Bitobit Mithril Password Manager

{rw_text}Giveaway of the day for December 11, 2008 is Bitobit Mithril Password Manager.
[rssless]————————-{/rw_text} –>

{rw_good}

  • Easy to use.
  • Can be doubled as a note-taking tool.
  • Built in password generator.
  • Built in search tool.
  • Has an option to prompt for password if the program/computer has been idle for X amount of minutes (default is set to 4).
  • Supports multiple profiles.
  • You can install on a portable device, such as flash drive.

{/rw_good} –>

{rw_bad}

  • Developer does not elaborate on the algorithm/method used for securing your password.
  • Proprietary software that looks like it was made in Windows 95.

{/rw_bad} –>

{rw_score}
{for=”Features as Described” value=”10″}
{/for}
{for=”Ease of Use” value=”10″}
{/for}
{for=”Usefulness” value=”10″}
{/for}
{/rw_score} –>

I think I may have to reconfigure my rating system. This software does not deserve straight 10s, but I cannot really fault the software in the categories that I rate.

Anyway, installation and registration went fine. Vista users, however, will need to run this program as Administrator the first time to get it to work. At least I had to on my Home Premium 32-bit machine.

This program is pretty simple. And the developer saved me a bit of work by making a movie to describe how to use this software (note: I got this video off the developer’s website. I did not make it):

There are, however, a few things that are not mentioned in the movie.

  • There is a built in ‘find’ tool (Tools -> Find) that will search all entries for text:

  • You can carry this program around with you on a flash drive, or any other portable storage device. Go to Tools -> Install to removable device.
  • The program can be set to prompt for password if the program has been inactive for X amount of minutes (default is set to 4 minutes).

Here is the options menu (all settings are default in this screenshot):

Between the developer’s video, and my few sentences, that basically sums up this software.

I would, however, not recommend using this software, and this is why:

  1. The developer does not specify how the password used for each profile is protected (algothrim/method).
  2. This is proprietary software. Although the program has not done anything to help raise my suspicion, I do not feel comfortable storing my passwords on proprietary software.
  3. The program looks like it was made in Windows 95.

Free Alternatives:

KeePass

What is KeePass?
Today you need to remember many passwords. You need a password for the Windows network logon, your e-mail account, your homepage’s FTP password, online passwords (like website member account), etc. etc. etc. The list is endless. Also, you should use different passwords for each account. Because if you use only one password everywhere and someone gets this password you have a problem… A serious problem. The thief would have access to your e-mail account, homepage, etc. Unimaginable.

KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish). For more information, see the features page.

-KeePas Developer

—-

KeePass is an excellent program you can use for storing your passwords. It has many features, the interface is pleasing, and it is very easy to use. Best of all, it is open-source and OSI certified so you can store your passwords in peace.

RoboForm

RoboForm makes logging into Web sites and filling forms faster, easier, and more secure. RoboForm memorizes and securely stores each user name and password the first time you log into a site, then automatically supplies them when you return. RoboForm’s powerful Logins feature eliminates the manual steps of logging into any online account. With just one click RoboForm will navigate to a Web site, enter your username and password and click the submit button for you.

Completing long registration or checkout forms is also a breeze. Simply click on your RoboForm Identity and RoboForm fills-in the entire form for you. You no longer need to remember all your passwords. You remember one Master Password, and RoboForm remembers the rest. This allows you to use stronger passwords, making your online experience more secure. RoboForm uses strong AES encryption for complete data security.

-Download.com

—-

RoboForm is an excellent software. I actually forgot about it until Fubar mentioned it (thx bro). Although not open source, it is so widely used, it is pretty much verified as being secure. It has gotten many rewards by reputable magazines/websites. In comparison to KeePass, RoboForm has better integration with browsers if you are using Firefox or Internet Explorer (RoboForm does not work with Chrome or Opera). RoboForm’s free version, however, is a bit limited. Click here to see difference between free and pro.

PINS

PINs is a free feature-rich Windows program for safe and comfortable storing of any secure information like passwords, accounts, PINs etc. PINs uses a secure 448 bit Blowfish algorithm to ensure the data are not crackable. The password used for securing access to stored data is not saved anywhere.

PINs does not require installation and does not need any special dlls, drivers or system files which can mess up your system. This means that PINs can run directly from floppy – including data files – without installing anything. This is extremely useful if you wish to easily access your data on other computers as well.

