We use passwords every day: to do online banking, log into our favorite websites, and to secure personal documents. Unfortunately, more than half of all net users use the same password for most websites, according to a study by Ofcom, the UK communications watchdog. Security experts have been urging people to improve their password policies for years, but without any significant results to show for. Luckily for you, there’s a better solution. We are talking, of course, about password managers. In this article, we are set to find out which password manager for Android is the best one.
Introduction to Password Managers
Passwords are seemingly a great way how to protect private information and prevent unauthorized access. After all, they have been in used for thousands of years. But passwords have one huge enemy: convenience. The average adult logs into multiple websites every week, with each website protected by a password. In an ideal world, people would never use the same password again, and all passwords would be reasonably complex, consisting of special characters, letters, and numbers.
“According to Ofcom’s “Adults’ Media Use and Attitudes Report 2013” report, a poll of 1805 adults aged 16 and over discovered that 55% of them used the same password for most – if not all! – websites,” reported Graham Cluley for Naked Security. The outlook is even bleaker when you consider that 26% tend to use easy-to-remember passwords such as birthdays or names of people.
So, how does a password manager help with this issue? A password manager is like a notebook (a very, very secure notebook) in which you can store all your passwords and look them up (or let the manager automatically suggest them to you) whenever you need to log into a website.
What Makes a Password Manager Great?
A good password manager will help you generate a secure password, alert you in case you use the same password for multiple websites, and fill in the login details when you need to enter a password-protected website. All major password managers are compatible across a wide range of platforms and operating systems, so you can get by without remembering any of your passwords – expect for the one that you use to log into the password manager itself.
Security of Password Managers
You might be thinking, “wait, if all my passwords are stored in one place protected by a single password, doesn’t that decrease my security?” That’s a completely valid question. Passwords stored in password managers are protected with a strong encryption algorithm. The strength of this algorithm depends on how complex the master password is. Assuming one hundred trillion guesses per second, it would take 3.43 centuries to crack a relatively simple password consisting of 4 uppercase and 10 lowercase letters. Increase the complexity and the length of the password to 20 random characters and you are looking at 11.52 thousand trillion centuries. Furthermore, many password managers, like LassPass and 1Password, use two-factor authentication with SMS message, fingerprints, or hardware two-factor authentication tokens.
Are you now convinced that you should start using a password manager? Good. Let’s now take a look at two best password managers for Android.
LastPass was first released on August 22, 2008, and it has since then become the most used password manager in the world. The company was acquired by LogMeIn, Inc. for $125 million and unveiled a new logo earlier this year. LassPass has become a target of hackers on multiple occasions, but their prompt response has helped customers retain their faith in the software.
LassPass has dedicated applications for all popular operating systems and browser extensions for Chrome, Firefox, Safari, Internet Explorer, Opera, and Maxthon. Compared to many other password managers, LassPass takes a more pro-active role in keeping users’ passwords safe and organized.
It will securely store all passwords and notes in a vault, automatically organizing them by their category. LastPass will autofill the login, generate random passwords, audit existing passwords and alert in case a duplicate is found or when a password is due for a change.
All passwords are protected with PBKDF2 SHA-256 and salted hashes to ensure complete security in the cloud. Users can take advantage of several multifactor authentication options, including the LastPass Authenticator, Duo Security Authentication, Google Authenticator, Yubikey Multifactor Authentication, Grid Multifactor Authentication, and others.
Our only gripe with the software is the clunky user-interface that still feels outdated even after several redesigns. What’s more, the latest version works poorly on mobile devices, forcing people to purchase the Premium plan.
LassPass has 3 different pricing plans: Free, Premium, and Enterprise. Until the end of the last year, users could only use LassPass for free on a single device. However, changes have been made, and it’s now possible to use the Free plan to sync passwords across multiple devices of the same type. That means that you can sync your passwords across 3 different smartphones, but you need to pay for the Premium plan if you also need to sync to your tablet or personal computer.
A good news is that the Premium plan costs just $12 per year. It includes unlimited device sync, shared family folder, priority tech support, and premium two-factor authentication. The Enterprise plan costs twice as much and throws in a central admin console, additional sharing options, and SSO with active directory support.
– Free for multiple devices of the same type (i.e. several computers or 3 different smartphones)
– Robust multifactor authentication
– Available on all major platforms
– Pro-active approach to security
– Weak default settings for the password generator
– Confusing user interface
1Password was initially released on June 18, 2006, and the password manager has since then found its way into Windows, OS X, Android, iOS, and the web. Developed by AgileBits Inc., 1Password has undergone several major redesigns and feature upgrades.
The password manager is designed to store online passwords, credit cards, receipts, and all other important documents. It does this with a powerful mix of AES-256 encryption and PBKDF2 key derivation to ensure that users’ data remain completely secure. They employ three separate encryption layers – a master password, account key, and secure remote password – and also let users set up a two-factor verification. Owners of smartphones compatible with TouchID from Apple or Nexus Imprint can also unlock 1Password their fingerprints.
1Password has a sleek, modern user interface, which feels noticeably fresher than the somewhat convoluted user interface of LassPass. The software can help you generate a secure password, save it only to automatically fill it later, and the 1Password Watchtower provides around-the-clock security alerts for the services and sites that you use.
However, probably the best thing about 1Password is the way it integrated with the latest version of iOS. The developers took full advantage of multitasking capabilities of the operating system, making password input much easier. It’s even possible to use an Apple Watch as a storage for two-factor authentication tokens or any number of items from your digital vault.
Unlike LastPass, 1Password doesn’t offer a free version, but users can try the software in a free trial to see if they like it. They can then decide to purchase either a single license or subscribe to an all-access family plan. The plan costs $5 per month and can be used by up to 5 people.
1Password really wants people to use their subscription option, which is apparent when you look at the sheer number of features that are absent when you buy a single license. Not only can the single license version by used only on Windows or Mac, but you have to get by without an automatic sync, free upgrades to new versions, sharing and access control, web access, and account recovery.
– Sleek, easy-to-navigate user interface
– Deep integration with the latest iOS
– Support for Apple Watch
– Limited plans
For most people, the decision between the two password managers will likely come down to their aesthetic sensibilities. There’s no denying that LassPass is a powerhouse of a password manager, but the user interface feels clunky and outdated even after the latest redesign. 1Password feels right at on iOS and the user interface and experience design.