Best Password Managers

Page 2 - Seeking answers? Join the Tom's Guide community: where nearly two million members share solutions and discuss the latest tech.
Status
Not open for further replies.
Dec 18, 2018
1
0
10
Very surprised that you did not even try bitWarden. Works well on all browsers and has a native Android app. Best of all, it's FOSS.
 
Dec 21, 2018
1
0
10
While Bitwarden is open source software, its usage is quite restricted. Everything is tied to their online / cloud account. Even if you configure your own server (and it is not light on resources by no means) you need licenses to use some features. Features that are bundled with some other password managers "for free". Bitwarden desktop apps are really just web apps (Electron framework based), thus heavy on resources and potentially less secure than small native well written apps. Bitwarden underwent security audit but so did many other services / software, e.g. 1Password, Enpass, etc.

So for instance Enpass is not fully open source, but they use open source encrypted database (SQLCipher) and everything is stored locally, no need for internet at all. Enpass does support synchronisation, but not via their servers, rather many 3rd party services or your own (WebDAV or local folder). So you could sync locally via a shared folder. And yes, I do consider it a big advantage that you have complete control where your data is stored. You own your data, don't have to pay at all (for desktop apps) or just one time (for mobile apps), and all features are available to everyone.

Bitwarden is surely not the solution we all would like it to be. If anything I'd rather stick with KeyPass (many implementations).
 
Dec 30, 2018
1
0
10
I use "Intuitive Password" password manager for storing and managing my passwords. This is the password manager that I have been used for years without worry about security and losing my data.
 
Jan 3, 2019
1
0
10
There is also Hideez Key that stores passwords encrypted on device and commonly used as secure password storage for office workers.
 

FreeToBeMe2014

Honorable
Jan 23, 2015
5
1
10,510
Wow, so after wasting my time writing up these responses, I come to find out the thread was CLOSED.

Then why was the Post Reply button not greyed out?

I noticed the text in tiny font way at the bottom.

I'm posting my comments here for others & I'm still searching for a good alternative to Last Pass that has all the features LP used to have before LogMeIn broke it.

Be aware that some of these tools do NOT store passwords on your device and so you CANNOT see them if you are not online. OK if you live at work or at home always connected. No so much if you travel or move around a lot. Keeper JUST CHANGED THEIR DESIGN. You can still see your passwords when not connected, but you CANNOT EDIT. so you cant add new data or do any editing if, for example, you are on long flight or a location without an inmediate link. This is a BAD THING and indicative of companies taking the easy way out to get your cash but reduce the meaningful feature sets! Just be careful!

So I didn't realize until afterward that the forum thread is from 2018, but the so called "review" is from 2019.

I know, this is an issue for a lot of them.

Did you stay with Keeper?

Why is safe in cloud not compared?

I will check to see if they have all that I need.

Thanks


I had a premium account with LastPass for about 5 years. This week I unsubscribed after hearing they were killing off XMarks. I was particularly disgusted because the news was sent very shortly after they renewed the joint subscription. Happily though, I am far more satisfied with Dashlane and Eversynch so LastPass did me a favour in the end.

I guess I should have started checking back last year when I started having issues with them after their August update, but I thought they would fix the issues.

I didn't know at the time that LogMeIn bought them out a few years back & THEY ar ehte ones responsible for all of the issues with LP.

They JUST did a MAJOR update & so many people are furious that everyone is leaving or begging them to change things.

LogMeIn doesn't give a (blank) & is ignoring everyone.

The update doesn't even let you auto-fill forms properly anymore, they hid where you find it & they made it so you have to click several times to get to the area that was 1-2 clicks before.

Oh, & they raised the price to $36. They've raised the price twice since they bought them out. It used to be $12.


I purchased Dashlane only to find out that it doesn't have full functionality in MS Edge (default browser windows 10). It wanted to force me to use Chrome or IE. I tried to use the online chat, only to hear that "the software will improve with time". I requested a refund because when I purchase a software app, I want something fully functioning - not a "beta" that leaves me with partial functionality!

He's right, you shouldn't be using ANYTHING that has to do with MS.
And DL sucks.

I tried them before & they cost a lot & their support doesn't understand English, & they constantly say they will fix something & I don't think they do.


