What good is a secure password program if you can't get access to your data when and where you need it?
Using a password manager application to automatically log into Web sites -- and to secure and manage all of your user IDs and passwords -- is a great help in organizing your digital life. But most password managers simply save your data in an encrypted file and then leave it stranded on one computer.
That doesn't work if you have a Windows desktop at work, a Mac or Linux machine at home, an iPad in your family room and an Android phone in your jacket. You need secure access to your data from any device, at any time, whether you're online or offline. And you don't want to have to manually update several work, home and mobile password databases every time you change an account's credentials -- something I've been doing for years.
The makers of an emerging breed of password managers are striving to provide secure online access to your passwords in the cloud and give you a synchronized, local copy of your password database on every computer and mobile device, no matter what operating systems, browsers or mobile platforms you use. (Having a synchronized local copy means you don't have to worry if the password database in the cloud goes down -- or the vendor suddenly disappears.)
In Video: How to Retrieve a Lost Windows Password
For this roundup, I looked at four products in this category: Agile Web Solutions' 1Password, Clipperz from Clipperz SRL, LastPass from the company of the same name and RoboForm from Siber Systems Inc. I tested each on four different platforms: a MacBook Pro running OS X 10.5.8, laptops running Windows 7 and Windows XP, and an iPad. I also tested browser add-ons for Internet Explorer, Firefox and Chrome.
Keeping passwords secure
All four applications work by having your computer encrypt passwords and other personal data before uploading a copy to the cloud. Because the data has been encrypted locally, the vendor does not have the key to unlock the data stored in the cloud: Only you do.
You secure your password database by creating a user account name and a master password. Once you're logged in, the applications automate the process of gathering user IDs, passwords and other information as you visit each Web site. They can then automatically fill in and submit your log-in credentials each time you return to those sites.
LastPass, RoboForm and 1Password can also fill in forms using data stored in profiles. You can create "identities" that have access only to subsets of your password data (such as work-related information, personal data or data for systems shared by you and your spouse), and you can store other types of sensitive data, from locker combinations to safe deposit box numbers. The way in which Clipperz supports forms is a little more involved, requiring the use of bookmarklets and mapping fields into what Clipperz calls Direct Login links.
Support for mobile devices is more limited. On some mobile devices, such as Apple'siPhone or Android-based phones, the password management application may include a simple, stand-alone browser when it can't integrate tightly with the native browser for the device. On some platforms, some products may lack the ability to maintain a synchronized, local copy of your data.
As a category, these products are still evolving. Once you figure out the best way to work with them, however, they make securing and accessing your passwords from any device, at any time, convenient and easy.
1Password doesn't quite meet all of the criteria for anywhere, anytime, any platform access to your password data. However, it's a breeze to use and a good choice if you're in a Mac-centric household.
It will also work if you just need to synchronize passwords with a Windows machine at work and an iPhone from the road. It supports the iPhone, iPad, iPod Touch, Palm and Android phones. But if you want access from your BlackBerry or from a Linux computer, or if you want a version that runs from a USB key, look elsewhere.
To back up and synchronize your data you'll need to set up an account with storage-as-a-service vendor Dropbox. (You can get up to 2GB of storage for free, which should be plenty for password data). Dropbox creates a folder on each computer and then synchronizes among them. Configuring 1Password to work with Dropbox is easy: You simply move your 1Password database to your local Dropbox folder.
Technically you can view your password data directly on the Dropbox Web site using a browser, but it's not an obvious process. You have to go to Dropbox, log into your account, click on the "Files" tab, and click on the 1Password.agilekeychain file, which exposes the1Password.html file. Clicking on that brings up the 1Password "Unlock" screen so you can decrypt the file and view your password data. Because you must log into Dropbox first, you can't just create a browser bookmark to go directly to your 1Password data.
The Mac version of 1Password includes a standalone application to manage your data and a browser extension that provides access to your passwords by way of either an embedded "1P" button on the navigation tool bar or controls on a 1Password toolbar. The toolbar includes a context-sensitive shortcut button that determines what site you're currently visiting and suggests the appropriate account credentials when clicked.
On the Mac, iPad and iPhone versions, 1Password has easily the prettiest user interface in the group, and it's simple to use as well. 1Password integrates with several popular Mac browsers.
The versions for the iPhone and iPad include an integrated browser. Both automatically fill in credentials but don't automatically submit them to the site. You can also copy and paste credentials into a Safari window.
One irritation on the iPad: Switch away from 1Password by clicking the iPad's Home button and you're logged out (RoboForm performed the same way). LastPass did preserve my sessions on the iPad until they timed out, regardless of how many times I switched away. The developer says it will support multitasking with Apple's release of iOS 4.2 in November, so you won't get logged out every time you press the home button.
The Windows version, still in beta, provides the same basic functions, although the pop-up user interface for Windows browsers (Firefox or Internet Explorer only) has a different look and feel. And unlike the Mac version, in Windows you need to use the browser add-on to log into Web sites. You click the 1P icon to bring up the dialog box, click the "Go and Fill Login" button, and then pick the site from a list. The pop-up dialog fills in credentials but doesn't automatically submit them unless you have checked the "Auto-Submit Logins" box (it is turned off by default).
Agile Software licenses 1Password by the user rather than the device, but you do need a license for each platform. The license for the Mac version costs $39.95. The Windows version currently costs $19.95 while it's in beta; on release, it will also cost $39.95. You'll pay $9.95 for the iPad, iPhone or iPod Touch -- a $14.95 Pro version lets you install 1Password on all three iOS devices.