Password Manager Shootout – eWallet vs. KeePass vs. LastPass

pwkey

I initially intended for this post to discuss my disappointment with password managers.  After a few years of hearing tech sites and other tech geeks praise password managers, I finally jumped on the bandwagon last week.  A password manager is software that helps you organize and remember passwords, PIN codes, and sometimes even bank account and credit card information.  I wanted a password manager that would work across multiple platforms – PC, iPhone, and U3 (SanDisk’s thumbdrive technology).  For that reason, I started with eWallet.  From there, I also looked at KeePass, which is the manager I have seen discussed the most in tech circles.  In both cases, I was disappointed.  I was wondering whether my expectations had been too high.  It was then that I discovered LastPass.

For another password manager comparison, check out our showdown between LastPass and 1Password.

Photo by Mirko Macari

At first, I thought eWallet was the answer.  eWallet has a portable app and an iPhone app.  I was disappointed to learn that eWallet does not automatically integrate itself with your browser (or, if it does, I haven’t been able to find out how).  Instead, you click on links from within eWallet, and then that page is opened in Internet Explorer with your login info already completed.

You also may have noticed that I mentioned that eWallet autofills pages in Internet Explorer.  I did not mention Firefox for a reason.  eWallet’s autofill functionality doesn’t work at all with Firefox.  Despite the fact that I had already paid for eWallet for the iPhone, this alone removed it from my list as a possible desktop application.

I then turned to KeePass.  KeePass is not only free, but is open source, which is a big plus with programs that depend upon encryption.  This typically makes it subject to more scrutiny than a proprietary application.

KeePass was a step up from eWallet.  It at least has autofill functionality via a hotkey combination, and has a plugin that allows automatic autofill integration with Firefox and Internet Explorer.  Unfortunately, after hours of playing around with this on two different machines, I couldn’t get this to work reliably.  A quick look at the KeePass forums reveals that one of the longest threads there is from people having similar problems.  Even when working, it takes some customization of the autofill configuration if a page doesn’t have standard input boxes.  I could live with that I suppose, but there is no iPhone version of KeePass.  There is talk of one being stuck in Apple’s approval process, so hopefully this will change soon.  When it does, KeePass might be worth another look.  But the lack of iPhone functionality, coupled with the troubles I had with the autofill features, made me cross KeePass off of my list.

Just when I was about to give up on password managers, I stumbled upon LastPass.  I initially noticed that LastPass has an elegance that eWallet and KeePass don’t touch.  LastPass works how I always had assumed (mistakenly so) that all password managers worked.  When you visit a site in your browser, your password can be automatically filled in, assuming you previously entered it into LastPass.  It was not hit or miss for me like KeePass.  It simply worked.

LastPass is an online password manager, but it is only online in the sense that you can sync your passwords from any computer.  Your data is still stored locally, and, most importantly, your passwords are encrypted locally before being sent to the LastPass servers.  This means that even if someone would steal the LastPass servers, it would still be almost impossible for them to access your passwords.  LastPass uses 256 bit encryption, which reportedly would take a few trillion years (literally) to crack.

LastPass is not open source, so it does require a bit of trust on your part that the LastPass developers have implemented the encryption correctly.  For some, this might be a dealbreaker.  Since I’m migrating from Firefox’s native, unencrypted password manager, LastPass is a step up even in the face of any such concerns.  The LastPass developers also have discussed a third party audit once Lastpass matures beyond the stage where they are making frequent releases of the software.  I may not place all of my bank account and financial passwords there for now, but I’ve already loaded everything else.

Getting passwords into LastPass is easy, as it can import them from several sources, including from Firefox’s native password manager.  I did have to tweak the settings for LastPass a bit, to make it as nonintrusive as possible.  First, I switched OFF the compact toolbar.  This not only created a large, undesirable toolbar for LastPass, but also created a small icon on the bottom right of my browser.  Right-clicking on that icon shows a menu, with the option to hide the large toolbar.  After doing so, all I had on my screen was the small icon on the bottom right of the browser.  I could open it to access more detailed features, but the autofilling and other features worked just fine with that minimal interface.

Like KeePass, LastPass also has an iPhone application that has been submitted to Apple, but is stuck in approval purgatory.  For now, there is an iPhone bookmarklet that is not perfect, but does autofill passwords with a couple of taps.

Last but not least, LastPass is also free.  The LastPass creators have indicated that they aim to be profitable by selling their technology to businesses.

