[Android] Best free password manager

Some of us use the same password for every login. (Very bad idea.) If you are one of these people, you don’t require a password manager. (Unless, of course, you need a password manager to remember all your usernames. Would it then be considered a username manager? o_O) However, many of us don’t use the same password for all logins. While we may not necessarily have a different password for every login, we do use multiple different passwords for our logins and need help remembering them. (There is no shame in needing assistance to remember login information.) This is why God created password managers.

Take note while the norm for password managers in Windows is to be highly integrated with the Internet browser (i.e. how Roboform shows a popup window whenever you load a login page), password managers are more simplistic on Android: They typically aren’t integrated with the Internet browser, but rather they serve as a visual reference which you can look at before you go to login. In other words, with password managers on Android you look at the login information, store it in your short-term memory, and login before you forget the login information. Android password managers don’t perform “automated logins” – they don’t enter the username/password for you into websites. (Most of them don’t right now, anyway; Android password management may evolve in the future to include automated logins.)

This article is part of our Best Free Android Apps repository. Feel free to drop by when you have time!

Table of Contents

Best Free Password Manager

App Name: KeePassDroid

Developer: Brian Pellin

Download Size: 943 KB

Version Reviewed: v1.9.2

Requires: Android 1.5 and up

Pros

  • Allows users to easily create and easily access login data.
  • All login data are stored in an encrypted and password protected database.
  • Allows users to easily copy username and/or password to clipboard for easy pasting when logging in.
  • Hides passwords behind astricks, giving users the option to temporarily show passwords if they want to see them.
  • Has the ability to automatically logout of KeePassDroid after inactivity.
  • Has the ability to automatically clear clipboard after a username or password has been copied.
  • Supports the use of keyfiles, for enhanced security.
  • Allows users to have multiple different databases.
  • Can be installed in/moved to the SD card.
  • Can generate secure passwords.
  • Ads-free.

Cons

  • Does not have the option to have a KeePassDroid icon in the notification bar for app quick access.

Discussion

KeePass is a free, open source (and highly popular) password manager for Windows, Linux, and Mac. KeePassDroid is the Android version of KeePass. As such, it includes all the excellence and security of KeePass… in ‘droid form.

In terms of storing passwords, KeePassDroid provides the same basic password management functionality as all other password managers for Android. What makes KeePassDroid more attractive than the competition is its combination of simplicity and security:

Simplicity

  • KeePassDroid is very simple to operate and easy to use. There are only two things users have to worry about in regards to password management: Groups and entries. Groups are simply a way to organize login entries; you can think of them as folders. By default KeePassDroid comes with “eMail” and “Internet” groups, but you can add more if you feel the need or even delete “eMail” and “Internet” if you feel inclined to do so. Entries are what store login data. An entry is comprised of entry name, entry icon, login URL, login username, login password, and comments. All entry data is optional except for the entry name: You can pick and chose which fields to fill in and which fields not to fill in.
  • Accessing login information is as easy as selecting the group the entry is located in and tapping on the login entry you desire. When you click on the login entry, two things happen. Firstly, you are shown the information associated with that login entry. For security purposes, the password is masked with astricks but you can manually temporarily show it by pressing the menu key and tapping “Show password”. Secondly, KeePassDroid adds two items to your notification bar: Copy password to clipboard and Copy username to clipboard. These notification bar entries allow you to easily copy the username and/or password to Android clipboard so you can paste it in wherever you are logging in.

Security

  • KeePassDroid encrypts its databases using Rijndael AES. For those that don’t know, this is a very secure algorithm.
  • In addition to requiring a master password to access databases, KeePassDroid supports the use of keyfiles for additional authentication security. (Keyfiles, however, are optional – you don’t have to use them if you don’t want to.)
  • For all login entries, KeePassDroid masks passwords with astricks. This prevents wondering eyes from seeing your passwords. You do, of course, have the ability to temporarily show passwords (Menu key -> Show password) or turn off the masking totally (from the settings).
  • KeePassDroid has the ability to automatically logout of the database after 30 seconds, 1 minute, or 5 minutes of inactivity. (You select whether you want 30 seconds, 1 minute, or 5 minutes. You also have the ability to disable this option.)
  • KeePassDroid has the ability to automatically clear Android clipboard 30 seconds, 1 minute, or 5 minutes after a username or password has been copied. (You select whether you want 30 seconds, 1 minute, or 5 minutes. You also have the ability to disable this option.)
  • KeePassDroid does not have internet access privileges. This means piece of mind for users; without internet access privileges there is no way passwords are being shipped off to some server in the middle of not here.