I'm amazed that Lastpass is still getting such high ratings. Go on their forum and read the thread in troubleshooting about not saving passwords. Lastpass does not reliably save new passwords entered for web accounts. People create new accounts, use LP to generate a new password, and then discover that it wasn't saved and they have no idea what the password for their new account is. It's been happening to me more often than not. I'm not going to renew my premium account, and switching to something else.


I don't even trust this review.

Anyone who's giving LP 4.5 is either lying, or didn't research what just happened after their most recent update.

I started to have problems months ago with another update they did.

Read what I wrote above about LogMeIn buying them out.

The issue you had I didn't have, but I had other issues with form fills on right click not showing my ENTIRE list & the list they do show is all over the place, but it doesn't help me b/c it doesn't work.

And they first blamed my computer wasting my time only to FINALLY admit it was something on their end & months went buy & they never fixed it & then they wouldn't let me speak to a manager.




I 100% agree with this. I used LP for around 2 years with Chrome and found it would constantly not update any changed passwords in the vault properly and so seeing as I used LP to generate the password in the first place and it then didn't save it or saved a messed-up version of it that just contained a bunch of dots, I would end up generating a password, copying and pasting it to Notepad and then manually adding it to the vault at which point I thought what is the point of LP, I might as well do this myself and save me the money.

Plus a recent major security breach causing all my passwords and banking details to be hacked by someone and the lack of support from LP, was the last straw for me. If someone does try to access your account with them then they don't actually stop the person, they just send you an email or notification on your phone telling you but do nothing about it to block them. This happened to me overnight while I was in bed and unable to respond to the notifications and despite the hacker using an entirely different IP address and location (their IP address even said it was from IPVanish.com), they did nothing to block their access and due to the hacker having access to my email account, they were then able to request a password and login email reset from LastPass who duly obliged. I spent the next couple of days desperately trying to get in contact with LastPass as I was locked out of my own account and all they did was send me links to articles about either changing your password or if your email address was compromised, suggesting to just set up a new account and start again changing passwords. Meanwhile the hacker still had full access to my account!

As hokfujow says, their forum is full of people complaining about the service and they never seem to respond to the posts. I'm amazed how they still get to the top of most recommended password manager lists.

Read what I wrote above about LogMeIn.

If you go to their forum now you will see TONS of people jumping ship.

We are all trying to find a better alternative.


I used LastPass for a while until I realized it routinely didn't save my generated passwords. The UX is ok, but buggy and crashes, and the app just isn't reliable. I won't be trusting it to handle anything of importance again.

After an incident where a generated password that (again) didn't save made me unable to reach some important files I needed, I contacted their customer support, and that's when it turned really bad. Their support is basically a channel that repeats "you may experience loss of data, as stated in our Terms of Use." Not something you want to hear from a password vault company! I've experienced some really bad customer service in my life (and some great, luckily), but the dialogue with LastPass convinced me that this is not a company I want to entrust my private passwords to.

I do realize that encrypting something without knowing 100% sure that the password was saved was careless on my part, and not something I will repeat, but then again, you use this software because it's supposed to be trustworthy. And it's just not.

I'd stay away from them. They're cheaper for a reason.

They are NOT cheaper. They just raised their price to $24, then now to $36 from the $12 a few years ago. That's b/c LogMeIn bought them out & it's a terrible company.


#1 password manager I own is a pad of paper that sits next to my monitor. Never fails to save passwords, is not visible online to anyone. It's only flaw is that it won't auto-populate passwords by username onscreen.

LOL, you are funny.

  1. That doesn't help with form fills.
  2. Doesn't help when you need a login on your cell phone, other computer, or other devices.
  3. Doesn't help when you want a really difficult p/w created without having to think about it.

You clearly don't have many logins, form fills or you use very simple p/ws & don't have multiple devices.


I'm always amazed that password app reviews like this one never mention Mobile Password Safe (https://pw.ex.to/login.php).

It's a completely FREE service for managing all your passwords, or any other data you want to always have private and secure access to (credit cards, bank accounts, DMV records, etc.) It is fully configurable and can store any kind of numerical and text data. And being a web app it is platform independent. You can access it from any device you can get online with. So no worries about importing or exporting your data if you switch between iOS and Android, or between Windows and Mac.

