Choosing a password manager. Which password manager is the most convenient and reliable - a comparative review. Double master password protection
A short password consisting of numbers only, significant date, your own name or the name of someone close to you, a series of symbols conveniently located on the keyboard like “qwerty” or “ytsuken” - a guarantee that someday such a password will most likely be hacked, and the account it served will be irrevocably lost Use on several sites, instant messengers, etc. software accounts using the same password, no matter how complex it may be, can also someday result in the loss of one of the accounts, or even all, where this password was used.
How to correctly create and store authorization data so that it is both safe and convenient?
Many users still, out of habit, still use the old proven method of storing logins, passwords and other identifiers in a “.txt” file. On Internet sites, almost any step requires authorization, and working with a lightweight text file at first glance may seem like a completely acceptable solution. Text file it can always be opened in notepad, always at hand, and this will not in any way affect the performance of the system as a whole. However, storing logins and passwords in a “.txt” file is far from the best convenient way organizing your data. At least a notepad or any other text editor What loses to password managers is that it doesn't know how to come up with passwords.
A password manager is special type programs designed to store confidential user data (read about the best). In addition to convenient format displaying authorization data, these programs solve for a person such an important issue as inventing complex and strong passwords. Every worthwhile password manager is equipped with a password generator - a function that randomly generates a set of illogical characters of greater or lesser complexity, depending on the parameters specified by the user. Instead of sitting and racking your brains about what kind of password to come up with, so that it is at least 10 characters long, and contains both numbers and letters, and the letters are also in uppercase, it’s much easier to delegate this task software process, which will give the result instantly.
A secure password is a complex password. In principle, it could be remembered over time, but if there are many such passwords, it will not be possible to store all this in your head. But setting up work with your authorization data once, and then keeping it all up to date is a completely feasible task.
Let's look at the three below functional managers passwords for Windows - worthy solutions on the software market that serve to organize and organize confidential user data.
Sticky Password
A small but thoughtful program for lovers of mobile application style. Its use involves creating an Internet account that ensures data synchronization with mobile applications for Android platforms and iOS.
Data stored in Sticky Password is protected by a so-called master password - single password access to the program, which must be entered each time not only when starting the program, but also to unlock it after the computer has been inactive for some time.
The behavior of the master password is customizable - you can disable it completely or change the auto-lock time of Sticky Password.
In addition to authorization data, the program allows you to create, organize and store bookmarks of Internet sites, people’s contacts in business card format, as well as for recording important information. Sticky Password is initially structured into sections for storing authorization data for Internet accounts and application accounts. Within these sections there are groups - subsections, where logins and passwords can be stored catalogued, in accordance with the specifics of Internet accounts and applications.
To save the user from the hassle of coming up with an ornate password every time, the program is equipped with a password generator.
When installed into the system, the Sticky Password program offers the import of data from other sources - its own database file, other software password managers or supported browsers.
To transfer the program to a reinstalled system or another computer, you can use settings export, which allows you to save data both in database files and in universal formats".hml", ".html", ".txt". Alternatively, for example, if Sticky Password needs to be worked on temporarily third party computer, you can create a portable version of the program on a flash drive.
Sticky Password integrates into the system and actively “collaborates” with it. Always active in the system tray program remembers entered logins and passwords, and can also automatically insert them into form fields in browsers and Windows applications.
Sticky Password is a secure program; its password database is encrypted to prevent data interception by spyware.
Sticky Password is available at free Free version with basic functionality, as well as a paid Premium version with additional features.
Download Sticky Password: download
KeepPass Password Safe
TO cross-platform, functional, lightweight, completely free and secure password manager. On the official website, in addition to regular version installed in the system is available portable version. The program can automatically enter authorization data in browsers and Windows applications. Closer integration of KeePass Password Safe with browsers and additional functionality are possible by installing extensions.
Download KeePass Password Safe: download
When starting to work with KeePass Password Safe, the user must create the program database himself and indicate its location.
KeePass Password Safe can import databases from other password managers and universal database storage files.
If you want to change your password manager, KeePass Password Safe will not interfere with this; the program provides export of databases to popular formats.
