[Windows] Best free password manager program — LastPass vs Dashlane vs KeePass vs Roboform
October 14, 2012 38
Email article | Print article 
Experts always recommend using different passwords for different logins. Any normal person cannot possibly follow that advice and memorize all their usernames and passwords. That is where password managers come in. Password managers securely store your usernames and passwords so you don’t have to remember them — you just need to remember the one master password that opens the door to all your passwords. This article looks at the best free password managers available for Windows.
Take note that while the main focus of this post is to look at password management capabilities, most all of the software discussed in this review have additional functionality such as the ability to remember form data, addresses, credit card numbers, notes, contacts, etc.
This article is part of our Best Free Windows Software series. Check out this link for more articles like this.
Table of Contents
Best Free Password Manager
Program Name: Dashlane
Developer: Dashlane SAS
Download Size: Unknown
Version Reviewed: v1.6.0
Requires: Windows XP/Vista/Win7
Works on Mac OS X 10.6 and higher, too
Pros
- Allows users to store unlimited logins (usernames and passwords)
- Logins can be sorted into specific categories, e.g. email or social media
- Has excellent browser integration — supports Firefox, Chrome, and Internet Explorer
- In addition to logins, users can store credit card numbers, bank accounts, contacts, social security numbers, tax ids,
notes, and more- UPDATE: It looks like notes are only available in Premium (paid version) now.
- Has an optional built-in receipt tracker to help you keep track of your purchases, online or offline
- Has a built-in tool that tells you how strong your passwords are
- Can generate random passwords
- Secures data with AES 256 encryption
- Has the ability to sync data across Dashlane on all computers and devices — Windows, Mac OS X, Android, and iOS
- Sync is optional — users can opt to keep data stored locally only
- Has the ability to import data from LastPass, Roboform, KeePass, Password Wallet, 1Password, Chrome, Firefox, and Internet Explorer
- Has a web version for access to your logins when at a computer which doesn’t have Dashlane installed
Cons
- Android and iOS apps are very simple
- Developer is very coy how much mobile support is available in the free version
- Sync is enabled by default — users have to manually opt out of sync (from Sync -> Open Sync Preferences) if they don’t want it
- Does not support Opera
- Does not support 64-bit version of Internet Explorer
- Web version is a hassle to log into
Discussion
Dashlane is a new password manager (came out of Beta earlier this year) that can best be described as a mix of Roboform and LastPass. With Dashlane users have the ability to securely store their logins. These logins can then be kept locally on your computer only or synced with your Dashlane account and accessible on any computer or device that you install Dashlane on. Currently Windows, Mac OS X, Android, and iOS are supported by Dashlane so with the sync feature you could potentially have your logins on every computer or device you use.
The best part about Dashlane is it has excellent browser integration. If you use Firefox, Chrome, or Internet Explorer, Dashlane will install a plugin that allows you to easily log into websites using a few clicks. Unfortunately, however, Opera is not supported at this moment and the 64-bit version of Internet Explorer is not supported, either. (For those of you who are 64-bit users: the 32-bit version of IE is run by default even on 64-bit Windows, so unless you are specifically using 64-bit IE, this isn’t something you should worry about.)
Aside from logins, Dashlane allows users to store:
- Contacts
- IDs
- ID Card
- Passport
- Driver’s license
- Social security card
- Tax numbers
- Payment info
- Credit cards
- Debit cards
- PayPal
- Bank accounts
Notes- UPDATE: It looks like notes are only available in Premium (paid version) now.
- Purchases (aka receipts tracker)
Take note that all the above is text-only — you cannot store images. So, for example, for your passport you would have to manually input your passport data… you cannot store an image of your passport.
All the above is password protected with a master password (that you set and only you know) and is encrypted with AES 256. Of course even though the developer claims AES 256 encryption is used and that no one has access to your master password (aka your data should be fairly secure), there is still an element of blind trust you must put in the developer if you use their sync service because, as the Dropbox debacle showed us last year, without an independent security audit there is no way to verify the claims of a company.
Moving on, it isn’t necessarily Dashlane’s features that makes it the best free password manager. After all, programs like LastPass, KeePass, and Roboform can pretty much do what Dashlane can, too. What makes Dashlane different than the others is that sync capability. You see Dashlane gives users the ability to sync their data across devices and computers, yet it doesn’t force users to use sync. In other words, if you are one of those types of people that doesn’t trust the cloud then you can keep your data local and not sync. If you do trust the cloud, you can sync. Most, if not all, free password managers are either or — they are either totally cloud-based or are totally local. Dashlane stands out above the crowd in this area and this, combined with its vast features, is what makes Dashlane great.