-PINS Developer

—-

Originally I had decided to not put PINS on my free alternatives list but since people have mentioned it in the GOTD comments list, I figure it can’t hurt my readers if I comment on it. The reason I had decided not to put PINS as a free alternative is because the software is is 5 years old. The last version was released in 2003 and considering there was a whole operating system released during the 5 years, this is a big con. Although PINS is a really nice software (a good program in 2003 is still a good program in 2008), and definitely is better then Bitobit Mithril Password Manager, I prefer KeePass because KeePass is constantly being developed and updated. PINS, however, is also OSI certified just as KeePass.

AnyPassword (thx caulbox)

AnyPassword is an easy-to-use tool that lets you store and arrange all your passwords, user IDs, and related information in a tree form. The program saves this information in encrypted files which can be protected by a password. So, the only thing you need to remember is the password for the file. AnyPassword can also generate random passwords with specified parameters (length, used characters, etc.). You can find any stored information using the incremental search feature.

-AnyPassword Developer

—-

The situation with AnyPassword is similar to with PINS. I had decided not to put this on my free alternatives list because the last released version was in 2005. Plus AnyPassword is not open source as far as I know.

PMnet Verdict: All four of the free alternatives I mentioned above are better then BitoBit Mithril Password Manager. In my opinion, KeePass and RoboForm are better then AnyPassword and PINS just because they are being constantly developed. KeePass and RoboForm both are excellent software and either one will keep your passwords secure. The main difference between KeePass and RoboForm is that RoboForm has better browser integration then KeePass for Firefox and Internet Explorer. But if you have Chrome or Opera, there is no browser integration with RoboForm. So, I recommend KeePass because KeePass is a program that works outside the browser (as opposed to RoboForm which works as a plugin in FF/IE) and thus will work with all browers, is open source, has are no limitations on the software (RoboForm free version has limitations), and I personally do not like the browser integration of RoboForm. KeePass is my recommendation for password management.

[/rssless]

Share this post

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

9 comments

  1. watcher13

    Not to try and get the last word or blow smoke up your butt. This has been said many times. I think the most succinct version is by Socrates, but I couldn’t find it. I give you then Confucius:

    To know that one knows what one knows, and to know that one doesn’t know what one doesn’t know, there lies true wisdom.

    You may be closer than your modesty will allow you to admit.

  2. Ashraf
    Author/

    Nice quote Harry12.

    Watcher13, this is the way I see it:
    With proprietary software, the people looking at the code/structure will mostly be hackers. There will not be as many people looking to see how secure the program is, or trying to find the vulnerabilities because it is harder to test for vulnerabilities proprietary software as opposed to open source.

    In open source, there are going to be people who are constantly testing the code for vulnerabilities, frankly, because they can. So although hackers will also find it easier to get into open source software as opposed to proprietary, there is a bigger and stronger force/number of people trying to work against the hackers as would be with proprietary software. Not to mention when a vulnerability is found, it is usually patched more quickly with open source software as opposed to proprietary.

    As for the animation…I can’t take credit for that. The developer made that. I just put it in my review :D

    And free alternatives updated btw. Just got home from taking one of my finals and had some time on my hands so decided to update them.

  3. harry12

    .
    Bruce Schneier writes:

    “As a cryptography and computer security expert, I have never understood the current fuss about the open source software movement. In the cryptography world, we consider open source necessary for good security; we have for decades. Public security is always more secure than proprietary security. It’s true for cryptographic algorithms, security protocols, and security source code. For us, open source isn’t just a business model; it’s smart engineering practice.
    Bruce Schneier, Crypto-Gram”
    .

  4. watcher13

    Like the animation. Man, you put a lot of effort into these. But…. I just want to play devil’s advocate for a moment. You’ve likely heard this before, but it has just popped into my small brain. Although I think you’re on the right track, couldn’t it be argued that open source security software is less secure, since everybody has availability to the code. That means they can spend as much time as possible in trying to hack it. On the other hand, you can hack anything if you try hard enough, and I believe I understand that some of your objections to unreleased security software code are: 1. how do you know if their code is secure enough to protect data 2.how do you know if the developer isn’t writing a password hijacker.

    Just wondered, however, your opinion on the opposite argument. How do you like that? You put all this work into testing software in the middle of the night and writing a detailed review and some boob poses a conundrum. Doesn’t pay to get out of bed somedays, does it? :)