In fairness, this is not a feature by feature comparison of each of these three applications.  Once I discovered that eWallet and KeePass were missing some of my must-have features, they became too cumbersome for me to use for extended periods of time.  And eWallet’s iPhone application is nice, such that I will probably use it to store my credit card information.  But once I discovered LastPass, the competition was over.  Your mileage may vary based on what your needs are, but for me, LastPass was the hands down winner.

Evan Kline

Hello, I'm Evan. I write about tech from my perspective – that of the average 40-something tech geek. You can also find me on Twitter and at my real-life job as a lawyer.    MORE ABOUT ME.

113 Comments:

  1. I am a new fan of LastPass. I have been using it now for about a week and I am pretty impressed. It also has a Windows Mobile and a Blackberry app.

  2. I can't wait for their iPhone app to come out. Between this and some of the other apps we've both discussed, it sounds like our computers would look pretty similar.

  3. Lol! I don't doubt it. Right down to the games, I'd wager…. :P

  4. Lol! I don't doubt it. Right down to the games, I'd wager…. :P

  5. I'm using one password with mac os x. It's great and I don't have to remember my passwords.

  6. I am always looking for the latest in apps and software. I use Spb Wallet and love it. It has autofill in IE browser and it's own browser with autfill in the Iphone App. I have several apps that I use tht all are for the same pupose and will def go see what last pass is all about. I do highly reccomend Spb Wallet on the same note!!! thanks for are your reviews!!

  7. Thanks for the suggestion. I'll have to take a look at Spb Wallet.

  8. Is there anything you would trust for your bank account and financial passwords?

    • What I’ve been using, Jan, is eWallet on my iPhone. It is encrypted, and resides only with me (i.e. it doesn’t go out in the cloud to a company). Because of the encryption, it would be difficult (maybe impossible) for someone to hack it, even if they stole my iPhone. If you use a solution like that, make sure you use a long and strong password, with a combination of letters, numbers, and symbols.

      Another possibility would be to use something like TrueCrypt and Dropbox, if you wanted to access your account info on multiple computers. You could set up a TrueCrypt container, which is sort of like a file that gets expanded into a “make believe” hard drive when you decrpyt it (see http://www.40tech.com/2009/09/01/4-steps-to-secure-evernote-on-a-shared-computer/ for an idea as to how that works). You could share that encrypted container among all your computers using Dropbox.

      I should add that the problem with both of these solutions is that you still need to key in your details. They aren’t autofilled as with Lastpass.

  9. I find it hard to fathom that you left out the best password manager BY FAR: RoboForm by Siber Systems. It integrates seamlessly with your browser (even includes an extension for FireFox.) Many nice features, like a password generator are built in. My only problem right now, is that they do not yet have an Android client for my new Droid!

    • Thanks for the suggestion, Jeff. I’m familiar with RoboForm, as that one has been around longer than the others I believe, but I went with LastPass based on a few reviews that had compared the two. I haven’t tried RoboForm, myself though, mostly because from the look of their website, it seems the free accounts have limitations. Since LastPass is free and does everything I need, I couldn’t justify springing for the RoboForm Pro account. I also like that LastPass is available everywhere, on any computer. I’m not sure if RoboForm is or not, as the site wasn’t clear. But that’s the great thing about software- there are many different choices, and different people’s needs will be served by different software. So, what works for my needs might not be the same for you, and vice versa.

      • RoboForm does indeed have a “use it anywhere” option, called RoboForm Online (though it is still in beta, I believe). I have not used that, but the RoboForm2Go client on a USB stick is pretty great for using it every place.

        All that said, I think I may have to try LastPass on my Droid for now. It looks like the only really decent option for Android mobile devices… at least that I can find. If any of your readers know of a better option, paid or free, I’d sure love to hear about it!

      • I’d be curious to hear how LastPass is on the Droid, if you give it a try. The iPhone now has an app, but it is a paid app. I use the bookmarklet instead, which works fine but might not be as secure, as it keeps you logged in to your LastPass account for a period of time.

      • “I use the bookmarklet instead, which works fine but might not be as secure, as it keeps you logged in to your LastPass account for a period of time.”

        As per their FAQ entry on bookmarklet, when you generate a new bookmarklet, all the existing ones become invalid, so if your phone ever gets stolen, you should login to your a/c and recreate your bookmarklet ASAP. See: https://lastpass.com/support_faqs.php?fromwebsite=1#bookmarklet

      • Great tip, Hari. Thanks!

  10. I have used Roboform for about 3 years now. I also use 1Password for my mac. Roboform was okay, but I switched to LastPass a few days ago because I needed cross platform capabiltiy. I can use LastPass on my Windows 7 box, on my laptop, on my macbookpro, and on my iphone. The integration is there, I don’t have to worry about copying data between mulitple password programs to keep them up to date.

