Password Manager Shootout – eWallet vs. KeePass vs. LastPass
I initially intended for this post to discuss my disappointment with password managers. After a few years of hearing tech sites and other tech geeks praise password managers, I finally jumped on the bandwagon last week. A password manager is software that helps you organize and remember passwords, PIN codes, and sometimes even bank account and credit card information. I wanted a password manager that would work across multiple platforms – PC, iPhone, and U3 (SanDisk’s thumbdrive technology). For that reason, I started with eWallet. From there, I also looked at KeePass, which is the manager I have seen discussed the most in tech circles. In both cases, I was disappointed. I was wondering whether my expectations had been too high. It was then that I discovered LastPass.
For another password manager comparison, check out our showdown between LastPass and 1Password.
Photo by Mirko Macari
At first, I thought eWallet was the answer. eWallet has a portable app and an iPhone app. I was disappointed to learn that eWallet does not automatically integrate itself with your browser (or, if it does, I haven’t been able to find out how). Instead, you click on links from within eWallet, and then that page is opened in Internet Explorer with your login info already completed.
You also may have noticed that I mentioned that eWallet autofills pages in Internet Explorer. I did not mention Firefox for a reason. eWallet’s autofill functionality doesn’t work at all with Firefox. Despite the fact that I had already paid for eWallet for the iPhone, this alone removed it from my list as a possible desktop application.
I then turned to KeePass. KeePass is not only free, but is open source, which is a big plus with programs that depend upon encryption. This typically makes it subject to more scrutiny than a proprietary application.
KeePass was a step up from eWallet. It at least has autofill functionality via a hotkey combination, and has a plugin that allows automatic autofill integration with Firefox and Internet Explorer. Unfortunately, after hours of playing around with this on two different machines, I couldn’t get this to work reliably. A quick look at the KeePass forums reveals that one of the longest threads there is from people having similar problems. Even when working, it takes some customization of the autofill configuration if a page doesn’t have standard input boxes. I could live with that I suppose, but there is no iPhone version of KeePass. There is talk of one being stuck in Apple’s approval process, so hopefully this will change soon. When it does, KeePass might be worth another look. But the lack of iPhone functionality, coupled with the troubles I had with the autofill features, made me cross KeePass off of my list.
Just when I was about to give up on password managers, I stumbled upon LastPass. I initially noticed that LastPass has an elegance that eWallet and KeePass don’t touch. LastPass works how I always had assumed (mistakenly so) that all password managers worked. When you visit a site in your browser, your password can be automatically filled in, assuming you previously entered it into LastPass. It was not hit or miss for me like KeePass. It simply worked.
LastPass is an online password manager, but it is only online in the sense that you can sync your passwords from any computer. Your data is still stored locally, and, most importantly, your passwords are encrypted locally before being sent to the LastPass servers. This means that even if someone would steal the LastPass servers, it would still be almost impossible for them to access your passwords. LastPass uses 256 bit encryption, which reportedly would take a few trillion years (literally) to crack.
LastPass is not open source, so it does require a bit of trust on your part that the LastPass developers have implemented the encryption correctly. For some, this might be a dealbreaker. Since I’m migrating from Firefox’s native, unencrypted password manager, LastPass is a step up even in the face of any such concerns. The LastPass developers also have discussed a third party audit once Lastpass matures beyond the stage where they are making frequent releases of the software. I may not place all of my bank account and financial passwords there for now, but I’ve already loaded everything else.
Getting passwords into LastPass is easy, as it can import them from several sources, including from Firefox’s native password manager. I did have to tweak the settings for LastPass a bit, to make it as nonintrusive as possible. First, I switched OFF the compact toolbar. This not only created a large, undesirable toolbar for LastPass, but also created a small icon on the bottom right of my browser. Right-clicking on that icon shows a menu, with the option to hide the large toolbar. After doing so, all I had on my screen was the small icon on the bottom right of the browser. I could open it to access more detailed features, but the autofilling and other features worked just fine with that minimal interface.
Like KeePass, LastPass also has an iPhone application that has been submitted to Apple, but is stuck in approval purgatory. For now, there is an iPhone bookmarklet that is not perfect, but does autofill passwords with a couple of taps.
Last but not least, LastPass is also free. The LastPass creators have indicated that they aim to be profitable by selling their technology to businesses.
In fairness, this is not a feature by feature comparison of each of these three applications. Once I discovered that eWallet and KeePass were missing some of my must-have features, they became too cumbersome for me to use for extended periods of time. And eWallet’s iPhone application is nice, such that I will probably use it to store my credit card information. But once I discovered LastPass, the competition was over. Your mileage may vary based on what your needs are, but for me, LastPass was the hands down winner.