A Word About Password Management

It's something of a quandary. You're not supposed to use the same password for multiple sites or programs in order to limit your exposure if someone compromises that password. In other words, if someone finds out your gmail password, will it also work on your banking site? That could be really bad news. So, when you do the right thing by making unique passwords for all your various accounts scattered about the Internet it can become something of a chore to remember them all.

I'll admit, there were some passwords that I just never remembered.  Each time I visited one particular site, I had to use the "forgot password" link to remind myself.

Fortunately, there are several good programs out there to automate the task of remembering your passwords and keeping them all safe.  This is not meant to be an exhaustive comparison of them, but rather what I've used and how it's made my surfing life easier.

Back in the good ol' days, I actually had (still have) a black book with passwords and web addresses written in it.  Convenient for when you're at home sitting beside the computer.  But, what about when you're traveling?  Or using a friends computer?  It's definitely not a good idea to write all your passwords down in one place and then carry that information around with you.  The risk for exposure is just too great.  However, I do believe that writing down some of your more important passwords and keeping them together in a central, SECURE location can have merit.

One of the first password managers I used was Keepass.  It's open-source and multi-platform; two of my favorite things.  It had a lot of cool features such as organizing logins in a hierarchical tree and choosing your own encryption algorithm.  I still use it, but mostly as a back up.  At the time I made a switch it was lacking browser integration and auto-fill, so logging into a website meant launching Keepass, logging in, finding the login information and then copying and pasting it to the web form.  I understand that newer versions have improved and I probably should go back and give it another look.  The version I still use is a PortableApps version that installs on a USB key; handy for taking your passwords on the go.

The aforementioned "switch" from Keepass was to RoboForm.  I LOVE RoboForm.  It's by far the best Windows password manager I've used.  That's also one if it's only drawbacks... it's Windows only.  However, besides passwords it allows you to store complete online identity information as well as credit card data.  Everything is securely encrypted and unlocked using a master password.  Another nifty feature is the built-in password generator.  Whenever you create a new account on a website and it asks for a password, you can simply generate a new, highly-secure, and unique password that will be automatically remembered.  Browser integration is tight with the ability to Autofill a form or to "Autofill & Submit" to save one more step.

RoboForm also has a portable version.  RoboForm2Go installs on a USB key and can auto-launch.  I use it daily at work.  One of the only knocks on RoboForm I can think of is that the export functionality is lacking.  HTML export is pretty much the way you have to go to get to our next app.

Upon switching to a Mac, I immediately missed the lack of an OS X version of RoboForm.  Fortunately, it didn't take long to find 1Password.  1Password is now my "default" password management tool.  Like RoboForm it also provides for storing online identities and credit-card/purchasing information.  However, it's designed for OS X.  The browser integration is seamless.  I don't even think about it being there... it's just how I use the Internet.  When a site needs my password, I click the "1P" button next to the URL and it automatically logs me in (after initially providing the master password, of course).

A "Strong Password Generator" is also included with 1Password for ensuring that you can create unique passwords for all your online activities.  But, perhaps my favorite feature is the addition of the mobile version of 1Password.  I use it on the iPhone, there's a Palm version, too.  The mobile app gives you access to all your passwords while you're on the go.  Obviously, this approach lacks browser integration, but it means that no matter where I am or which computer I may use I always have my passwords with me.  Just remember to sync the mobile version with your Mac periodically to keep it up to date.

I can definitely recommend all three of the applications mentioned.  I think it really depends on your operating platform and your intended use.  I continue to use RoboForm because of it's seamless browser-integration, ease-of-use, and portability on the Windows side.  However, 1Password is definitely my preferred password manager.  If my life was all-Mac, it would probably be the only password manager I used.  And lastly, I keep a copy of Keepass Portable around as a "just in case" backup and if I happen to be surfing on my Ubuntu server and need a password.

A syncing solution (even third-party) between 1Password and RoboForm would make my life simpler as the last time I tried it was kind of a pain... eport HTML from RoboForm and then import that into 1Password and tweak everything to make sure the import is OK.  Ideally, a portable, multi-platform version of 1Password would be outstanding.


Keepass |  http://keepass.info (FREE)
RoboForm/RoboForm2Go |  http://www.roboform.com (Free to Try, $29.95 - $39.95)
1Password | http://www.1password.com (Free to Try, $39.95)

Disclosure: I have an affiliate agreement with 1Password whereby I receive a commission for any sales generated through my affiliate link.