Of course no program is perfect and I have three issues with Dashlane.
Firstly, the developer is very coy about exactly what type of mobile support the free version of Dashlane provides (Dashlane comes in free and premium flavors — free version has full desktop support). The developer says the free version of Dashlane has “limited” support for “Dashlane Mobile Apps” yet does not tell us exactly how support for mobile apps is limited. This is very confusing because there are free Dashlane apps on Android and iOS that sync with your Dashlane account (you need Dashlane on Windows or Mac OS X to use the Android or iOS versions) but we don’t know if the apps are truly free or what. For what it is worth, I downloaded and tested Dashlane’s Android app and I don’t see how it is “limited” — it syncs my data just fine despite me only having the free version of Dashlane.
The second issue I have with Dashlane is also mobile related. I don’t know about the iOS app since I don’t have an iDevice and didn’t test it, but the Android version of Dashlane is very basic. Dashlane on Android is just a simple password manager that shows you your data and allows you to copy it; you can’t even store new logins with Dashlane on Android. This makes Dashlane on Android no better than other password managers on Android; in fact not being able to store new logins makes it inferior to the competition. Of course the fact that Dashlane on Android syncs with your Dashlane account is the redeeming feature but, still, the app is very basic and could be improved.
Lastly, the web version of Dashlane allows users to access their logins from computers that don’t have Dashlane installed. However, logging into the web version from a new computer is a pain — you have to first authenticate the new computer by logging into your e-mail or using your phone to get a code. I understand the developer has this extra authentication step for security purposes but it sort of kills the use of the web version of Dashlane. I’m sure there are better ways to go about logging in through the web, such as one-time passwords.
Runner Up
Program Name: LastPass
Developer: LastPass
Download Size: Unknown
Version Reviewed: v2.0.2
Requires: Windows 2000/XP/Vista/Win7
Works on Mac OS X 10.5+ and Linux, too
Discussion
LastPass is an excellent free password manager. While it may not be the first cloud-based password manager, it definitely pioneered the industry and is now known as one of the premier password managers out there… despite being free.
In terms of features, LastPass is very much like Dashlane. LassPass allows users to store unlimited logins (usernames and passwords) and other information, such as form data and notes; LassPass has great browser integration (supports Firefox, Chrome, Internet Explorer, and Opera); LastPass secures user data using a master password plus AES 256 encryption; has a web version for computers that don’t have LastPass installed; and more. In fact, in some areas LastPass beats Dashlane such as the ability to use one-time passwords or virtual keyboards for logging in via the web on a computer that doesn’t have LastPass installed, and multifactor authentication support via Google Authenticator. However, there are two areas LastPass falls short when compared to Dashlane, which is why LastPass is runner up and not number one.
The first “issue” with LastPass is that it is totally cloud-based. Whether you like it or not, if you use LastPass then your data is stored in the cloud. As already mentioned, LastPass says no one has access to your data (courtesy that master password and encryption) but many people aren’t comfortable with storing their passwords, and other data, in a server so far away from home. I put issue in quotes because this may not be an issue for some people but it will be for others. It all depends on your personal tastes and preferences.
The second issue with LastPass is the free version does not support any mobile devices. With the premium version of LastPass you get more mobile support than Dashlane — Android, iPhone, BlackBerry, Windows Phone, and more. However, the free version of LastPass supports only desktop operating systems.
Of course the above two issues may be non-issues for some and LastPass is still an excellent password manager so don’t feel bad about grabbing it, if you don’t like or want Dashlane.
Honorable Mention 1
Program Name: KeePass Password Safe
Developer: Dominik Reichl
Download Size: 2.4 MB
Version Reviewed: v2.20.1
Requires: Windows 2000/XP/Vista/Win7/Win8
Discussion
KeePass is another excellent password manager that offers most/all of the features expected of password managers — KeePass stores usernames, passwords, and lots of other types of information, and uses secure password protection and encryption to protect your data. However, KeePass brings something slightly different to the table than the previously mentioned LastPass and Dashlane — open source and portable goodness.