    The thing I don’t like about Roboform is that it won’t fill in any of my windows application passwords. I still have to do that manually. It was nice to see that LastPass is working on adding this functionality.

    1Password is for Mac only, and they support the iPhone, but as I stated earlier, I wanted cross platform integration and 1Password just didn’t have it. I rank Roboform above 1Password because Roboform will automatically login to the website you go to. With 1Password, you still had to navigate to the site, hit the 1Password Icon in the browser bar and select the appropriate login for the page.

    The nice thing about 1Password is that it works with multiple browsers on the Mac, so Safari, Flock, and other browsers are supported. Roboform only works with IE and Firefox, and they have a Chrome Plug-in, for Windows only. I use a lot of different browsers, depending upon what I am doing. Roboform doesn’t support Mac. They are attempting to do that now with a browser plug-in, that will leverage data that you have stored online at online.roboform.com. I just don’t like the idea of accessing my passwords over the web. I’d rather pull from a local source.

    Roboform is able to synce data online through the use of another tool called GoodSync. You pay another fee for this tool, and it integrates with Roboform to analyze and sync passwords to the cloud. The down side is that if you run multiple windows computers, you have to buy a separate license for each instance of Roboform and GoodSync. It can be pricey. The benefit of GoodSync is that you can use to to compare other files and sync them. It is not just for Roboform passwords.

    In the end, I decided to use LastPass because it currently covers all bases for me. The only browser that I see is not yet supported, but in development is Chrome on Mac. Since that browser is currently under development, I don’t see that as being an issue. I am happy to wait for it.

    Hope that helps. If you have any other questions, feel free to give me a shout.

    Cheers,
    Shawn Hank

    • Wow, thanks for the great and thorough review of those options, Shawn! I was particularly interested in what you had to say about Roboform. Jeff, above, had mentioned it, and then I was at a professional seminar the other day on how to integrate tech into my profession, and Roboform was discussed again. I think you reinforced my decision to go with LastPass.

      • My pleasure.

        The one thing I didn’t cover was the cost. LastPass is free, and has a yearly subscription fee for premium features. It’s 12 bucks a year. VERY Cheap when you consider how often one might use this tool. Even the iPhone app for premium users is free. There is just tremendous value with this product. Unlike 1Password’s iPhone upgrade that really made many people mad, the team at LastPass seem to really listen to what their users want, and work hard to deliver.

        Roboform is 29.95 for a one time fee. Goodsync is another 29.95 as well. They have licenses for thumbdrives if you want your data to be portable, etc. There is no iPhone app for Roboform – a real bummer for anyone who uses this too. You can access your passwords vial the mobile Safari browser by logging into your online.roboform.com account. This doesn’t really allow you to do anything except cut and paste password which is a pain.

        1Password is 39.95 for a single license and 69.95 for up to 5 Macs. The upgrade to a the version that works fully with Snow Leopard (OS X 10.6) is normally 29.95 for a single license and 49.95 for a family license. But they are being generous and offering discounts for this new release. The 1Password iPhone app is 7.99. A bit pricey but it does work well.

        One thing to note about any of the iPhone apps discussed here. None of them integrate with the native mobile Safari browser. Apple forbids any kind of integration with their browser, so each has a built in browser that allows you to select a site/password and have it auto login for you. It’s an acceptable work around for me.

        Both Roboform and 1Password are good programs, and I would recommend them to folks, but I would really ask them what their needs are, what OS they are using, and other questions to really make sure any of these solutions would work well for them. Like anything else, it comes down to what you are doing and how you want to leverage any tool. For me LastPass fits perfectly…for now. :-)

      • Very cool, Shawn. I use the LastPass bookmarklet with mobile Safari, which works pretty well. The only drawback is that it keeps you logged in for a period of time, so you need to make sure you don’t lose your phone.

  11. Been a mostly happy camper using PasswordSafe for a couple of years. With Dropbox it’s easy to sync, but no Mac version. Yes, Password Gorilla reads PSafe files, but it has the finesse of it’s namesake and is about as pretty.

    The big issue is the crypto. It’s clear that PSafe is solid but, for other products, accurate info is so difficult to get, not to mention reliable reviews by crypto experts. Any one can say they’re an expert, or even write a pretty “technology” page for their product, but who knows? I’ve also been using FFox’s password manager with a master password, but now the LastPass install offers to turn off the “unsafe” pw mgr. If FFox is unsafe that’s good to know, but knowing why would be better.

