| By Scott Dunn |
From shopping and banking sites to network- and remote-access logins, we’re inundated with requests to create and remember a plethora of passwords.
Fortunately, plenty of free tools help us store and organize our passwords in a single, secure location.
Login aids can be more hindrance than help
If you counted the number of times you were prompted to enter a login ID and password in the course of a working day, you could be approaching double digits by your afternoon break.
Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!
Subscribe and get our monthly bonuses - free!
Your hard drives store photos, books, music and film libraries, letters, financial documents and so on. This ebook is aimed at helping you understand your hard drives, expand their capacities and length of life, and recover what you can from them when they fail. We're offering you a FREE Excerpt! Get this excerpt and other 4 bonuses if you subscribe FREE now!
Firefox, Internet Explorer, and other browsers offer to remember passwords for the sites you visit. However, your passwords are not always secure when stored in a browser — though Firefox is a safer bet, since you can encrypt its passwords with a master password.
Furthermore, you might need a tool that saves passwords for other programs, not just Web sites. If you’re like me, relying on your memory is perilous, and writing your passwords on a piece of paper — even one you keep in your wallet or some other relatively secure location — is dangerous. That’s where password-management utilities come in.
Password managers are small databases designed to help you manage the deluge of passwords needed to navigate your computer, network, and Internet needs. With the exception of RoboForm’s browser toolbar, most of these programs have a similar interface and features, including but not limited to the following:
• A main window showing a list of your account names, passwords, URLs, and so forth
• Automatic password generation and optional password-expiration settings
• An option for attaching notes to any name and password entry
• The ability to copy a name and password to the clipboard without opening the dialog for each entry
• A means of launching a URL from the password manager
• A feature for clearing the clipboard and encrypting the password database
• The ability to print the database
The most cumbersome thing about password managers is that you have to cycle through multiple windows to use them. In most cases, the scenario goes like this:
Step 1. Select your account in the password manager window and copy the account name.
Step 2. Switch to your browser (or other application window) and paste in your name.
Step 3. Switch back to the password manager window and copy the account password.
Step 4. Switch to the browser yet again to paste in the password.
KeePass, Access Manager, 4uonly, and other programs simplify this process only slightly by letting you drag and drop the information between windows. However, you still have to switch between windows repeatedly.
There are so many password managers available that I had to limit my selection to those that offer a free version and also include a wealth of features. Not all of the programs claim to run under Vista, but they all worked fine in that operating system during my tests, with the exception of Password Corral’s online help.
| UPDATE 2009-08-06: In Becky Waring’s Aug. 6, 2009, Top Story, she describes easy ways to create strong passwords.|
#1: SIBER SYSTEMS ROBOFORM
| $30 version |
RoboForm takes a unique approach to password management, using as its main interface a toolbar that attaches to your Internet Explorer or Firefox browser. The program monitors your Web surfing and offers to save any name and password information you enter at a site. (You can also enter your Web IDs and passwords manually.)
Once the information is in the program, logging into a site is a simple matter of choosing a button or pop-up menu option from the toolbar to fill and submit the form. It’s slick and easy, and it certainly beats the two-window shuffle required by other password managers.
To save even more clicks, place bookmarks to login pages in RoboForm’s pop-up menu, which lets you navigate to the page and log in with a single click.
RoboForm doesn’t just automate your logins. The program is also a great way to save such personal information as your name, address, phone numbers, and credit card numbers for automatically filling out online forms. Like your passwords, this information is encrypted and accessible from a master password, which is cached in memory so you need enter it only once per session.
As with the other programs I tested, RoboForm lets you organize its “passcards” (what it calls each database record) into groups, if desired. You can also create multiple profiles for other purposes or other users.
Unlike the other applications I tested, you can’t attach custom notes to each item or account in RoboForm. However, the program’s “Safenotes” feature lets you enter secure data for any purpose, such as ATM passwords.
| UPDATE 2008-09-22: After publication, several readers pointed out that you can annotate entries in RoboForm by clicking Edit, Add Note. Our thanks to the readers who alerted us to this error.|
Siber Systems also makes a version called RoboForm2Go that runs from a USB memory stick or flash drive. When you insert the device into a computer’s USB slot, the RoboForm data is available to you. Removing it leaves no trace of your passwords.
