Password Managers

Why Password Managers?

Our tool Spybot Identity Monitor shows that your data can get lost even with reputable large companies. Strong passwords that are unique to each online service you use are a key factor to security. But can you remember dozens of complicated passwords? A password manager helps you to store passwords in a secure way, without a bunch of stickies on your screen. This of course means that password managers need to be even more secure, since if they would get hacked, not just one but all of your passwords might be at risk.

Our recommendation for the average user is Sticky Password. For experienced users with their own trusted cloud infrastructure, we also recommend KeePass.

Even if you pick the best password manager available, or even if you store all passwords in memory, using Two Factor Authentication where possible is a good idea (we’ll add a tutorial about that soon).

Features

Uncategorized

Not yet sorted into categories.
KeePass

KeePass is our long time favorite and recommendation for experienced users.

It's easy to use as a password storage on a single computer. If you want to integrate it with your browser, you need to find and install a fitting browser plugin manually. The KeePass website will help you find such plugins.

KeePass 2.40 demo database

Storage

KeePass stores its password archive where you want. This means you are not forced to use the password managers cloud, like most services do. If you want to share it across devices, you can pick the cloud service of your choice.

Platforms

KeePass itself is a Windows application. There are many variants for other platforms listed on its website. We recommend MacPass for macOS users and MiniKeePass for iOS users.

Security

KeePass supports Advanced Encryption Standard (AES, Rijndael) and the Twofish algorithms, and SHA-256 for hashing master keys. It allows to set up archives that require multiple factors to unlock, including passwords, key files or Windows accounts.
DashLane

DashLane comes with a free version that runs on one device and manages up to 50 passwords. It has been editors choice in the Apple App Store, and Best App on Google Play. Due to the issues below, we cannot recommend the use of DashLane.

Storage

DashLane allows syncing using DashLanes own servers, or keeping the data just on your device. It does not allow you to synchronize your data using your own preferred cloud service.

Platforms

DashLane is available for Windows, macOS, Android, iOS and Linux.

Security

DashLane has published an updated Privacy Policy on March 15th, 2019. This one still contains inconsistencies:

We do not and cannot know your Master Password and, because of that, we do not and cannot know what Secured Data you store on the Services. We use technology, including cookies, to collect anonymous data that we use to provide and improve the Services.

Automated Decision Making and Profiling. We do not use your Personal Data for automated decision-making. However, we may do so in the future to comply with applicable law, in which case we will inform you of any such processing and provide you with an opportunity to object.

Once installed, Dashlane contacts gate.hockeyapp.net. HockeyApp is, quoting the service itself:

HockeyApp is a service for app developers to support them in various aspects of their development process, including the management and recruitment of testers, the distribution of apps and the collection of crash reports.

.
That this is automated profiling is made clearer by the use of the term "analytics" in various places on the HockeyApp website:

Because HockeyApp’s distribution, crash reporting, and analytics services are now available in App Center, HockeyApp will be retired on November 16, 2019.

This privacy policy no longer allows the sharing of sensitive data, but is incorrect about the profiling, keeping it hard to be fully trusted.

Security (pre May 15th, 2019)

There was an inconsistency in DashLanes Privacy Policy:

In order to use the password manager and secure digital wallet elements of the Services you will enter certain information into the App, including highly sensitive information like names, addresses, phone numbers, identity information, credit card information, passwords, receipts for online transactions and secure notes (“Encrypted Sensitive Information”). The Encrypted Sensitive Information is encrypted locally on your device using strong encryption and is backed up on the Dashlane cloud. None of it is viewable to Dashlane because it is encrypted with the Master Password. If you choose to synchronize your Encrypted Sensitive Information with more than one device (each an “Authorized Device” via the Services, the “Sync Function”), the Services are designed to transmit and store the Encrypted Sensitive Information through the Dashlane cloud to the Authorized Device(s) using strong encryption and in a manner that Dashlane will not be able to read.

At the same time, DashLane requests the right to share this Encrypted Sensitive Information that they say they have no access to with third party:

In order to make it less likely that someone will perpetrate a fraud on you, we may provide some portion of the Information, including some Encrypted Sensitive Information, to the financial institution that issued your credit card or other payment information that operates your credit card or payment network (collectively, “Payment Providers”).

Having lost faith that Encrypted Sensitive Information is out of reach for DashLane, the next part lowers the trust even further:

Affiliates. We may share some or all of your Information with our parent company, subsidiaries, joint ventures, or other companies under a common control (“Affiliates”), in which case we will require our Affiliates to honor this Privacy Policy.
StickyPassword

Sticky Password is our general recommendation for all users who do not have their own cloud infrastructure or need the complex features of KeePass. Plus, we love that they support manatees!

Storage

Sticky Password can store your passwords locally, or in their cloud (hosted by Amazon) if you want to share them between devices. For enhanced security and privacy, it also offers a WiFi only synchronization that allows you to have your passwords on all your devices without using an external cloud not under your control.

Platforms

Sticky Password is available for Windows, macOS, plus Android and iOS smartphones.

Security

Sticky Password uses AES-256 encryption and optionally enforces two-factor authentication. Our favourite feature is the local synchronization where your encrypted data does not even leave your network. Access to your database for new devices can be blocked as an additional method of protection. Read their Security Whitepaper for more details.

Privacy

Contrary to some other password managers, Sticky Password does not use third party tracking or spyware modules.

Discount

As a Safer-Networking customer, you're entitled to a 50% discount if you buy it by following our product link. Please note that while we will get a share of this price, this description is written independently and our recommendation stands even without.