That said, I would like to point out three things:

  • If you use a clipboard manager, every time you copy a username and/or password from KeePassDroid, the clipboard manager will record it. KeePassDroid is able to clear Android’s clipboard but it cannot clear a clipboard manager. Your usernames and/or passwords will be recorded in the clipboard manager. Be aware of this fact.
  • KeePassDroid uses .KDB databases. Since KeePass also uses .KDB databases, that means you can import/export data from your Windows (or Linux or Mac) to/from your Android phone. (However, take note KeePassDroid does not use .KDBX databases. It can read, but not write, .KDBX databases.) You can use an app like Dropbox to sync the databases across all your devices and machines.
  • KeePassDroid does not have the native ability to import passwords from other password managers (such as Roboform passwords). However, as I just mentioned KeePassDroid can import/export .KDB databases from the desktop version of KeePass. The desktop version of KeePass has extensive support for importing passwords from other password managers. If you use a password manager on your desktop other than KeePass, you can download KeePass, import the passwords from the other manager into a .KDB database using KeePass, then export the .KDB database onto your Android phone so KeePassDroid can use it. In about 10-15 minutes you can have the passwords stored on your desktop onto your phone.

Lastly, there is one issue I have with KeePassDroid. In my opinion, it is reasonable that a user may heavily use KeePassDroid. It gets very annoying to have to navigate to KeePassDroid on the homescreen (or in the app tray) whenever you want to access it. I would like KeePassDroid to have the option of placing an icon in the notification bar which would allow users to access KeePassDroid with the tap of a button.

To conclude, sure KeePassDroid may not have a very fancy interface, but the combination of simplicity and security and interconnectedness with the desktop version of KeePass puts KeePassDroid at the top of my list as the best free password manager for Android.

Runner Up

App Name: Pocket

Developer: Tim Clark

Download Size: 1.3 MB

Version Reviewed: v2.5

Requires: Android 1.6 and up

Discussion

Like KeePassDroid, Pocket allows users to save login (username, password, and notes) information. However, in addition to that, Pocket provides users with the ability to save many other types of information such as bank account details, credit card information, insurance information, and a lot more other categories. Pocket also has built-in support for Dropbox sync, whereas you must manually do it with KeePassDroid. Supporting more types of information, however, makes Pocket a bit more cluttered and “harder” to use than KeePassDroid. I put harder in quotes because Pocket really isn’t that hard to use.

In regards to login information, like KeePassDroid, Pocket masks passwords and allows users to copy usernames and/or password. (Uou must tap the username/password in Pocket to copy it; there are no shortcuts put in the notification bar.) Pocket also has the ability to automatically logout after X time of inactivity.

In my opinion, the biggest attraction of Pocket over KeePassDroid (aside from the obvious fact that Pocket supports more types of information) is Pocket’s interface. Pocket’s interface is very well designed, as opposed to KeePassDroid which is basically just black. On the other hand, however, Pocket shows ads so it requires internet access privileges. (You can purchase Pocket Pro about $2.20 USD to get rid of the ads.) According to the developer, Pocket uses AES encryption and SHA hashing to protect you, so there shouldn’t be anything to worry about regarding internet access. However, for the truly paranoid (like myself) internet access in a password storage app is a deal-breaker.

Overall, I feel the final decider between KeePassDroid and Pocket will come down to simplicity vs features. If you are looking for a simple, secure password manager KeePassDroid is the way to go. If you are looking for a password manager with other functionality, Pocket is superior.

If you do end up going with Pocket, let me give you a heads up about something so you are aware. When trying to access Pocket, you are asked to enter the master password. At that same screen there is a question mark button in the top right corner. When the question mark button is tapped, it tells users a password is required to login and shows a “Forgot” button for users that forgot their password. This “Forgot” button does not remind you of the master password. Rather, it gives you the option to completely delete the whole database and start from scratch. Anyone can access this and erase the database. If you piss someone off and they know about Pocket, they can get back at you by wiping your whole database via the method I just described. I highly suggest you consider using an application locker on Pocket to avoid being ****ed by someone.

