I remember back when I started with computers (back in 1997) I only had one password to remember which was my login to my dial-up connection to the internet. It was ‘safely stored’ on a Post-it below my desk for easy access and as recent studies showed a lot of you out there still use this method :). Today I have over 500+ passwords so this calls for a different approach! We don’t want situations like the image shows us now do we?
Does this situation sound familiar, grab a cup of coffee and dive into this lengthy article about how-to remember, store and secure all your passwords safe and easy with this roundup of the best password manager software out there.
How this article is structured
This article is structured as follows. First I give you some numbers and statistics about passwords. Second I am going to bring you (my) password history and I am going to teach you some password 101.
Third I am going to elaborate why it is important to have a good software based password manager and what it can do for you! Fourth I am going to look at 5 of industries best passwords managers and go in depth into their features, pricing, level of security and other +’s and –‘s. Fifth I will dive into the future of passwords as a whole and how authentication is changing to be future proof.
Lastly I will summarize briefly what was discussed in this article and which password manager I think is the best one out there. As a parting note, I won’t promise that by reading this post and by buying a good password manager you won’t ever get hacked. As is with everything in the world of security.
“Security is only as strong as the weakest link, don’t let this weakness be human”
Passwords by the numbers
To support the theory of why passwords are so damn important I present you some research and statistics. 3 out of 4 Americans will or have already been victim of cybercrime. Companies in 2011 had a 90% chance in to get hacked. In 2011 77 million customers of Sony’s Entertainment Network had to reset their passwords due to a system intrusion. Over 900.000 Facebook accounts are hacked daily (Wow at this number).
You need password help? Check these top 5 passwords of 2012 #1 ‘Password’ #2 ‘123456’ #3 ‘12345678’ #4 ‘abc123’ #5 ‘qwerty’.
If your password is on this list stay on this webpage! Open a new tab and go change your password immediately you dummy lol. A hacker can ‘crack’ a 6 lowercase letter password within 10 minutes. A 8 letter mixed with numbers in 1 day and a 16 letter password with numbers symbols and letters in 463 years.
Stop the madness now! Take a look at (my) password history, how it evolved and some password 101
Sorry for the rant guys, I just wanted to warn you about the dangers you are getting yourself into when your password isn’t safe and strong. Of course I can also pass through for that same dummy. I also fell victim to a password hacker on the first website created dating from 2001 and haven’t been able to retrieve it L.
Damn I felt so stupid and I promised myself this would never happen again until… 2011 when Sony emailed me saying that my account was among the 77 million hacked user accounts.
Let’s go back a few years in time to see if we can find clues in our past as to why we needed passwords in the first place.
A roman guy called ‘Polybius’ can be tagged as the inventor of the password or watchword as it was called back in the days of the roman military. The way in which they secure the passing round of the watchword for the night is as follows: from the tenth maniple of each class of infantry and cavalry, the maniple which is encamped at the lower end of the street, a man is chosen who is relieved from guard duty, and he attends every day at sunset at the tent of the tribune, and receiving from him the watchword — that is a wooden tablet with the word inscribed on it (Remember the Post-it you obviously weren’t the first to think of this J).
In present times Military passwords evolved to include not just a password, but a password and a counter password; for example in the opening days of the Battle of Normandy, paratroopers of the U.S. 101st Airborne Division used a password — flash — which was presented as a challenge, and answered with the correct response — thunder. The challenge and response were changed every three days (Madness! Imagine changing all your passwords every other day J).
Passwords have been used with computers since the earliest days of computing. MIT’s CTSS, one of the first time sharing systems, was introduced in 1961. It had a LOGIN command that requested a user password. ‘After typing PASSWORD, the system turns off the printing mechanism, if possible, so that the user may type in his password with privacy’.
In the early 1970s, Robert Morris invented the idea of storing login passwords in a hashed form as part of the Unix operating system. The system was based on a simulated Hagelin rotor crypto machine, and first appeared in 6th Edition Unix in 1974.
