10 лучших менеджеров паролей по версии лайфхакера
Содержание:
Advanced Password-Management Features
Given that all these products take care of basic password management tasks, how do any of them stand out from the pack?
One handy advanced feature is managing passwords for applications, not just websites. Another is a secure browser, designed to protect sensitive transactions and invoked automatically when you visit a financial site. The ability to automate the password change process seems to be less and less common these days. Some password managers never offered this feature to maintain zero-knowledge policies.
Most password managers include a built-in mechanism for securely sharing passwords with other users, but some go a step further with advanced permissions. For instance, a few password managers allow you to share a login without making the password visible, revoke sharing, or make the recipient an owner of the item. On a grimmer note, what happens to your secure accounts after you’ve died? A growing number of products include some provision for a digital legacy, a method to transfer your logins to a trusted individual in the event of your death or incapacity.
Logging in with your secure username and password to a website that doesn’t use a secure HTTPS connection is a big no-no. Some password managers even warn you about insecure login pages. Even when you do use HTTPS, sniffers and snoops can still learn some things about your activity, such as the simple fact that you’re logging in to the secure site, and the IP address from which you’re connecting. Running your secure connections through a virtual private network, or VPN, adds a layer of protection. Dashlane now includes a simple built-in VPN from Hotspot Shield, and RememBear comes from the same source as the Editor’s Choice TunnelBear VPN.
Secure storage is an increasingly common feature among password managers, too. The storage allocation won’t replace the need for a dedicated cloud storage and syncing service, but in many cases, it’s enough for storing important documents in an encrypted state.
Sticky Password
Allows an unlimited number of saved credentials
Security details are here.
Sticky Password was founded in 2001 by former executives of AVG Technologies, which was a pioneer in the freemium category for security software. True to their roots, this password manager offers a full-featured free version that works on all major device categories and browsers, allows an unlimited number of saved credentials, and supports two-factor authentication and biometric sign-in.
The $30-per-year premium version includes the ability to sync between devices, using either the company’s servers or a local-only option using your own Wi-Fi network. It also supports cloud backups and secure password sharing and includes priority support. If you’re really committed to the service, you can purchase a lifetime subscription for $200.
The Password Basics
A typical password manager installs as a browser plug-in to handle password capture and replay. When you log in to a secure site, it offers to save your credentials. When you return to that site, it offers to automatically fill in those credentials. If you’ve saved multiple logins for the same site, the password manager lists all those options. Most also offer a browser toolbar menu of saved logins, so you can go straight to a saved site and log in automatically.
The Best Password Manager Deals This Week*
Some products detect password-change events and offer to update the existing record. Some even record your credentials during the process of signing up for a new secure website. For maximum convenience, you shouldn’t choose a password manager that doesn’t include password capture and replay automation.
Those who are already using a password manager may find that the grass looks greener in the other app. Most allow you to export your saved data or import from other products, easing the process of switching password managers.
Getting all of your existing passwords into the password manager is a good first step. Next, you need to identify the weak and duplicate passwords and replace them with tough ones. Many password managers flag weak, duplicate, or compromised passwords and help you improve them.
When you create a new secure account or update a weak password, you don’t want to strain your brain trying to come up with something strong and unique. Why bother? You don’t have to remember it. Make sure your generated passwords are at least 20 characters long and include all of the major character types (uppercase, lowercase, numbers, and symbols); all too many products default to a shorter length.
Most password managers integrate some form of two-factor authentication for securing your account, be it biometric, SMS-based, or via time-based one-time passwords (TOTPs) stored in an authenticator app such as Google Authenticator or Microsoft Authenticator. The best password managers support authentication via U2F- or TOTP-based hardware keys such as from YubiKey and Titan Security.
Данные для входа в аккаунты Google Chrome
Если браузер Google Chrome имеет стандартные настройки, он будет автоматических сохранять данные для автоматического входа в аккаунты.
Посмотреть логины и пароли, а также настроить автоматический вход можно следующим образом:
Шаг 1. В открытом Google Chrome в правом верхнем углу находим три вертикальных точки, по которым следует нажать левой кнопкой мыши. В открывшемся выпадающем окне выбираем пункт «Настройки».
Шаг 2. В открывшемся меню настроек опускаемся к пункту «Автозаполнение» и нажимаем по графе «Пароли».
Шаг 3. В открывшемся меню настроек можно посмотреть свои пароли для входа на разные ресурсы. Данная информация находится в графе «Сайты с сохраненными паролями». В первом столбце написан адрес ресурса, во втором пункте расположены логины, а место третьего занимают пароли. Изначально пароли скрыты точками, а для их отображения следует нажать левой кнопкой мыши по иконке с глазом.
Помимо этого, здесь располагается уже знакомая кнопка с тремя вертикальными точками. Если нажать по ней, можно посмотреть дополнительные сведения или удалить выбранный пароль.
