- Dec 15, 2013
- 150
The only way to keep your secure website logins safe is to use a strong password for each and never use the same one twice. And the only way to manage that task is to use a password manager.
Any time you use the same password on multiple websites, the risks to your security increase dramatically. A breach at one site could expose all of your accounts. If that password is a lame one like "123456" or "password," a hacker could get into your account just by guessing. The problem is, avoiding same passwords and lame passwords is really hard—too hard for most people to manage without help. The solution is simple—install a password manager and change all of your passwords so every single one is different, and every single one is long and hard to crack.
Until our Internet culture evolves into some post-password Nirvana, everybody needs a password manager, even our own John Dvorak. There are plenty of good choices. All the commercial password managers listed here earned 3.5 stars or better. Don't let a stressed budget stop you from securing your online accounts. We've rounded up free password managers separately.
The Basics
The typical password manager installs as a browser plug-in to handle password capture and replay. When you log in to a secure site, it offers to save your credentials. When you return to that site, it offers to automatically fill in those credentials. And if you've saved multiple logins for the same site, the password manager offers you multiple account login options. Most also offer a browser toolbar menu of saved logins, so you can go straight to a saved site and log in automatically.
Some products detect password-change events and offer to update the existing record. Some even record your credentials during the process of signing up for a new secure website. On the flip side, a password manager that doesn't include password capture and replay automation needs to offset that lack with significant other assets.
When you create a new secure account or update a weak password, you don't want to strain your brain trying to come up with something strong and unique. Why bother? You don't have to remember it. All but one of our top-rated products include a built-in password generator. Do make sure your generated passwords are at least 12 characters long; some products default to a shorter length.
Entering a password like S$U?_wzF4boBQNLD on your smartphone's tiny keyboard can be tough. Fortunately, almost all of our top password managers can sync across all of your Windows, Mac, Android, and iOS devices. A few even let you authenticate on iOS or Android with your fingerprint rather than typing the master password. Most include some form of two-factor authentication, be it biometric, SMS-based, Google Authenticator, or something else entirely.
Fill Those Forms
Since most password managers can auto-fill stored credentials, it's just a small step for them to automatically fill in personal data on Web forms—first and last name, email address, phone number, and so on. Almost all of the top-rated products include Web form filling. The breadth and flexibility of their personal data collections vary, as does their accuracy when matching Web form fields with their stored items. Even if they miss a field or two, the ones they do fill are ones you don't have to type. Think about how many sites you go to that want all the same information; this feature is a huge time-saver.
Different products handle form-filling in their own ways. Some immediately fill all recognized fields, some wait for you to click in a field, some pop up and ask what you'd prefer. You'll even find products that offer your choice of credit cards using realistic images with the correct color and bank logo!
Advanced Features
Given that all these products take care of basic password management tasks, how can one product stand out from the pack? One handy advanced feature is managing passwords for applications, not just websites. Another is provision of a secure browser, designed to protect sensitive transactions and invoked automatically when you visit a financial site.
As noted, these top products let you sync your passwords across all of your devices. Some of them also include a built-in mechanism for securely sharing passwords with other users. Some let you share a login without making the password visible, some let you revoke sharing, and with some the sharing goes both ways—that is, if the recipient makes a change it will change the original.
On a grimmer note, what happens to your secure accounts after you've died? A few products include some provision for a digital legacy, a method to transfer your logins to a trusted individual in the event of your death or incapacity.
The Very Best
Veteran password manager LastPass 3.0 Premium offers an impressively comprehensive set of features. Slick and polished Dashlane 3 also boasts a ton of features, even some that LastPass lacks. Sticky Password Premium handles essential tasks better than most, and a portion of every purchase goes to help endangered species. Any one of these three will serve you well, though it's always possible you'll fall in love with the particular feature set of another excellent password manager. Read our reviews to decide which will serve you best. Read more