    I’ve got close to 200 entries in PSafe now, including a dozen or so financial logins. I am starting to use LastPass, but immediately there’s a problem: The conversion from PSafe includes dumping all entries to an *unencrypted* file, and then a cut/paste into a web form. Just at a time when serious design flaws have been uncovered in SSL/TLS.
    http://www.google.co.cr/search?hl=en&q=%22ssl+flaw%22

    Guess I’ll migrate this in two chunks: Financial logins by hand, then upload everything else. Also, I will definitely use Eraser to clean up the unencrypted file left behind and then track down the FFox pw mgr db and erase that also. Feels like progress…sure hope that it is.

    • If your looking for a Mac based password manager, you might want to try 1Password. It is Mac based, and provides one of the riches feature sets anywhere. Just a few features are, Integration with all Web Browsers, Stong Password Generator, Auto Fill Credit Cards while online, Secure Notes, and much more. You can get a free trial at their website, http://www.agilewebsolutions.com.

  12. I wasn’t aware of PasswordSafe or Password Gorilla.

    As much as I love LastPass, I don’t keep my financial logins in it. I don’t think I’d keep that in any password manager, no matter how safe. That might be illogical on my part, but I feel more comfortable that way.

    I’ll have to check the LastPass forums soon, to see if they ever opened it up to 3rd party audit yet. They had mentioned that would come some day.

    • I’m not sure if they have already opened it up to 3rd party audit, but I can tell you that LastPass has received the Steve Gibson thumb of approval (recent Security Now podcast with Leo Laporte). Gibson is as paranoid as paranoid security guys go. If he says something is safe and secure to use, and willingly uses it himself, that’s good enough for me. :)

      • Good point, Ryan. I don’t listen to his Security Now podcast, but I’ve heard Leo Laporte mention on other TWiT shows that Gibson gave LastPass a thumbs up.

  13. I use Sticky Password for password management and I think it is the best on the market. It is integrated and everything is automatical.

    http://www.stickypassword.com

    • I hadn’t heard of that one. There are so many products on the market, that it can be hard to keep them straight. I like the idea that it supports more than browser passwords, but I couldn’t tell from the site if it was cross-platform compatible or not. I do like the price of LastPass, though – free.

      • No, it is not cross-platform, but when I have tested Lastpass, it wasn’t working for me :( Lot of accounts were not filled etc.

  14. i sprang for the $39.00 for roboform a few years ago. it’s awesome, and I think you can install it on everyone computer you have. there is no annual subscription fee. so once you pay, you’re in forever. free updates included. The mobile version is a separate fee, which I haven’t bought yet.

    one really nice thing about it (or not, depending on how you spend money), is that it will fill in “identities”, such as credit cards, billing addresses, shipping addresses, etc. If you were discouraged from purchasing by having to go get your credit card, those days are over. The down side: it’s far too easy to buy stuff. click to open your B&H photo/video account, select your purchase, click to enter your credit card info and address. $350.00 gone in 5 minutes.

    • I’ve heard many good things about Roboform, Dan. I think that one is the elder statesman in the field. LastPass does have form management, too, although I haven’t messed with it much, so I can’t say how well it works.

  15. If you’re serious about password management Lastpass.com or Passpack.com are your only viable options as both support multi-factor authentication using Yubico Yubikey’s (www.yubico.com), which RoboForm Online does not.

    Should your username/password combination be compromised by an intruder, they would still need physical access to your Yubikey to access your account.

  16. A Yubikey is something I’ve been thinking about adding to my arsenal for a while. What happens if, for example, you go to work and leave your key at home? Does that mean you can’t access any of your accounts if you don’t remember the passwords?

  17. If you have forgotten/lost your Yubikey, an unassociate Yubikey link is available (refering to Lastpass here), which will send ‘how to unassociate’ instructions to your registered email account.

    Of course should you not wish to unassociate your key, you will not be able to gain entry to your account.

  18. After using LastPass for a while, this morning I signed up for the premium service. I am now using their Sesame portable app on a USB drive as the authentication device. And, as I have both a Mac and a PC, I put both the Mac and the PC version of Sesame on the same device. Works great. First time in many years that I start to feel like this might be an adequate solution.

    Of course there’s a downside to using authentication devices. My bank now requires another device, and another bank I use will soon require yet one more device. By then I will need to get an iPhone to avoid having to carry around 3 dongles.

  19. The reason I stick with Keepass is it’s ability to use it OUTSIDE of the browser. You can use it for your Truecrypt containers, MS Money, Outlook, etc. It’s NOT tied to the browser like Lastpass. That is what is winning me over.

