trial. A mobile version is also available for the iPhone and iPad for $15. Meanwhile, the Android app is currently in testing mode, but is free from the Google Play store if you want to try it out.
Siber Systems offers several versions of its RoboForm password manager. There is a Mac and Windows desktop version that stores passwords locally on your computer and costs $30 each. For users who want to be able to access their information across multiple machines, including mobile devices, there is the cloud-based RoboForm Everywhere, which normally costs $20 per year, but is currently $10 for the first year. The company offers a 30-day trial for both versions, and if you decide not to buy, you can still use the app for free, but you’ll be limited to just 10 logins and two identities. Finally, the $40 RoboForm2Go option lets you carry your passwords on a USB stick, but is limited to Windows only.
I tried RoboForm Everywhere, and it gets the main job done, but its user interface isn’t as intuitive or elegant as LastPass or 1Password. Also, browser support on Macs is currently limited to the Firefox and Safari Web browsers, and since I primarily use Chrome, I found this to be a problem. That said, the iPhone app is sleek. After entering my RoboForm user ID and master password, it synced all my stored passwords and provided direct access to those sites.
All three apps performed their main duties well. For most users, LastPass is a good option. The free version offers more than enough features, and it’s easy to use. If you’re wary of trusting the cloud, you can always check out 1Password and RoboForm using the free trials before deciding to buy.