I've been using it since 2008 without a single glitch or any problem whatsoever. So bottom line: it's flexible, it's powerful, it's easy, it's convenient and it's FREE. And of course it's encrypted, so your data safe. Why you would spend any money on any of the apps mentioned in this article is a mystery.

I will check this out, but it if it doesn't let you access it without Internet, that's a problem & does it have form fills?

Thanks


In your review, you wrote: "Dashlane's killer feature remains its bulk password changer, which can reset hundreds of your passwords at once, saving you time and worry in the event of a major data breach." This is complete BS. I signed up for the service and when I ran the Password Changer, it was only able to auto update 5 of my 164 accounts. FIVE!

Yes, it's true they can do this with hundreds of sites. And if you happen to have accounts with the same "hundreds of sites" then great. But "hundreds" is a pretty paltry number compared to all the websites in the world. None of my banks or credit cards were on their list, no Google, no Netflix, no Amazon. But they did have 17 permutations of Zenfolio counted among their hundreds.

Do you actually test these products when you write a review? It's very disappointing to discover such a major inaccuracy. It makes me wonder what else is wrong.

My guess is they are using affiliate links & they didn't test even one of these solutions or they don't know what is required in a fully functioning p/w management tool.

TERRIBLE reviews. Totally inaccurate, & not just about DL


Very surprised that you did not even try bitWarden. Works well on all browsers and has a native Android app. Best of all, it's FOSS.

Nope, BW is out for me.

No autofill for forms (I couldn't even find the form i needed after a LP import), doesn't save p/ws when you create a new login, their support seems like a robot with no brain, their community page has NO members responding to threads, it's well coded which surprised me, but the rest of the issues are very important & they don't seem to care at all.


While Bitwarden is open source software, its usage is quite restricted. Everything is tied to their online / cloud account. Even if you configure your own server (and it is not light on resources by no means) you need licenses to use some features. Features that are bundled with some other password managers "for free". Bitwarden desktop apps are really just web apps (Electron framework based), thus heavy on resources and potentially less secure than small native well written apps. Bitwarden underwent security audit but so did many other services / software, e.g. 1Password, Enpass, etc.

So for instance Enpass is not fully open source, but they use open source encrypted database (SQLCipher) and everything is stored locally, no need for internet at all. Enpass does support synchronisation, but not via their servers, rather many 3rd party services or your own (WebDAV or local folder). So you could sync locally via a shared folder. And yes, I do consider it a big advantage that you have complete control where your data is stored. You own your data, don't have to pay at all (for desktop apps) or just one time (for mobile apps), and all features are available to everyone.

Bitwarden is surely not the solution we all would like it to be. If anything I'd rather stick with KeyPass (many implementations).


I checked into KeyPass & they do NOT have their own Android app.

They suggest other people's apps which is ridiculous.

How do I know I can trust these other apps?

How do I sync my data to a 3rd party app?

I also checked into Enpass & they literally charge you $12 per device which is NUTS!!!!
 
  • Like
Reactions: laptopleon

Chippy_boy

Distinguished
Apr 29, 2011
1
0
18,510
To fully protect yourself online, you need a password manager. We've used and tested seven top brands to determine the best one.

Best Password Managers : Read more

Paul - thanks for the review. However, there is a significant omission I think - something that many reviews do not pick up on.

LastPass does not support FIDO2 / U2F authentication*, only TOTP. This is a glaring omission, since TOTP is vulnerable to phishing and man-in-the-middle attacks.

If you are storing peoples' most important data - such as passwords to e.g. banking sites, credit card details, passport details etc - then I think it's absolutely essential that you support the very best security protocols. And simply put, LastPass does not.

Dashlane, 1Password, Keeper, Bitwarden - they ALL support U2F. Those are the ones I am aware of.

Whereas LastPass does not and as a result is much less secure than the others. It's about time people started holding Logmein / LastPass's feet to the fire over this. It's no good having all of the lovely features if your data is not safe.

Until this gaping hole is plugged, LastPass is not fit for purpose.