    • Completely agree, and that’s why I stuck with PasswordSafe for so long. There is a LastPass “Pocket” version that installs on your hard disk or on a USB drive. Using this briefly tonight, it looks like it has all the stuff I’m used to with PSafe which, IIRC, is quite similar to Keepass. With the Pocket app, as with the LastPass Sesame app, both the Mac and PC versions run from the same USB drive.

      The LastPass Pocket version can load entries from either the LastPass website or from a locally saved encrypted data file. Since I have LastPass configured to require the Sesame app, the Pocket version requires both my master password and a Sesame one-time password to access the entries, both local and remote. Looks like this is maybe the best of both worlds. Finally, yay.

  20. Been using Lastpass for ages now, like most started off with 1password on mac and roboform on pc.

    Just to add to the information about using sesame for extra authentication, you can have “trusted computers”, that don’t require your sesame key just your master password.

    saves the hassle of digging out a usb stick with sesame for your own personal computer.

    Nick

  21. After reading some timely postings on the LastPass discussion forum and doing some further reading, it turns out that all of the popular and easy attempts at browser security are in vain. Passwords don’t help, secure or otherwise, and two-factor authentication is not effective. However, I am Still Hopeful, as during my searching I found a possible alternative. I have collected some notes on all this here: http://ccobb.net/blahblahblog/?p=658

  22. Pingback: Illium eWallet viewer voor Android - Mobilyz.com

  23. Pingback: Task Manager Comparison: Toodledo vs. Remember the Milk | 40Tech

  24. Pingback: 3 Creative Uses of Dropbox | 40Tech

  25. I am a Roboform user. However mainly for portable use on a USB stick. It is just great and realy easy and safe to use that way. Especially the possible setting that it asks for the main password after coming out of the screensaver..
    It picks up your logins on first time entry with utter ease, creating new entries automaticcaly, and fills also difficult webpages, on which I’ve seen other password managers fail.
    I did have lesser experiences with Goodsync and their online storage however. Some mistakes when synching did cost me some entries.
    I must say, it doesn’t work properly under Android2.1 as well. On my HTC Desire, the password ends up in the username field, and I can’t log in after all.
    So I will give Lastpass a chance for my Android….

    • I’ve heard almost all good things about Roboform. I do like the USB possibilities. LastPass has that, too, which is something I’ve been meaning to look into.

  26. Hello Evan,

    I’ve been trying Lastpass today.
    On Android it works good.
    On PC slightly less convenient then Roboform.
    Although I am missing one critical feature with Lastpass, which Roboform offers, That is autologout on screensaver/lock screen.
    That means whenever I walk away from my PC, I hit the windows key together with “L”, which initiates the screensaver, automatically logging off Roboform.
    Automated safety first !!
    I must say, that I prefer to keep my login info stored locally.
    On USB, Roboform is by far the better one.
    Just insert the stick, boot the app (all in just 1 click) and it automaticcaly generates the toolbar in your browser, whatever browser you use. Rady to go just like that.
    When you remove your USB stick, Roboform automatically shuts down and wipes all traces from the PC after you.
    With Lastpass, you either have to start a Keepass like app from your stick with local credentials which require cut and paste kind of use, or have to start a portable browser from you stick, which has the Lastpass prugin installed.
    And then it still wants to go online by default.

    After using both, I must say, only the buggy online sync and poor performance of Roboform on Android make Lastpass the better one now.
    If you are happy with use on PC only, or want to use a USB stick for carrying your credentials, (which is better then installing apps evereywhere you go, and retreiving your ligins from online storage everythime you use it, think of keyloggers that might run on a strange PC) there is no question about it: Only one choice: Roboform.

    Best solution: Roboform2Go

    • Wow, thanks for the thorough review! You can set LastPass to automatically logout when you close your browser, or when you’re idle for a set period of time, but you’re right- there is no option for it to log you out when your screensaver kicks in. I’m fortunately in a work environment where nobody is savvy enough to get into my machine anyway when I lock it, but I can see how this would be an important feature in other environments.

  27. Say Even,

    A last remark, ar rather important notice:
    Whe you are on an unknown PC, be aware of the risk of a keylogger, especially when abroad in some internet cafe.
    When using Lastpass, a keylogger will show the owner of the keylogger your main password.
    That means anyone, using a keylogger on a PC, where you use your online vault, will have access to your vault, after you are left.
    Better to use a USB stick solution like Roboform2Go, when you are on an unknown PC, and use online sync only from your own trusted PC.