Login to the program, if necessary, can be protected not only with a main password (master password), but also key file or account Windows recording.
IN KeePass settings Password Safe can be configured to automatically block the program when the computer is idle and auto-clear the clipboard.
Cells with logins and passwords are sorted by thematic groups. Along with authorization data in KeePass Password Safe, you can store regular bookmarks of your favorite sites, including importing them from a “.html” file.
The program has a built-in password generator with the ability to set flexible parameters.
KeePass Password Safe is a multilingual program, it is initially installed on English language, but the Russian-language or any other package can be downloaded from the official website and unpacked into the folder with the program.
Efficient Password Manager
The Efficient series of programs includes a functional personal organizer, as well as its modules in separate programs. Because the password manager is Efficient Password Manager can be used both as a separate program and as a complex software package Efficient PIM, where in addition we will also get a scheduler, address book, diary, notes and other useful utilities.
Efficient Password Manager does not integrate with the system and does not automatically enter authorization data into the browser. Efficient Password Manager is more of a convenient interface with flexible settings for organizing large amounts of data, rather than a nimble utility for quickly inserting logins or passwords.
Efficient Password Manager is internally divided into sections for storing passwords, software serial numbers, accounts and FTP accounts. You can store bookmarks of your favorite sites in a separate tab of the program. It is possible to change the color of the program interface.
Like the previous two password managers, Efficient Password Manager is a secure program. In addition to data encryption algorithms, users are asked (if they wish) to come up with a single master password - a password that protects entry into the program itself and access to its contents. Traditionally, like other password managers, Efficient Password Manager has a password generator.
The program provides not only the import and export of data, but also their backup and recovery.
You can use the basic functionality of Efficient Password Manager for free. Available for an additional fee additional features in the Pro version of the program. Efficient Password Manager, in addition to the regular one, also has a portable version.
Download Efficient Password Manager: download
On June 3, SatoshiLabs announced the TREZOR password manager - an application for safe storage passwords and their management. It is implemented as an extension for the Chrome browser and is already available to all hardware owners as part of the open beta testing program.
TREZOR password manager is able to provide reliable cryptographic protection regardless of user level. With the click of a button, you can encrypt your password, and the password manager will automatically upload it to your private cloud storage, where you can always download it when needed. The absence of a master password in TREZOR solves main problem security of typical password managers - the ability to access the entire database using a compromised master password. Examples of such attacks, including those on RoboForm and LastPass storage facilities, have been described many times in the media.
Two-factor authentication via an app or email provides additional security, but is cumbersome to use. Biometric authentication itself can be dangerous: for example, once an attacker receives a victim's fingerprint, he can use it over and over again, and there is no way to change it. Therefore, the TREZOR wallet itself performs the functions of a second authentication factor, unlocking passwords without third party applications, mobile phone and Email. Instead of entering a master password to unlock the entire password database, the user only needs to “unlock” the wallet using a PIN protected from keyloggers. In addition, the PIN code prevents unauthorized access to the device itself.
Secure access to the cloud
Even if your Dropbox account is hacked, an attacker will almost certainly not be able to read your stored passwords. TREZOR provides an additional level of security by encrypting each password individually using a unique key generated by the device itself. The TREZOR password manager is an example of what the approach to security technologies should be cloud storage for individual users.
Permanent access to passwords
TREZOR Password Manager automatically synchronizes each password with a private one Dropbox storage user, so you can access passwords at any time from any computer connected to the Internet. Over time, we will implement support for other cloud storage services.
Simple recovery mechanism
TREZOR implements lightweight and safe way creating backup copies. During initial setup The wallet asks the user to write down and store a 24-word phrase in a safe place. A piece of paper in the safe is all you need to recover all the keys on your new device. In this regard, I would like to remind you that TREZOR is not only a device for encrypting confidential data, but also a token for secure entry into computer systems with visual and physical verification.
Planned improvements
After testing the beta version, the import/export function will be added to the manager. We may also provide an Android app to users - it will depend on their feedback.
About SatoshiLabs
Czech company SatoshiLabs is the manufacturer of TREZOR wallets and the developer of several other cutting-edge Bitcoin projects, such as Coinmap and Slush Pool, the world's first Bitcoin mining pool.
