February 4, 2013

Password Management

Last week we covered common weaknesses associated with single factor password authentication; specifically: management, storage, and insufficient entropy. This time we will be giving a brief overview some of the best password management solutions designed to address these issues.


The Basic Idea

Most password management solutions work by automatically generating and remembering unique random complex passwords as the user creates them. This repository of credentials is secured by a single complex password, the only password a user will need to remember and protect. These solutions have a wide range of features and prices with an increasing focus on cloud access and mobility.

Top Solutions

LastPass (Windows/Mac/Linux/Mobile: Free | $12 Per Year for Premium)

LastPass is a cloud-centric solution where passwords are primarily stored on LastPass servers. A local copy of the passwords is kept on the client pc/device, however, in case the internet connection is lost or interrupted. The service supports two factor authentication. A mobile application is available to autofill passwords. On IOS it cannot integrate with safari but instead provides a browser within the application itself. The free version is very functional, with two-factor authentication and mobile support the most noticeable missing features.

RoboForm (29.95 Desktop| 39.95 Portable | 19.95 Per Year Everywhere)

RoboForm offers the most powerful ‘form filler’ functionality with the ability to fill in more fields more flexibly than its competitors. The Everywhere subscription option includes  unlimited installs of the Desktop and Portable versions while the subscription is active. The solution’s portable version is identical to the standard desktop version except that it runs off a USB key. The RoboForm Everywhere account is accessible without the client software but features are limited, passcard and personal information editing are not supported. A smartphone app is available but it does not feature the powerful form filling functionality of the Desktop editions.

KeePass(Windows/Mac/Linux/Mobile: Free, Open Source)

KeePass is an opensource solution available free on a wide variety of platforms. This solution caters to the highly technical, with more options than most solutions and the ability for the user to change the code. KeePass is flexlible, but also complicated, and automates much less than competing solutions. Plugins can be downloaded to add features and enhance functionality, though these are not guaranteed to be safe. KeePass provides by far the most fine-grained manual control, but requires the most work out of the available solutions.


Bottom Line

No matter which solution you go with, even if its not on this short list, using a password management suite will help protect yourself against breaches of services you have created accounts with. Creating  a unique complex password for each account is made manageable by these tools.