    • “When using Lastpass, a keylogger will show the owner of the keylogger your main password.”

      Not an issue if you use LastPass with a Yubico YubiKey, which I do always.

      Failing that, LastPass can generate One Time Passwords (OTP) which can used when operating a public machine.

  28. Hello Dukeswharf,

    What you say sounds right, although this “Yubikey” is new to me. Haven’t seen or heard from it around here in The Netherlands, Europe.

    If you know what you’re doing, You can work safely with Laspass.

    Though, with all the lazy and maybe not so up-to-date users in mind, the app should be safe the way it works with basic settings.
    It should not be required to be aware of all possible dangers and adjust for each situation to a specific possible danger.
    This is what you have such app for: to do that for you.

    The basic user just want a one-click app that keeps them safe, and remembers for them, all they need to know to login.

    • No matter which system one uses, and I fully recommend and use LastPass daily, multi-factor authentication is a must.

      Using LastPass in conjunction with a Yubico Yubikey, is simplicity itself.

  29. Evan, did you say LastPass was free? I found in my Droid marketplace for $12 a year. Also, I am looking for an app where I can store by passwords and maybe my credit card information so I can ditch my wallet.

    • Byron, I can’t speak for Android. On the PC, it is free. I know on the iPhone the app is $1 per month, but I just use the javascript bookmarklet instead, which is free. I imagine that is probably not as secure, but since my iPhone never leaves my hand or my pocket, I’m not worried about it.

      I still do use eWallet, one of the other apps reviewed here, for stuff that I don’t need (or want) autofilled online, like credit card info. Basically, I use it for stuff that I need to look up every now and then “in real life.”

      I have thought about going the premium route with LastPass, just to throw some money their way. I do like to support developers of programs that I find really useful.

  30. Some updates:

    Roboform:
    At this moment, Roboform doesn’t charge for the goodsync app that can be downloaded for synching the Roboform app with the online storage. So only charge for Roboform sofar is the Roboform license itself.
    The Android app is free.
    The Android app does work properly now, though does require quite a different approach then Lastpass, and requires quite some steps to follow through in daily use.
    When using it to browse to a stored website, one has to get the website from the favorites, under favorites chapter “Roboform”.
    For logging in, one has to go to the favorites again, and choose the crdentials form the Roboform chapter in favorites, which can now be autofilled and submitted nevertheless.
    Lastpass is here still the more convenient one. Though as Byron mentioned, Lastpass for Android is not free, but on subscription base, for $1 / month
    Roboform is a one-time fee for the Roboform license on a PC, or when using Roboform on Android only, there is no fee.
    The Robofom Android app is however limited at this time to fill and submit. It won’t store new login’s from the Android app. This needs to be done in the online storage from a browser, or synched form a Roboform app on a PC.

  31. Some remarks

    Lastpass costs money for Android, because in order to be able to use it, you need to have the premium online Lastpass storage.

    To Byron:
    For future: Roboform is planning on an Android app that stores credentials local in the phone. Might be a good solution for what you are looking for, though not yet today

  32. Pingback: Blog do Márcio d'Ávila » Gerenciador de senhas

  33. High memory issues in Firefox while the RoboForm add-on (6.9398) was active finally pushed me to LastPass. So far I’m liking it although I have to do more test with the autofill feature. Hopefully RoboForm will finish the beta version they have now for download and also solve the ongoing issue with their Firefox add-on memory leaks. Memory on my Firefox grew to around 800MB over several hours while sitting idle. I disabled all add-ons and tested one at a time until the culprit add-on was identified. Turns out this has been an issue for sometime.

    Thanks for your comparison article. And thank you users for your comments.

    • Thanks for letting us know about the RoboForm issues.

      As far as autofill goes in LastPass, the only issue I’ve come across is with Google domains, where I have multiple accounts. I have one account that is my primary account, but another account that I use with stuff like Adsense. Autofill always defaults to my main account, even on the Adsense page. It’s not too big a deal, but I do have to use the dropdown menu to select the other account. It would be nice if it would remember which account to use with which Google property.

  34. THank you so much! My last pass toolbar was hidden and it was driving me crazy. I was trying to do the opposite and unhide it.

    I clicked on the small icon in the bottom right of the browser and clicked Unhide toolbar.

    That worked. Thanks!!

  35. LastPass only continues to get better. They have many integrations and I have not had one complaint to date. I’m so glad I never purchased the full version of 1Password – would have just been paying for the UI. Thanks for the great article!