A later version of his algorithm, known as crypt, used a 12-bit salt and invoked a modified form of the DES algorithm 25 times to reduce the risk of pre-computed dictionary attacks.
Passwords are strings of values (which can by letters, numbers or symbols) that get used online as an authentication system. Think of passwords as a ‘lock gate’ in front of a mansion. The user wants to enter the mansion but first must present his username and ‘lock key’ aka password. The key is a combination of letters, numbers and symbols that the user can remember easily but on the other hand is hard to ‘guess’ for ‘outside intruders’. This immediately presents a dilemma. You don’t want every gate in your house to be protected with a different password just to keep intruders out. On the other hand you also don’t want 1 password fits all with the risk of it being cracked and leaving your whole home exposed and believe me you truly are exposed with 1 password.
So how are ‘baddies’ threatening our passwords online?
In my opinion (pretty common tactics in the ‘hacking world’) there are 4 threats that you need to be aware of when trying to keep your passwords safe. The threat list is ordered by the amount of effort it takes for a user to the stop the intruder or at least make it harder for a baddie to be successful in cracking your password and stealing your loot:
Phishing is a tactic where the bad guy actually ‘tricks’ you by sending an email / website pretending they someone different. You all remember the email@example.com trick emails you obviously sometimes get asking you to change your password. Don’t click on them, I know some of them out there look pretty real. You don’t need a password manager for that, all you need to stop this kind of intrusion is common sense and a bit of careful ‘scanning’. Before you click on links in ‘fishy’ emails make sure you check the email heading of emails.
The email heading of emails are basically like you would do when sending a package online. In the email heading you actually see the route the email has travelled. You can do this in any email client all you need to do is go to file -> info and it will show you the email heading of the email you are looking at (Outlook). Website phishing sites work exactly the same way, don’t use web forms you don’t know always check the source by right clicking on the form and ‘check source’ to see if the signup form is really legit.
Easy peazy you can do this from now on without having to buy any password manager but I would still recommend U to buy a password manager to remember and store all your passwords for your legit sites 😉
Cracking / Guessing passwords
This method actually is pretty sophisticated. Great crackers use ‘brute’ force tools to guess your passwords. The programs they use basically try your password out and try out combinations of common used letters and strings. They basically try to endlessly try you to ‘crack’ your password. Remember when I told you about 6 string passwords? Crackers live on those kind of passwords because they are very easy to crack.
For this method password managers really come in handy. Mostly all password managers out there have tools in them that can ‘auto’ generate passwords. You can choose if you wish to include letters, numbers or even symbols in your password and how long it will be. They create these passwords completely random and no password given out is the same. Some password managers even show you how much cracking power and time it would take to crack your password. From my experience I would have to say that passwords of strings from 16-20 letters, numbers and symbols are pretty safe.
A password manager not only creates these passwords but can also obviously store these passwords and ‘encrypt’ them securely. Remember the lock I told you about? Password managers actually use the latest encrypting technologies to safely hide other people from being able to read them out.
Key logging is often caused by infected software in your computer. Most virus scanners find these bad boys and eliminate them from your PC but sometimes one slips through the cracks and this can be a real pain. The key logger program basically logs all stuff you type on your keyboard and stores this in a file on your computer. Periodically the file gets sent back to the hacker containing all your valuable information.
Most password managers out there have ‘graphical’ keyboards in them which basically have you inputting your master password via an interface. This interface cannot by logged by a key logger and keeps your passwords safe.
Last but not least is probably the hardest one to get control of. Deciphering is the art of hacking databases, getting all the encrypted passwords out and hacking them into readable passwords. Normally this operation would obviously takes months and most systems don’t allow you to ‘Crack’ live passwords because they only allow 3 tries per computer every hour. However with this hack the hackers can just copy the database and try as much as possible on their own system.
This is exactly what happened in the PlayStation Network hack in 2011. Hackers intruded the system and exported the whole database and they didn’t tell anyone they had ‘access’. They took a lot of time deciphering the passwords before telling the world that they had access. 77 Million people were affected by this hack.