* Yes, you can enable U2F via Duo, but this requires a Duo account and is beyond the scope and capability of the casual user. There is no native U2F support.
 
Last edited:

Cerberus44

Commendable
Feb 20, 2020
4
0
1,510
Just love articles/forums like this. It drives me insane because the #1 on “Toms Guide” is the 3rd or next to last choice on some other site such as “PC Magazine”. & the 6th choice on “Engadget” & so on. One site will say “Last Pass, Last Pass, the BEST”. Then another will say “Last Pass? Pffftt”.

Which is why I HATE researching these types of things because you can’t come across websites that will confirm one or the other is a good one across the board as many websites will NEVER have the same picks in the same order so it’s impossible to judge. It’s EASY to see what particular one(s) a single website is pushing as you get the annoying links to it at the bottom of your screen.

For my money Apples “Keychain“ does more than an adequate job, well for me anyway. As it’s built in & costs only the price of the iPhone/iPad & is indefinite, no subscription needed. Funny how no site so far, including Tom’s, bothers to mention it.

When the day comes when I see the same 1-2 apps listed on many websites as their same 1 & 2’s then I’ll pick either of those. Consistency in rating & reviews for me is the key, this is what I’m looking for but so far I’m not finding on multiple websites, including Toms Guide.
 
Last edited:
Sep 15, 2021
2
0
10
Sad to see that KeePass was the chosen contender for the kdbx tool. KeePass may have been the first (I believe?) but today is pretty old school, and not in a stylish cool way.

There has been an evolution of these managers, from KeePass, to KeePassX which stalled, spawning the birth of KeePassXC, which is the one I would recommend now. Compared to KeePass, the interface is MUCH improved, it has more useful features built-in, more sensible defaults (like, how about saving the password database on each entry change! Why change passwords and risk NOT saving your file!? That never made sense to me), it works fine with NextCloud syncing of your db file, comes with built-in browser integration, more database ciphers supported, included CLI, and more.

There are Android clients for using these KeePass 2.x database files as well. I have no idea about iPhone support, but KeePassXC runs on Windows, Linux, and Mac. Add this client to NextCloud and you have an easy way to share passwords internally.

I noticed the individual review for KeePass pegged it as something for advanced users. I don't really think so, personally - I know some not-very-technical people that use it just fine. For actual advanced users, they probably already know about the standard pass utility. There you can use gpg & git intuitively with your secrets. https://www.passwordstore.org/

See also https://superuser.com/questions/878...nce-between-keepass-keepassx-keepassxc#879013
 
Sep 15, 2021
2
0
10
PS - If anyone "lost" their passwords due to loosing access to the (now quite ancient) ZDNet's Password Pro 32 (v3+), just a side-note that those "ZDP" files were simply renamed MSAccess "MDB" files. They can be opened with older Access versions/the old Jet DB engine just fine...provided the DB password, of course.

...there's a reason I have a soft-spot for these stand-alone password managers 😉
 

spinozaTOM

Commendable
Nov 16, 2021
3
0
1,510
This article needs updated. I just can't see how LastPass is in the top spot.

I switched over to MYKI which I didn't even see mentioned in the article, and it's an excellent LastPass replacement (works on every major OS or device, but not every browser), though a smidge more technical, but more secure, and works very well on all my devices. It has a modern UI and is not cloud based, storing your info locally, syncing between devices.

While not completely free, or perfect, paying $10 once for some more features is far better than paying $36+ yearly until I die.
 

spinozaTOM

Commendable
Nov 16, 2021
3
0
1,510
This article needs updated. I just can't see how LastPass is in the top spot.

I switched over to MYKI which I didn't even see mentioned in the article, and it's an excellent LastPass replacement (works on every major OS or device, but not every browser), though a smidge more technical, but more secure, and works very well on all my devices. It has a modern UI and is not cloud based, storing your info locally, syncing between devices.

While not completely free, or perfect, paying $10 once for some more features is far better than paying $36+ yearly until I die.
Nevermind about MYKI, they went out of business. Now I use Bitwarden which turns out to work better than the other one, but is cloud based. Has lots of secure features. The free tier works great and can be used on devices and browsers.
 
Status
Not open for further replies.