  36. Pingback: 7 Tips to Protect Your Email from Hackers | 40Tech

  37. I’ve been a huge supporter of roboform but may be done w/ them. Seems they have some kind of issue with Google-based products. The reviews in the droid app store are not positive and they’ve had the better part of 2010 with no fix. Their form filler for google chrome is a bit duct-tape-ish as well. Seems like a consistent issue with no fire lit under them to fix.

    I’m also a firefox guy since most of my research tools require it and hadn’t put 2 & 2 together on that being a possible culprit of the famous FF memory leak. Thanks for the heads-up on lastpass – might check it out.

  38. After having used Lastpass for quite a while now, I stopped using Roboform and I must say after using Roboform again after a long time: Lastpass is the better one for me, especially regarding userfriendlyness.
    Things that bugged me quite a lot with Roboform was that I had a crash of my USB stick beyond repair, and lost one stick.
    At such time you’d whish to have all stored at a safe place online…. like I have now with Lastpass.
    That doesn’t mean Lastpass doesn’t have flaws. For example when you log multiple login’s for one and the same webpage, that doesn’t always work nice. Some of those cases you have to reboot the browser before going for the next login….

    • I’ve never had to reboot my browser, but I agree that multiple logins can be a bit odd, especially for places like Google sites, where there are multiple sites under google.com. I’m not sure how they could make it easier, though.

  39. Lastpass has taken over XMarks.
    Since I already did use XMarks, and realy like it, I am now fully Lastpass user.
    Especially where XMarks also works on my Android mobile, and works there like a dream too.
    I still do have my Roboform license, but hardly use it anymore.
    The biggest dwndraft of Roboform is the vulnerability of being on a stick.
    You realy HAVE TO BACK UP at regular interval.
    I already did have to re install and recover all data for three times now . Two times due to broken stick, one time due to lost stick.
    Even bigger anoyance is that I have to contact Roboform for each reactivation of my license on the new stick.

  40. I switched from Roboform to Keepass a year or two ago. My primary reason for switching was that Keepass worked across all platforms. and as often as I was formatting and reinstalling around that time I’d always have to email Roboform and beg for more activations in order to use a program I paid for!

    Keepass was and still is good. I synced my database with Dropbox. My system basically was everything went into Keepass but logins that weren’t a big deal (forums, blogs, Yahoo, etc) had their passwords saved within Firefox’s password manager for easy login. There are a couple of iPhone apps that work with kbd (keepass database) files but the two I tried were a headache to import to.

    I’d been reading about Lastpass on Lifehacker for quite a while and decided to give it a try. It imported all my passwords from Firefox and I copied over my few from Keepass. The process was really simple. I like the fact that it works virtually everywhere like Keepass.

    I was so impressed by Lastpass ease of use that bought a premium subscription combo (with xMarks) so that I can use it on my iPod Touch.

    One of the cooler features was Security Check (Tools > Security Check). I used that to go through all the sites with duplicate passwords and changed them all. Now every account I have uses a random and unique password.

    My only issue is export. I’d really like to have a local copy of my password database just in case anything every blows up, lol. I tried exporting to a CSV then importing to Keepass but that didn’t work out. For now I’ll stick the CSV in a TruCrypt volume and be done with it.

    Excellent article by the way. You have a new RSS subscriber. :)

    • I am a new KeePass user and trying to migrate from SplashID to manage my secure data, while using LastPass for everything web related. I could essentially keep everything in LastPass, as I don’t doubt their encryption or implementation, however, I would have to control where I have it installed or logged in and also tighten its screws and the OS security to be completely at peace of mind. E.g., I would love to have it on my HTPC as I often browse and shop from there, but for the convenience of using it as HTPC, I can’t have tight OS level security. For this reason, I intend to keep using both LastPass and KeePass for separate set of data with different master passwords.

      About making LastPass data available offline, I am planning to do this by periodically importing data from LastPass to KeePass. It seems like 2.x version has built-in support for LastPass CSV export format, but since currently the support for 2.x data format is poor on mobile devices, I have decided to use the current 1.8 version with the help of a Python script to convert the LastPass CSV to XML format and import it with the help of VariousImports plugin. I took an existing script and ported it for KeePass 1.x XML format and it is available here:

      https://github.com/haridsv/lastpass2keepass/blob/master/lastpass2keepass.py

      At the same time, to make my transition from SplashID to KeePass easier (while SplashID remains the master copy for a few days), I wrote another quick script that produces KeePass 1.x XML from SplashID CSV export, and it is available here:

      https://github.com/haridsv/lastpass2keepass/blob/master/splashid2keepass.py

      I noticed that KeePass 2.x has built-in support for SplashID CSV export, but it is incomplete and drops a lot of fields, so the above script should still be better.