How many sites where you need to log in do you visit in a day or week? For most of us this is at least social media, mail, banking services, online stores, news sites with comments, forums and so on. And on each of these sites you need to enter a login and password.
Is it easy to remember data for all the necessary web resources? Having one password for everyone or writing it down on paper is unsafe. Constantly coming up with new ones is difficult. Software storage systems that can remember logins and passwords from many sites and applications come to the rescue - so-called password managers.
Every self-respecting web browser has a built-in account management system. There are also third-party solutions – paid and free. The latter are more suitable for those who use different browsers and applications or does not trust embedded systems.
To store passwords, they use web services, browser add-ons, and independent programs. It is not easy to draw the line between them, since (as we will see in the first example) the most advanced developments exist in all three variants.
Password managers come in paid (pro or premium), free (free), and freemium (with free basic functions and paid extended ones). Most home users are happy with the free products, but if you want special features like enhanced security or increased storage, you'll have to pay a little.
Who understands security better than the creators of one of the most famous antiviruses? offers every conceivable degree of protection. This program integrates into many browsers, has its own random character generator, and monitors phishing attempts and spyware keyloggers.
The program exists in a portable version, which allows you to run it from a flash drive to different computers. You can import records from other similar services into KPG. Of course, there is a Russian-language interface.
The cost of the service is 450 rubles per year.
The main drawback: the program does not work with Mozilla browsers Firefox 3.x (64 bit), Opera, Vivaldi and some others.
is one of the most popular services for working with passwords. The easiest way for computer users is to install the extension in the browser; On mobile devices, LastPass is implemented as a separate application.
The interface of all LastPass extensions and applications has been translated into Russian. The free version of the service allows you to work with a single account on one device. To sync data across multiple devices, you need a LastPass premium subscription, which costs about $2 per month. A family account costs twice as much, but supports six accounts.
This form-filling service has been familiar to many users since the last century (without exaggeration). Its main advantage is its ability to fill out forms not only in web browsers, but also in any Windows applications. The interface has been translated into Russian.
It has its own password generator and supports cloud synchronization of different devices (including mobile ones), as well as all browsers. In this way, it surpasses even the service from Kaspersky Lab.
The free version of Roboform works for one user on one computer. To synchronize on different devices, you need to buy a subscription at a price of 810 rubles per year. More expensive options allow you to synchronize several accounts at the same time, for example, for company employees. Finally, you can buy a business class subscription for a large team for about 1,500 rubles per year per account. This subscription also provides an administration service.
- interesting paid service for those who primarily care about safety. The application is available for both mobile platforms, and for the desktop. You can store website data, bank card numbers, personal notes, etc. in it.
The Enpass database can be stored in encrypted form on a third party cloud service(OneDrive, Google Drive, Dropbox, etc.) or on the device itself. To access it at mobile device You can use a fingerprint scanner.
Although the Enpass service is paid, the developers offer a one-time payment of 690 rubles for the mobile version (this is cheaper than an annual subscription to Roboform). It is enough to buy a version for one of the platforms, and you can install the application on other devices for free.
Another service whose security you don’t have to worry about. available in a full variety of shapes – both separate program for desktop OS like mobile app and as a browser extension. What's interesting is that its creators still support legacy platforms like Windows Phone or BlackBerry OS.
The service has an incredible variety of functions. Here you can store passwords for accessing websites, a personal folder for documents, and a generator complex passwords. There is two-factor authentication for accessing protected resources, automatic filling of forms on sites, and history saving (in case you change or delete the recorded password).
Separately, it is worth noting the biometric authentication built into Keeper. On both computers and mobile devices, it supports fingerprint scanning, facial or iris recognition.
Keeper subscription costs $30 per year for individual user and $60 for a family account with 5 users. The free demo version allows you to store an unlimited number of records, although only locally.
We did not consider the popular services Dashlane, LogMeOnce and some others, since they do not offer a Russian application or service interface.
Browser extensions Opera, Google Chrome, Yandex, Firefox
Although the password managers discussed above also offer extensions for browsers, there are web services only in the form of the latter. They have limited functionality, but for users who store passwords only for online accounts, their capabilities are quite sufficient.