Также в данном меню можно включить или отключить функцию автоматического входа в аккаунты, добавить или убрать сайты исключения, для которых пароли не будут сохраняться даже при включенной функции автоматического входа, что может быть полезно для онлайн кошельков, банков и т.д. (данная функция находится в самом низу страницы). В верхней части можно воспользоваться поиском, чтобы быстро найти пароли. Для этого достаточно ввести имя сайта в строке поиска.
После отключения функции автоматического ввода паролей, следует провести очистку браузера и его истории, а также удалить все сохраненные пароли.
Это можно сделать следующим образом:
Шаг 1. Нажимаем по иконке с тремя точками в правом верхнем углу, в открывшемся окне выбираем пункт «История» и в открывшейся вкладке переходим в «История». Данное действие также можно выполнить сочетанием клавиш Ctrl+h.
Шаг 2. В окне истории переходим в пункт «Очистить историю».
Шаг 3. В открывшемся меню переходим в графу сверху «Дополнительные» и ставим галочку возле пункта «Пароли и другие данные для входа». Для удаления всех паролей, следует обязательно поставить пункт «За все время». После чего удаляем информацию при помощи кнопки «Удалить данные».
После этого пароли на текущем устройстве будут удалены, а пользователю придется использовать ручной ввод логина и пароля для всех аккаунтов.
Basic Features
Your typical password manager integrates with the browser and captures the username and password when you log in to a secure site. Occasionally, you’ll find one that doesn’t automate password capture and replay, but these may have other virtues, such as unusually strong securiyt or filling in passwords for secure applications, not just webpages.
The best password managers capture your credentials during account creation; when you change your password online, they offer to update the stored password for that site. Of course, password capture only works if the password manager recognizes that you’re logging in to a secure site, so non-standard login pages can cause trouble. Some products cleverly solve this problem by letting you manually capture all data fields on a page. Others actively analyze popular secure sites whose login pages don’t fit the norm, creating scripts to handle each site’s oddball login process.
When you revisit a site for which you’ve saved credentials, most password managers automatically fill the saved data, offering a menu if you’ve saved more than one set of credentials. Another handy (and common) feature is a browser toolbar menu of available logins, so that with one click you can navigate to a site and log in. One great thing about free password managers is that you can try several and find out which one you like best. If you’re thinking of making such a survey, look for products that can import from other password managers. Otherwise, you’ll have to go through the password capture process over and over for each candidate.
Enpass Password Manager
Price: Free / $9.99
Enpass is a fairly powerful password manager. It covers the basics and there are even desktop versions available for Mac, PC, and Linux. It also boasts no subscription fees which is a nice touch. Alongside that, the app can backup and restore your info, includes 256-bit AES encryption, cross-platform syncing, and you can even import from other password managers to make migration easier. You can also have it auto-fill your passwords into Google Chrome if you use that browser. It’s free to download and use with a single $9.99 payment to unlock everything. You can use this app for free with Google Play Pass as well.
The Top Password Management Software
Although a password manager needs to offer all the advanced features, it should remain easy to use and avoid needless complexity. Users who get annoyed or baffled by a password manager may well abandon it and go back to using sticky notes to store and share passwords or, worse, applying the same password everywhere. Our Editors’ Choices for the category are Dashlane, Keeper, and LastPass. Slick and polished Dashlane boasts a ton of features. Keeper Password Manager & Digital Vault offers a full set of advanced features, a sleek and elegant user interface, and support for every popular platform and browser. LastPass excels because of its ease of use and impressive free version. You won’t go wrong choosing any one of these products. Products that do not earn an Editors’ Choice still have their merits however, and you may even prefer one of them.
Password Manager Pro Add-on Features
Standard Edition
- SSL/TLS Certificate ManagementSSL/TLS Certificate Discovery:
- On-demand SSL Discovery
- Scheduled SSL Discovery
- SSL Discovery from SMTP servers
- Subnet Discovery
- Agent-based SSL Discovery
- Load Balancer Certificate DiscoveryCSR:
- CSR Process Management
- CSR Import
- Public CA Integration:
- End-to-end Certificate Lifecycle Management with Let’s Encrypt
- Integration with public Certificate Authorities (CAs):
Sectigo (formerly Comodo), GoDaddy, Digicert, Symantec, Thawte, Geotrust, and RapidSSLMiscellaneous: - SSL Certificate Deployment and Tracking
Premium and Enterprise Editions
- All Features of Standard Edition
- SSH Key Pair Lifecycle Management
- Automated SSH Discovery
- Microsoft CA Auto Renewal
- CMDB Integration for SSL Certificate Synchronization
Advanced Features
The point of adding a password manager to your security arsenal is to replace your weak and duplicate passwords with strong, unguessable passwords. But where do you get those strong passwords? Most password managers can generate strong passwords for you; many let you take control of things like password length, and which character sets to use. The very best ones offer a password strength report that eases the process of identifying and fixing poor passwords. A very few can even automate the password-change process.