      I am able to easily transfer the KeePass db with entries imported from both LastPass and SplashID to MyKeePass iPhone app and it is working well. The MyKeePass app needs a lot of improvement, but it is quite usable as it is, at least for looking up information on the go.

    • The Security Check is a nice feature. After the Gawker breach, I considered doing that, but I don’t have many duplicates (and those that are dups, are for unimportant sites).

      LastPass will work offline (well, at least your current passwords will work), but a standalone local app would be nice.

  41. Check out the KeeFox addon.
    http://keefox.org/

    It takes your KeePass DB and integrates the autologin with Firefox. Works very well.

  42. Pingback: LastPass vs. 1Password: Password Manager Shootout [Windows/Mac] | 40Tech

  43. Trying to keep track of all these passwords is the suck. :(

    • It sure is. I think a password manager is the only seamless way to avoid not using the same password on multiple sites. I’ve seen other methods for assigning passwords to sites, but they seem to be too much work. It’s all a tradeoff between convenience and security.

  44. I used to be a loyal Roboform customer until Siber Systems pulled a bait-and-switch on me by not honoring free lifetime upgrades (see link below). Their deceptive stunt left a bitter taste in my mouth and because of that, I can’t recommend Roboform. I switched to LastPass and haven’t looked back since.

    http://en.wikipedia.org/wiki/Roboform#Controversial_change_in_upgrade_policy

    • Agree on RoboForm. I keep hoping a class-action lawyer will sue them out of existence. They tried to claim it was only free ‘updates,’ not ‘upgrades,’ but Google was full of cached pages from their own website that said ‘lifetime free upgrades.’

  45. I use shared computer at office. How do I use lastpass securely on a shared computer ?

    • Hello Furqan,

      You can use Lastpass on a shared computer without problems.
      Just take great care when setting it up.
      The best way is to use the add-on for your browser.
      First of all Take care that the browser doesn’t record your credentials.
      Then configure the add-on.
      You must configure it to:
      1- NOT to open your password vault on login.
      2- NOT to remember nor your password, nor your e-mail address. (can be done in the logon pop-up window before logging on.
      3- Set the add-on to log of as soon as you close the browser. (General settings)

      Now when using Lastpass, make it a habbit to always log of Lastpass and close your browser after use.
      On a shared computer always when you walk away from it, or when you turn your back on it.
      Logging of on top of closing the browser, because this is a shared pc.
      You never know who is on it when you are not there.
      If you realy want to be carefull, it is better to use a browser that runs from you private USB stick. (e.g. Portableapps http://portableapps.com/ ) Then you are sure you are online on your own terms (settings).

      If this is to much, rather don’t use it on the shared PC.

      • I’m glad you’re around, MohKraats, to answer some of these questions. You’ve become our resident LastPass expert.

        Another thing to try, Furqan, is setting the browser plugin to automatically log off after a short period of inactivity, just to be safe.

    • Thanks MohKraats, Evan Kline & Hari for your valuable suggestions.

      1password @ https://agilebits.com has a feature whereby every time you try login to a website it will ask for the master password.

      Is there any such feature availabe in lastpass.

  46. On top of what MohKraats and Evan suggested, I would also recommend creating a separate browser profile. You can snrb get overboard and point the profile location to something encrypted, such as a TrueCrypt folder that you can mount on demand and unmount when done.

  47. Pingback: Hong Ng LastPAss

  48. Roboform is dishonest. After advertising for years that upgrades were free (which is why I bought) they reneged on their advertised documented word and have said to thousands of users that they must purchase an upgrade. Since Roboform version 7 is REQUIRED for Firefox 6 (or 5, or 4!) all of those users must succumb to their piracy or go through the pain of switching. It’ll be a pain… but it’s worth it to not support dishonesty.

    Roboform Better Business Bureau page now has a big REVOKED on it because of so many complaints. Here’s the link to the BBB page: http://www.bbb.org/washington-dc-eastern-pa/business-reviews/computers-software-and-services/siber-systems-in-fairfax-va-7004423/

    Here’s the link that PROVES free upgrades where offered when I purchased: http://web.archive.org/web/20080822215550/www.roboform.com/why-pro.html

    If this Russian based company is unethical enough to break their word regarding upgrades, are they unethical enough to sell my passwords to the Russian mob? *gulp*

  49. Thx for your review about it… :)

  50. Pingback: Make Your LastPass Account Uncrackable: LastPass Adds Support for Google Authenticator | 40Tech

Leave a Reply