There is obviously no real good way to stop this kind of hack attack because the hackers in this situation don’t target you the user, but the company you have your account with. However there are 3 warning signs can look out for before signing up for an account with any website.
- Check if the website isn’t built on some old password system (easy sign up forums)
- Check if the website uses some kind of https:// connection to their website. Https adds some extra protection to sites which make it harder for intruders
- Trust your gut an instinct, no one ever thought Sony was hack able, but they were if you really feel like it you can change your passwords regularly but that’s obviously up to you!
Cool history lesson buddy, nice password 101 but this doesn’t really explain why I need a password manager
You are right sir/madam! Trust me, you need one, but let’s keep this paragraph nice and short for you then. I’ll summarize the need for a good software based password manager by 5 features:
- Make remembering passwords a breeze (Usually you only have to remember 1 ‘huge’ uncrack able password)
- Improving your user experience by ‘Auto filling’ login boxes
- Improving your password strength because good password managers carry powerful key generating tools in them that even the toughest crackers can’t crack
- Carrying your passwords with you via an online password saving system, USB or mobile phone
- Encrypting your passwords. Thus losing your USB, telephone or tablet doesn’t instantly mean you lost your whole ‘digital life’ because the intruders can’t read your ‘passwords written in memo’s J.
Do browsers qualify as password managers?
No in my opinion they don’t and let me explain why. Web browsers these days often have options in them to help you with feature 1, 2 and 4 however ‘good’ hackers can make use of intuitive ways to actually read out your passwords. You see passwords you save with internet browsers are often cookie based (not the edible kind J). Cookies are small pieces of info that get saved as ‘unreadable’ gibberish to a no named location on your hard drive. Smart hackers however can use the decipher method to actually break down these cookies into readable files. I know this is a long shot and this of course takes time and ‘extra’ effort so using browsers to store your passwords is ‘pretty’ safe. I’d give it a 8,0 out of 10 in the safe department.
Good password managers however bump that number up to a 9,5 – 10 because they (ultra) encrypt and create stronger stringed passwords to protect against deciphering, cracking and password guessing. So let’s take a look now at the industries 5 best password managers out there.
Password manager roundup, 5 pieces of software will be put to the test, only 1 can come out on top!
Alright guys and girls the moment you have been waiting for is finally here. I created a list for you and I will put 5 password managers out there to the test. I will review these tools on 5 topics.
- Overall security
- Cost vs effectiveness
- Features I found usefull
- Images and full feature list made by the company
It was pretty hard to put this list together, all password managers on this list are ‘pretty’ well matched. Spot #1 and 2 were very close and 3, 4 and 5 were very close. You can click the link to go to the site’s webpage and actually enjoy a discount code I have created for you!
Lastly this review is built with jQuery tabbed blocks to structure and hide text not everyone wants to read up on, if you don’t want to dive into detail about the features the password tool has you don’t have to, you can just keep the blocks closed and just read the review. If you do want to read more about the features you can obviously click the blocks open and enjoy a detailed overview of the password managers features.
Here are the top 5 password managers:
- Sticky Password
- Kaspersky Password manager
(note I did not include Lastpass, their website got breached in 2011 since then they have really upgraded their service but this kind of put me ‘of’ a bit so I they didn’t get a spot on my list. I know it might not be fair because they offer a pretty good service)
In my book Roboform is the absolute winner! I have been using Roboform for 3 years now and never had any problem with their service. I think the price of the service is pretty well balanced for the amount of features you get. They have all the mayor encryption methods out there and it is super easy to use.