Filling in usernames and passwords automatically isn’t so different from filling other sorts of data in Web forms. Many commercial password managers take advantage of this similarity and thereby streamline the process of filling forms with personal data. Not many free password managers offer this feature.
When you put all of your passwords into one repository, you had better be really, really careful to protect that repository. Yes, your master password should be as strong as possible, but you really need two-factor authentication to foil any possible hack attack. Two-factor authentication could be biometric, requiring a fingerprint, facial recognition, or even voice recognition. Some password managers rely on Google Authenticator or apps that emulate Google Authenticator; others use an authentication code texted to your smartphone. Allowing access only from registered, trusted devices is yet another form of two-factor authentication.
Speaking of smartphones, many of us are just as likely to log into a secure site from a mobile device as from a desktop computer. If that describes you, look for a password manager that can sync your credentials between your desktop and the mobile devices that you use. Most password managers use encrypted cloud storage to sync between devices. A few keep your data entirely local, syncing between databases on different devices without keeping anything in the cloud.
In addition to using your passwords on multiple devices, you may find you want to share certain logins with other users. Not all free password managers support secure sharing; many of those that do allow you to share the login without making the password visible. A very few let you define an inheritor for your passwords, someone who will receive them in the event of your demise.
Hypervault
Pricing starts at $2.50 per user per month
Security details are here.
This relatively new product, first launched in late 2018, was originally designed for internal use by its developers. Version 2, launched in April 2019, delivers on some of the company’s promises for a password manager that focuses on the needs of teams. The v2 release includes a revamped UI as well as group permissions and a rights-based structure for team members.
Pricing starts at $2.50 per user per month, with discounts kicking in at the 10-user and 50-user thresholds and additional discounts for annual purchases. The company has a well-documented changelog and roadmap, and a self-hosted version is listed as «coming soon.»
RoboForm Free / RoboForm Everywhere
Free version supports unlimited logins
Security information is here.
RoboForm celebrates its 20th anniversary in 2020, making it practically a senior citizen compared to some of its competitors. The free version supports unlimited logins and has clients for Windows, MacOS, Android, and iOS, as well as all major browsers. This version stores its credentials database locally, which means you’re responsible for backing up that data and syncing it manually between devices.
RoboForm Everywhere is a $24-a-year subscription service that adds cloud backup, sync, and 2-factor authentication features. It also includes a secure shared folder and the ability to designate a trusted contact to receive emergency access to your saved passwords in the event of death or serious illness (this option can also function as a form of password recovery). The Family option ($48 a year) covers up to five users, and business plans cost $35 per user per year. Discounts are available for multi-year purchases.
Introducing pass
Password management should be simple and follow Unix philosophy. With , each password lives inside of a encrypted file whose filename is the title of the website or resource that requires the password. These encrypted files may be organized into meaningful folder hierarchies, copied from computer to computer, and, in general, manipulated using standard command line file management utilities.
makes managing these individual password files extremely easy. All passwords live in , and provides some nice commands for adding, editing, generating, and retrieving passwords. It is a very short and simple shell script. It’s capable of temporarily putting passwords on your clipboard and tracking password changes using .
You can edit the password store using ordinary unix shell commands alongside the command. There are no funky file formats or new paradigms to learn. There is bash completion so that you can simply hit tab to fill in names and commands, as well as completion for zsh and fish available in the completion folder. The very active community has produced many impressive as well as for itself.
The command is extensively documented in its man page.
Using the password store
We can list all the existing passwords in the store:
And we can show passwords too:
Or copy them to the clipboard:
There will be a nice password input dialog using the standard (which can be configured to stay authenticated for several minutes), since all passwords are encrypted.
We can add existing passwords to the store with :
This also handles multiline passwords or other data with or , and passwords can be edited in your default text editor using .
The utility can new passwords using internally:
It’s possible to generate passwords with no symbols using or , and we can copy it to the clipboard instead of displaying it at the console using or .
And of course, passwords can be removed:
If the password store is a git repository, since each manipulation creates a git commit, you can synchronize the password store using and , which call or on the store.
You can read more examples and more features in the man page.
Setting it up
To begin, there is a single command to initialize the password store:
Here, is the ID of my GPG key. You can use your standard GPG key or use an alternative one especially for the password store as shown above. Multiple GPG keys can be specified, for using pass in a team setting, and different folders can have different GPG keys, by using .
We can additionally initialize the password store as a git repository:
If a git repository is initialized, creates a git commit each time the password store is manipulated.
There is a more in the man page.