For some, the biggest downside to RoboForm is its Web focus. The program is designed to work with Web forms and logins, not network passwords or encrypted folders (although you can always store that info in its Safenotes feature).
The free version of RoboForm limits you to ten passcards and two identities.
#2: KEEPASS PASSWORD SAFE
| Free version |
For fans of open-source software, KeePass Password Safe is certified by the Open Source Initiative and has all the features I mentioned above plus a few extras. For example, KeePass supports keyfiles, a type of file that acts as a key or password and that you can put on a separate USB flash drive for safe-keeping. The program’s search feature helps you find entries in its database. (Access Manager also offers this feature.)
You can even install KeePass on a USB flash drive and carry it with you wherever you go.
KeePass attempts to solve the window-shuffle problem by providing Auto-Type, a simple scripting system that lets you fill in and submit login data with a single keyboard shortcut. However, I was unable to get Auto-Type to work, and the explanation in the program’s help system was no help in this regard.
As a security precaution, KeePass automatically clears the Clipboard ten seconds after you have used it to copy a name or password.
Several tools, including Access Manager and Password Corral, let you organize your passwords by creating custom groups. KeePass provides several built-in groups to start with and forces you to keep your passwords in at least one of these, even if it’s the top “General” level.
This isn’t a big deal most of the time, but if the group becomes deselected in the tree pane on the left, you won’t see any of your password info in the right pane. And this is annoyingly easy to do if you happen to click anywhere in the left pane to activate the window. To work around this, I put all my data into one group and then dragged the divider until the left pane almost disappeared.
Because the product is open-source, you don’t have to worry about paying an upgrade fee to get more features. And you can download and install a number of third-party plug-ins to enhance it.
Despite its shortcomings, KeePass’s many features make it the best freeware password manager I tested.
#3: CITI-SOFTWARE LTD ACCESS MANAGER
| $25 version |
Like RoboForm, Access Manager 2 comes in a free and paid version. The program’s main window requires that you select an account name before you see the database record listing the password and any other info you’ve entered for it. This is the only password manager I looked at with this requirement.
For each account, you can enter not only a URL but also the name of a file, folder, or program that must be unlocked with a password. You can also open such an item from the Access Manager window.
To get data out of your database and into your login screen, Access Manager offers the option to have the password copied to the clipboard while you drag the account name. That way, you switch windows only once: drag to the name field, and then paste in the password field.
However, Access Manager’s more unique features are found only in the $25 version — including the ability to run the program from a USB flash drive, use an onscreen keyboard to foil keyloggers, or delete files securely, just to name a few examples.
Access Manager is a solid product with strong appeal for those who use passwords for more than just Web sites. Still, you’ll need to pay if you want to use the program in a commercial setting or if you need more advanced password-management features.
#4: CYGNUS PRODUCTIONS PASSWORD CORRAL
| Free version |
Password Corral is a typical freeware password manager, but unlike most such tools, the program doesn’t hide your passwords in the main window with the usual asterisks in place of the actual characters. There’s a button you can click to hide (scramble) or unhide the information in the main window, but doing so also hides the user name and URL.
Password Corral is the only password manager I tested that doesn’t let you drag and drop names and passwords into the appropriate files.
Also, the program isn’t intended for Vista: you can’t open its help system in the newest version of Windows. Otherwise, Password Corral runs fine on Vista PCs.
#5: DILLOBITS SOFTWARE 4UONLY
| Free version |
Like Password Corral, 4uonly takes a basic approach to password management, though it does let you drag and drop names and passwords, just as in other password managers.
The program does offer one time-saving feature: it protects your password database by tying it to your Windows account. So as long as you’re logged into Windows, you don’t have to supply 4uonly with a master password. However, you can still assign one in case you are logged in under other credentials.
Unlike the other products I reviewed, 4uonly doesn’t give you the option to organize your passwords into groups to help manage a large number of accounts.
More disturbingly, I noticed the status bar sometimes stated, “The clipboard is empty,” even when my password was still on the clipboard. The program’s command to clear the clipboard resolved this, but the misleading message is a serious security bug.
That’s the only big problem with 4uonly, but why bother using this program when there are safer alternatives you can get for free?
Scott Dunn is associate editor of the Windows Secrets Newsletter. He has been a contributing editor of PC World since 1992 and currently writes for the Here’s How section of that magazine.