Honorable Mention

App Name: B-Folders

Developer: JointLogic Ltd.

Download Size: 327 KB

Version Reviewed: v2.9.2

Requires: Android 1.6 and up

Discussion

Like Pocket, B-Folders manages users’ login information and then some. However, in regards to password management B-Folders is not as good as KeePassDroid; in regards to support for other types of information, Pocket has B-Folders beat. Plus out of all three apps, B-Folders probably has the most confusing interface. (Although, it isn’t that bad either.) However, what makes B-Folders a competitior is its native sync feature.

B-Folders has the ability to sync your data with other B-Folder apps on your desktop, laptop, smartphone, and/or tablet. It should be noted, though, while B-Folders is free on Android (smartphone and tablets), it costs $29.95 USD on desktops/laptops.

Other Alternatives

https://market.android.com/details?id=com.jointlogic.bfolders.android

Share this post

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

15 comments

  1. mrlee

    Hello Ashraf, I recently purchased a Samsung Galaxy Tab 3 and I am going through the process of adding apps and ‘personalizing’ the device. When I needed some info on password managers I turned to Dottech for some ideas on what was available for Android. After reading your article on “KeePass”, I was sold. I would like to commend you on how well written the review on “KeePassDroid” is. I have used “KeePass” on all my computers for years and years and I am a big fan. So I was happy to see a version was available for my tablet. However, I did have some questions and concerns, but you addressed every one of them and others I hadn’t even thought about,(yet)! Thank you for the obvious effort you put in your work. I, (and others I’m sure), are very appreciative. — Best regards, Mister Lee

  2. android apps

    My programmer is trying to persuade me to move
    to .net from PHP. I have always disliked the idea because of the
    expenses. But he’s tryiong none the less. I’ve been
    using Movable-type on several websites for about a year
    and am nervous about switching to another platform. I have heard excellent things about blogengine.
    net. Is there a way I can import all my wordpress posts into it?
    Any help would be greatly appreciated!

  3. leland

    Has anyone here tried mSecure as seen at https://msevensoftware.com/ I would be curious what your take on it would be. I am looking to replace my current password management system with something that would allow me to sync between the Windows and Android. I prefer something that can automatically log me into sites rather than having to go through copy and paste schemes. Thanks.

  4. alex mills

    Hi can somebody tell me if it is actualy encrypted and safe to sync my Pocket app into Drop Box,
    the last thing I want ironically is that all my Bank accounts, passwords and numbers to be on public view through Drop Box not familiar how DP works so Im paranoid to sync the app to the Drop Box.
    Has any one else done this and as long as I don’t put the Secure Wallet folder into the Public folder, nobody can access it right?
    pleeeeease help, the owner doesn’t reply and don’t know who else to ask
    cheers

  5. Alina

    I have been using “my password manager” my password manager from past 3 months and its far better than its other alternatives. It has innumerable ways to recover your password, updates dont corrupt my data and i can easily transfer data from one phone to other. Moreover since i am a french it supports french language as well!!!

  6. Ashraf
    Author/Mr. Boss

    @daniella: ???

    @Uffe: True KeePassDroid is only for logins but Pocket and B-Folders (runner up and honorable mention, respectively) is for more than logins — they store other data too, like CCs, bank accounts, etc.

    @Petr S: Thanks! I will look into it next time I revise this article.

  7. Uffe

    Well, one shortcoming is that you are locked to a specific type of record. Only websites, would be nice to also have credit cards and such, not just the url/username/password like combination, but any combination of data would be nice. I thought that the also free app password safe pro was nice, it had the option to make templates for my different data profile needs (credit cards, webserver, etc.). But it can’t sort the order of the data fields, so it looks messy.

  8. RedJ

    +1 on KeePass. My PWs are sync’d between my desktop and phone, so I always have what I need with me in a secure format. Great for organizing.

    You keep picking the apps I already use, so you must be very good at evaluating apps =)