Built-in password managers in browsers
As we already mentioned, any decent browser in 2018 has its own password manager. If you do not have any special needs for enhanced security, then you don’t have to look for other solutions.
The bulk of their work happens right at the entrance to the sites. A pop-up request asks whether to save your account login information, change the password (if you entered a different one than usual), or whether to save several accounts for a site. Let's look at how to use this feature in various popular browsers on Windows 10.
Opera
Google Chrome
How to view passwords in Google Chrome(if you use the built-in manager, without additional extensions):
Firefox
How to view passwords in Firefox?
Yandex browser
How to view passwords in Yandex Browser:
Conclusion
By by and large For the majority of users, built-in tools in popular browsers are also suitable. The most advanced manager is presented in the product from Yandex, however, other developers offer quite satisfactory solutions.
Password managers in the form of applications often offer synchronization between different devices, protecting files from unauthorized access, saving confidential notes, working with bank cards. A separate nice feature is the systematization of passwords into folders with an internal hierarchy.
Should I pay for a password manager or not? Most programs in this class are paid. However, for your money (quite modest) you get guarantees of confidentiality. If information is important to you, we recommend that you take out insurance and ensure peace of mind for about 100-150 rubles a month.
1@sam901, well, that’s what Artyom writes about. If you don’t want the program and its owner to “change the rules,” keep your passwords to yourself. Otherwise, where is the guarantee that one day they will not be sold along with the program? :)
Although, I repeat, I am not legally strong, but in my opinion this is a deception of users who paid money for the program and in the West they could possibly be sued. If you want to sell a business, sell it, but user data and access to it should remain with the owners. At a minimum, it should be possible to unload them.
And since “this happens everywhere,” please give at least a couple of examples. :)
@Soloqub, at least Skype. There was a p2p service. MS was bought out and replaced with a traditional centralized client-server architecture. And both options have their pros and cons. For some, the advantages of p2p were very important and there were two choices - agree to change the rules or change the service. Nobody is going to support the old protocol.
Well, there are a lot of examples when services are bought out, closed and that’s it. No more user data, go wherever you want. Picasa, for example. And it’s good if some kind of migration plan is provided.
I rather have a counter question, what’s wrong? Businesses are not required to do anything beyond what is required by law. And then there is the EULA, where everything is perfectly spelled out, who owes what to whom. And what old version will stop working. And what's in new version you need to sign a new EULA, which gives your consent to send your data to the server, etc. and so on. If you don’t agree, you don’t sign and delete the application.
Choosing a service is always a compromise. That's why the article looks rather strange, because... one-sided and paranoid. There is a choice - there are completely offline services like keepass. There are cloud s different rules work. Lastpass, which I use, is cloud-based, but stores an offline version on my PC. Even in the absence of the Internet, access to passwords remains on the servers open passwords no, they don’t keep the master password, etc. Instead of paranoia and limited consideration of the issue, it would be better to understand the choice on the market, and not lump everyone together.
@sam901, you apparently didn’t understand this situation very well. Vkarmane was a completely offline program that stored data on users’ devices. After the ransom, Tinkov “offered” to transfer all his data to the servers (now they will be available only online), or forget about them.
There is no opportunity to simply take what is yours. In fact, Tinkov did not buy a business (it is dubious), but rather user data. And here serious doubts arise about the legality of such a purchase.
There can be no comparison with Skype. I think 99% Skype users They didn’t even notice the migration to a centralized architecture. And those who noticed lost the opportunity to use the service, but did not lose anything belonging to them, unlike Vkarmane users.
@Soloqub, that's why it's worth reading the EULA. Because there probably is a line for consent to the processing of all data and a bunch of other things. But no one reads, but everyone wants to run to court.
As for figuring things out, I was talking about changing the rules of the game and this is normal and happens everywhere. I don't need to understand the details of a specific situation, which is similar for the most part.
As for the Skype migration, you clearly do not understand the essence of such a migration. p2p architecture means that the owner of the service is unable to record/listen to conversations. Traffic goes directly from device to device. Changing architecture means full control MS over voice traffic, full access to him from intelligence services, advertising bots, etc. and so on. This is significant and no less serious than suddenly uploading your documents to the cloud.