This password manager can secure your information and bypass key loggers and phishing attempts with their graphical keyboard. The database in RoboForm is protected by strong encryption algorithms, including AES, 3DES and Blowfish. As long as your master password is strong and remains a secret, no one will ever be able to access your securely stored information. This password manager also supports the Eikon biometric device. Using this device, you can log in to the software using your fingerprint. No traces of evidence have been found that this system was breached. Their password creation tool is great and will create very strong passwords and is very easy to use
The interface is very easy on the eye and easy to use. You can add passwords automatically through webpages end windows interface and Roboform automatically detects when you are trying to store a password or try to login. They recently upgraded their service that you can also manually edit your password information. This option wasn’t available before. Every password you used to add to Roboform had to be done by the password form. This really was feature I was looking for and they actually came through!
The mobile interface can be a little better but a lot of the other programs on this list don’t even have a mobile app or its worse 😉
Cost vs effectiveness
The highest account you can buy from Roboform is an ‘everywhere’ account. You can store your passwords in the cloud and as long as you have your password stored locally you can access it. You can also access your passwords in the cloud (if you have internet of course). The cost of the everywhere account is $19.95 but the first year is $9.95. The beauty of this license is that you can use it on all your devices on all your computers! They also offer cheaper licenses for one computer but I would really recommend ‘everywhere’ because it really is cheaper for families.
Features worth mentioning
Save Online Passwords
RoboForm offers to save the online login form into Passcard when you click Login/Submit button on the web page.
True One-click Login
A single Login command causes: (i) navigation to a site login page, (ii) automatic filling of the login form, (iii) submission of the login form.
View and Edit your Passwords
Passcard Editor allows to easily view, edit, copy, rename and delete your Passcards (each Passcard stores login info for one account).
Print a List of your Passwords
Print a list of all your Passcards and get your precious passwords backed up to the most reliable medium – paper.
You can have many Identities and you can easily switch between them. Your identities do not have to be real persons. Use fake Identities – preserve your privacy.
Country-Sensitive Form Filling
RoboForm can fill forms in multiple languages, not just in English. List of supported languages is available at the Translation Page.
RoboForm lets you select the country you are in, and then it customizes its form filling rules based on the traditions of your country. For instance, it knows that in the US the date format is MM/DD/YY but that in the UK it is DD/MM/YY.
Encryption by Master Password
You can protect all your Identities and Passcards with the Master Password thus making them inaccessible to unauthorized users and unreadable by hackers even if they are stolen. We use AES encryption for increased protection.
You can ask RoboForm to purge cached Master Password from memory after a specified period of inactivity.
Backup and Restore
Backup and Restore commands are provided.
RoboForm adds a toolbar to Internet Explorer, Avant, MaxThon, Slim, Firefox, Mozilla browsers.
Images and full feature-list
#2 Sticky Password
Sticky Password was a fairly newcomer for me, I never really heard of them before but I gave their program a good spin and I have to say Sticky Password is gaining ground on Roboform. The only thing that could be better is their website. Their website is very nicely done and it has a cute art style but they hardly show you what the program looks like. The program actually looks pretty crisp is pretty simple to use. But in my book this could have done better. They didn’t win the top spot in my book because they have less features than the #1 Roboform.
This password manager provides a broad array of powerful security options to help combat keyloggers and phishers and eliminate weak passwords. Sticky Password Pro allows you to choose from a variety of encryption and login methods. When you configure the software, you can choose between powerful 256-bit AES, TwoFish or Gost encryption, or even 448-bit BlowFish, 5048-bit Diamond II or 8192-bit Sapphire II. Login options include a master password, USB device or Bluetooth. Using the USB device or Bluetooth method, you can only access the software if the PC is connected to the approved device. The software automatically logs you out once the device is disconnected.
Super easy to use and very crisp, the website could be better especially more explanation about how wonderful this tool actually is, other than that overall pretty good. Mobile tools lack in the feature department when I (last) tested them.
Cost vs effectiveness
The prices for sticky password are really spot on. You get a lot of features and especially all the encrypment methods that they offer are a nice added bonus. This is just all theoretical because in the real world I hardly ever use 448-bit or even 5048 bit encryption methods however it’s just nice of them to take a good look into the future.
