This isn’t a personality test but it can help you find the right one
The Fast Mover
You’re always on the run. You don’t even have time to read this entire article (6 mins? Really?).
Stop. Get Dashlane. Move on with your life.
Free for one device. Premium plans start at $3.33/month
It’s fast. After logging in for the first time they’ll automatically log you in, just by visiting the domain. Multi-factor support is nice.
I personally don’t like things autofilling/auto-submitting for me. But I’m not you, and you like fast, and this review is already taking too long to read. So I’ll stop.
The Admirer of Brand Names
These are the heavy hitters of password management. They sell to Fortune 500 companies. Over the years, they have developed user friendly interfaces.
Both offer free versions.
LastPass: Paid versions start at $2/month
1Password: Paid versions start $2.99/month
These are both established brands with solid support infrastructures for paying customers. Of the two, 1Password has the more user friendly interface. From a security standpoint, LastPass offers multi-factor authentication, which is a big plus in our book.
For us, the auto-filling of passwords* is unnecessary and undesirable. Many consumers may value autofill.
1̶P̶a̶s̶s̶w̶o̶r̶d̶ ̶d̶o̶e̶s̶ ̶n̶o̶t̶ ̶p̶r̶o̶v̶i̶d̶e̶ ̶m̶u̶l̶t̶i̶-̶f̶a̶c̶t̶o̶r̶ ̶a̶u̶t̶h̶e̶n̶t̶i̶c̶a̶t̶i̶o̶n̶.̶
You don’t need bells and whistles in your personal life, and you don’t need them in your password manager.
If you admire a no frills clean interface, look no further than Padlock.
Padlock is free to use. If you want to sync your password database across devices you can pay $1/month.
I never thought that I could find a password manager sexy. Then I found Padlock. Its clean interface won me over and its open-source code sealed the deal. I appreciate open-source projects that can be easily audited by external entities. This is especially important for software that accesses our most prized possessions — our passwords.
Padlock only implements multi-factor authentication via email. The process for syncing a new device involves opening an email sent to you. This is not as ideal as supporting app-based one-time passwords (OTP) or hardware-based tokens.
You were using password managers before they were “cool”… but now they’re catching on. It must be time to switch to the next best thing. A password manager-less password manager. Wait… How is that possible?
Enter LessPass the “stateless password manager”. It doesn’t store your password anywhere, but instead calculates it every time you need it using a pure function. This pure function calculates the same password, every time, based on the inputs. You simply provide the same inputs every time.
This is one slick password manager. It’s pretty cool to use something as unique as this. It’s open-source which is a big plus. You can even install browser extensions for offline calculation that stays within your system.
There’s no need for multifactor because nothing is synced.
God forbid a website’s domain changes and you forget the old domain name, or you can’t remember if you originally typed in “www.google.com” or simply “google.com”. You need a good memory to use LessPass.
Just because you’re paranoid doesn’t mean that they aren’t after you. Remember that… As you try to fall asleep tonight… Or don’t sleep… The enemy never sleeps.
Your password management should be just as paranoid as you are. Can you really trust a password manager made by large corporations (they’re part of the “system”)? Don’t trust anything besides your own triple encrypted computer? Use an offline password manager such as KeePass or KeePassX.
An open-source project, KeePass has had a formal audit performed by the EU Free and Open Source Software Auditing project (EU-FOSSA) among many other reputable groups. This is arguably the most trusted password manager invented. It is the gold standard. KeePassX is also open-source and is based on KeePass. It however has not had a formal code audit, but it has been vouched for by security industry leaders such as Tavis Ormandy.
They are both run locally — they do not have native cloud syncing capabilities. This may be a con for some.
KeePass and KeePassX are simple programs but not in a beautiful minimalist sort of way. They are truly barebones and the UI is not for everyone. But it is a small detraction from otherwise perfect programs.
The Clean Professional
You want a nice interface, but you don’t want frills. You want a company that stands behind their product, but you don’t want flashy. You are a thoughtful consumer and your password manager should reflect that.
BitWarden is the password manager for you.
Free for personal use. Family and Business accounts start at $1/month.
BitWarden balances out competing password manager needs. It provides cloud storage but doesn’t try to automate unnecessary functionality. They provide a simple interface but still have thoughtful touches like “Global Equivalent Domain”, which prevents you from needing duplicate entries, across related domains, that use the same credential.
The code is open-source and with the premium subscription ($10/year) you can use a variety of multi-factor authentication schemes.
Password sharing is only available in online password vault. However, you can access shared passwords using the browser extension or desktop app, once they’re synced.
The Command Line Aficionado
Where all my nerds at?
Who needs a GUI when you have the perfect, simple beauty of a command line?
If you prefer text over human interaction (text doesn't make fun of your glasses), investigate Pass
Pros: It's simple to use, open-source and based on tried and true cryptographic software (GNU Privacy Guard)
Cons: There's no GUI. It's command line based. But isn't that the point?
Do you use Pass or BitWarden or LessPass or Something else?
Didn’t your parents teach you better than to ask that question? Just kidding, I’ll answer. My answer is “yes”. I’ve used all of the above. I prefer to only recommend products that I’ve tried (I personally have not audited these programs from a cryptographic standpoint).
They all fit different needs for different scenarios. In the end you’ll probably use more than one. You’ll likely use a cloud synced manager for your everyday web passwords and a local password manager for backup codes and passwords that you never want to leave the confines of your highly protected laptop (that you occasionally leave unlocked at coffee shops… but that’s for another blog post :-) ).