Well, there is no need to distort the facts. No one in your example lost anything. Available online – accessible. All.
@sam901, Of course, you need to read the EULA, this is also not the ultimate truth. Otherwise, taking advantage of the fact that no one reads them, one could write in there anything that by downloading the application you transfer ownership of the apartment to them, etc. Therefore, the question is not only about the EULA, but in principle about the legality of such an action.
And stop comparing soft with salty. Skype has never positioned its communication channels as secure. Nobody used it as such.
The transition to a centralized architecture is nothing more than Microsoft's internal kitchen. Users don’t think about such things, just as they don’t think about what routes packets take from them to the iPhones website and back. They do not care.
As for Picasa, this service simply stopped working, and Google warned about this well in advance. Users did not lose photos that were stored locally and were added to the program; they did not discover that these photos would be uploaded to the servers of an unknown bank and would be available only after accepting the terms of this bank. These cases cannot be compared at all.
And you distort the facts. Access to documents is available only to those who fully accept Tinkov’s conditions and give him the necessary data, such as a phone number.
A password manager is a natural solution to problems associated with using passwords for various services and applications. Good manager Password Password integrates seamlessly with your web browser, making it easy to create new accounts in web applications, log in to web pages, and make online purchases. Which application to choose?
Over the years, the function of programs for collecting and storing passwords on a computer has changed significantly. Classic password managers have been replaced by tools that sync credential information across all of a user's devices. These programs are constantly being developed, and new functions can significantly improve the comfort of use.
Storing sensitive data in the cloud continues to raise a number of security concerns among users. Developers password managers They are trying to convince us that databases are encrypted and decrypted only at the device level, and the password and encryption keys are never transmitted to the servers. Data encryption is carried out using the AES-256 algorithm, which is considered the most secure today. As a result, no US government vendor, company, or agency has access to the data, or will have it in the future. At least in theory. On the other hand, if you forget master password, the saved data will be irretrievably lost.
In some programs, access to the password store can be protected by additional authentication. During account registration, the user enters a standard username and password, and also provides additional proof of identity. This is the so-called two-factor authentication.
Experts agree that good protection consists of two parts: what you know yourself, that is, the password, and what you can check through applications on your smartphone.
Popular programs also support biometrics mechanisms for application access. Support for fingerprint readers in Android devices works well, and is often also supported Touch functions ID and Face ID in Apple devices.
Overwhelming majority password managers These are commercial projects. Some, however, can be used for free, but the main limitation of such versions of the program is support for only one user device. In other words, without registration paid subscription, you won't be able to sync your passwords across other devices.
Despite this, if the number of services and online services There are dozens of them that you use, using a password manager is completely worth it.
Which password manager to choose
1Password
1Password allows you to create an account and store data on servers located in Canada or the European Union. The program stores login data, numbers credit cards and bank account details. Also integrates with popular iOS apps for easy access to apps and websites.
The application does not support the mechanism two-factor authentication in its classical sense, but implements this idea in a slightly different way. The program creates secure key(Secret Key), which plays an important role in encrypting data on the device. This key is used in combination with the master password to protect the user's database. On the technical side, it is a unique 128-bit identifier, generated locally, that never leaves the user's device.
1Password equipped with one more interesting function– Travel Mode. Every time you cross state borders, all important data from the storage will be deleted, except for those that are clearly designated as safe for travel.
1Password is the first manager to use new standard, providing direct access to the system generator random numbers. This generator is used in encryption operations. Except increased security, the encryption process is accelerated 10 times.
Dashlane
Dashlane Organizes website passwords, notes, and data into separate tabs. Saved items can be categorized and a built-in search engine makes them easy to find.
The Secure Digital Wallet module built into the program collects information about debit and credit cards, login credentials for banks, passwords for PayPal and other financial services. During the payment process Dashlane automatically fills in the fields required to complete the transaction.
Dashlane allows you to choose one of two security levels. Additional identification verification may be required each time you log into the service. Lazy ones will choose the second option, that is, two-factor authentication only when adding an account on a new device.