Features worth mentioning
#3 Kaspersky Password manager
Obviously known for its virus software and other security software Kaspersky actually did a pretty good job with their password manager. On the security side you are totally safe with their feature packed tool. The thing that put me of for them to be number one is the interface and their website. Their website hardly explains any of the features inside this program and that’s a shame! Their features match #1 and #2 a missed opportunity in my book. All the give you is a 1 page with features that the average non ‘techy’ isn’t going to read (I miss some images).
Cost vs effectiveness
Features worth mentioning
Keepass is a very solid service. It actually was the password manager I used from 2008-2010 back then their service was losing ground to Roboform for instance and that’s why I switched to Roboform. The number one thing Keepass really has going for them is that it is open source and therefore free! However I often look at this with a very sharp eye, free in my book doesn’t naturally mean it’s better than a paid service and that’s exactly the case. Keepass is a well-rounded password tool but it doesn’t have that ‘extra’ bazinga that makes it super attractive for new users. To me the interface looks dated and not easy on the eyes. That’s exactly the reason you won’t find this tool in the top 3.
Cost vs effectiveness
Features worth mentioning
1password initially came out for the MAC and it’s a pretty solid App. The service, GUI all look crisp to me. The only thing that put me off a bit is the price its higher than most others out there and not every user will like and find this program easy to use. This of course is situational but the top 5 are way easier to use at first glance this is obviously my personal opinion.
Cost vs effectiveness
Features worth mentioning
Here is a quick summary of the password managers and how I scored them by topic!
|Roboform||Sticky Password||Kaspersky Password Manager||Keepass||1Password|
|$€ vs Effectiveness||9||9||9||10||8|
We have a clear winner Roboform, congrats guys. Now let’s go take authentication into the future and see what’s in store for u…
A look into the future of authentication
Password managers really add some extra security to the whole ‘password’ systems out there but I truly believe the password concept in general is a bit dated. I want to give you a brief look in the future.
I am going to present you 3 extra methods companies already are doing or plan on doing to add ‘extra’ security measures to their log-in information.
This option is actually pretty mainstream right now. Remember the history lesson I gave you about the military? Well this is exactly where 2 Step authentication came from. 2Step authentication as the name implies relies on a password and ‘answer’ word combination. First you enter your secure password via your password manager and after that you get a key code by SMS or your 2Step authentication app on your mobile or tablet. This second password only lasts for 8 to 10 seconds so it adds an extra layer of security on top of your already safe 16 to 20 letter password.
This method is extremely effective against all hacking methods because the hackers actually have to get in your phone or connected app to be able to dissolve the second step authentication. However hackers wouldn’t be hackers if they found ways to actually also hack these kinds of systems…
QR Code Authentication
This basically works quite the same as the 2Step authentication but heavily relies on your phone to have a camera that can scan QR codes. Basically after you sign up for a website you have to enter and connect your mobile phone to the website. After that you can sign up normally thru the website and when you are trying to login you have to also scan an image with your phone that was linked through the website. This system actually is pretty solid and safe and so far I haven’t found any reports that this was ‘hacked’. However this might present a total different problem. Not everyone always has their cellphone with them at all times but that’s obviously up to the user!
Eye/Hand/DNA scan Authentication
There are laptops already out there with this system, when creating your password you use your fingerprint to authenticate. Also iris eye scan passwords are being produced by companies in the near future and this actually sounds like a very safe idea, unless the attackers actually physically harm you this sounds like a very well idea. I am ecstatic about what the future holds for passwords and I will continue to update this article to bring you more information about the future of authentication in a different article (A more in depth view on the future of authentication)
Phew… long read guys I hope I gave you some valuable information about passwords in general some history and a look in the future. I also gave you my reviews on the best password managers out there . ‘RoboForm’ is the most friendly, easy to use secure password manager out there in my book and you really got that tool it is great!
I hope you enjoyed reading this lengthy article it was a pleasure writing this and I hope you bookmark this site and check out my articles in the future I bid you farewell with this wonderful quote that applies to security in general.
“To be the best you challenge the best and I didn’t get challenged yet”