Dashlane supports FIDO U2F YubiKey – hardware key in the form of a USB key, which, when confirming your identity, simply needs to be inserted into the appropriate port of the computer. Unfortunately, this support is only available in paid version applications.
A unique feature of the program is Password Changer, which with one click of a button allows you to change from one to a thousand passwords for popular applications and web pages. Password Changer automatically replaces old passwords with new, much stronger ones, and stores them in the database. The feature works with thousands of pages, although the list of supported services is dominated by representatives from the United States. Among the popular ones in Russia we also found Netflix, Spotify, Evernote, Vimeo, Runkeeper, as well as the travel planning service Kayak.com.
Additional feature Instant Security Alerts will automatically notify you of the need to change your password on the specified service. As we constantly hear about popular websites being hacked and millions of user account passwords being stolen, Instant Security Alerts can help you maintain high level protection.
Dashlane has a built-in security test that analyzes your passwords step-by-step and tells you what to change to feel safe.
KeepPass
KeepPass Password Safe for Windows is one of recent managers"old school", password records are stored in local base data. This thesis is confirmed by the ascetic interface. IN KeepPass the user simply creates a database with his own structure and fills it with login data.
Thanks to this, the program Great for storing passwords from computers, network services, email accounts and FTP servers. Credit card numbers and PIN codes will also be stored in the database. front door or short notes that must remain confidential. KeepPass handles remembering credentials for websites and web applications differently. These functions are implemented as plugins for popular browsers. Native integration doesn't always work as it should.
In one KeepPass has a huge advantage over its competitors. The program is developed under an open source license source code, has a large circle of dedicated users, and everyone can verify that the encryption algorithm used was written correctly and does not contain security vulnerabilities.
IN KeepPass The authors implemented two encryption algorithms for the database: AES/Rijndalel and ChaCha20, both with a 256-bit key length, as well as an AES-KDF and Argon2 key conversion function. Access to the database can be protected by a password, encryption key, account Windows or each of these methods at the same time.
The most important competitor - Password Safe - seems like a poor relative in comparison KeepPass, but has one important function. The program natively supports YubiKey hardware tokens, although the FIDO U2F mentioned in the article is not supported.
LastPass
LastPass works with all major browsers: Chrome, Firefox, Opera, Internet Explorer, Edge and Maxthon. The program is installed as a plugin and is displayed in the browser as an icon on the toolbar. Credentials are managed in the cloud via a dedicated web page. Mobile app also available Android devices, Apple and Windows Phone.
LastPass takes the issue of logging in using two-factor authentication seriously. The second authorization component here can be the code from the application on mobile device, LastPass Grid and LastPass Sesame program code, and the user's fingerprint, certificate on a cryptographic device, or one-time password, generated using YubiKey or RSA SecureID hardware tokens. Supported applications for 2FA include Google Authenticator, Duo Security and Authy.
The program stores credentials entered on web pages, can intercept credentials, email messages, and import data from other password managers.
LastPass good for family use. A six-person plan costs $4 per month and still allows you to take full advantage of the feature sharing to passwords and disaster recovery.
IN LastPass you can give a trusted friend or family member access to the vault. You decide who can have access to your saved passwords and for how long. All competitors of the program offer similar opportunities.
RoboForm
RoboForm provides its software V Free versions(free) and Everywhere (from $19.95 per year). There are a lot of differences between the free and paid versions.
The first offers the main features of the program for one device: an encrypted database, a mechanism for remembering credentials for applications and websites, as well as a module automatic filling web forms.
Tools for syncing data between devices, sharing passwords among family and friends, or backing up to the cloud with access to passwords in the browser are available only in the paid version of Everywhere.
RoboForm It has convenient system organizing your saved credentials along with a functional search engine that helps you find them when you need them. The program is supported using a browser, but when the module is launched Defense Center you will have access to the classic Windows window, from the level of which you can manage your logins, bookmarks, application credentials, identities, and secret notes.
Compared to competitors, RoboForm offers dozens of menu options and settings. True, they are "well hidden" so there is no need to use them, however, if you want to customize the program to suit your needs, there is such an option here. RoboForm also available for Linux users and devices with Chrome OS.