You see KeePass is Open Source Initiative certified. This means anyone and everyone can view the source code for KeePass, which helps with third party audits to ensure it is a safe program. Both LassPass and Dashlane are not open source. The other unique aspect to KeePass is it is portable. This means you can throw KeePass on a USB flash drive and carry your logins with you wherever you go, without having to store your information in the cloud.
With two big advantages over LastPass and Dashlane, why is KeePass an honorable mention and not #1 or #2? For two reasons.
As useful as being open source and portable is, the fact that KeePass has poor browser integration (it isn’t even close to how seamless Dashlane and LastPass are when logging in or filling out forms) really hurts the usefulness of the program. The other point is KeePass has no native way to sync to other devices. I know that many people don’t trust the cloud, but many people do trust the cloud (or, at least don’t not trust the cloud) so not having such a feature hurts KeePass’s usefulness in the age of cloud computing. On the bright side, there is a redeeming factor to the lack of sync capability: KeePass’s database (the one that stores your data) is extremely portable. In other words, you can manually copy/move KeePass’s database to other devices and computers if you want to “sync” your logins across multiple devices (e.g. KeePassDroid on Android can use KeePass’s database to allow you to bring your passwords to your Android device). However, manual isn’t the same as automatic.
Honorable Mention 2
Program Name: Roboform
Developer: Siber Systems, Inc.
Download Size: 12 MB
Version Reviewed: v7.8
Requires: Windows XP/Vista/Win7
Discussion
Similar to how LastPass pioneered cloud-based password management, Roboform is one of the oldest and best desktop password managers for your computer.
Overall, Roboform is an excellent feature-filled password manager with great browser integration. However, the free version of Roboform is limited to only 10 logins. That effectively kills it as a password manager. However, it is still a damn good password manager and deserves some sort of recognition.
(For what it is worth, you can purchase Roboform Pro for $30 and get unlimited logins or purchase Roboform Everywhere to get your data synced across multiple devices. There is also a portable version of Roboform Pro, if you are interested.)
Other Alternatives
![[Windows] Encrypt external USB drives and internal hard drives with Protectorion ToGo](http://cdn.dottech.org/media/2013/05/Protectorion-ToGo-134x90.png)
![A log file that is… 56 GB large?! [Image]](http://cdn.dottech.org/media/2013/05/wtf_log-134x90.jpg)
KeePass = no 1 precisely for the reason you mention as “con”
No Cloud sync. Passwords would have to be the last thing I’d put on the Cloud.
Also the Portable database is brilliant. Just copy to USB stick. I use this and it works well. Same with just copy the DB to phone, laptop etc. Android app for keepass is great and is really easy to use.
OK so browser integration may not be as intuitive but it is completely configurable – I have quite complicated forms that get filled automatically on the press of a hot key.
I actually prefer a little more control over things sometimes rather than being spoon-fed “automatic” things that don’t quite work they way I want.
I would also suspect that keepass has the largest number of other platform versions for those who are not wedded to IOS / android / windows.
Thanks for the great review. Trying to “rank” the programs based on what it is assumed users would prefer, may not be completely valid, but your discussion is brilliant to allow people to choose what would suit them.
Very pleased to see comparative reviews back on dottech
Thanks
@njwood60: I understand your points — to everyone their own, right?
Thank you for the kind words — and you are welcome!
To date Roboform is the only password manager that displays the whole password (actually anything you’ve typed) for web pages where selected (and variable) characters must be manually filled.
E.g. Ch 3, Ch 7, Ch 9 via drop-downs.
These can’t be autofilled. All financial sites I’ve used require this, on the 1st or more usually the 2nd page. Any password manager without this is useless to me by comparison.
Does Dashlane do this? (Roboform calls these ‘Turing’ logins – when v7 came out this was broken for about a year).
I use Lastpass and my one complaint is that it does not automatically sign out in Chrome. In Firefox and Internet Explorer, it will sign out after the time delay.
Thanks for a great review, Ashraf. I actually had never heard of Dashlane until your post, so I will definitely check it out!
I currently use KeePass and I am mostly satisfied, but the browser add-on for Firefox can be a bit buggy at times when updating and with certain websites. The only free iOS third-party app that I know of that supports KeePass is MiniKeePass, which works fine. There are several other paid options (one-time fee) as well. I downloaded KyPass 2 at some point when it is was on sale and it works quite well. It also integrates into Dropbox seamlessly.
I have considered a move to LastPass, but the iPhone paid subscription usually is the reason I don’t. The recent reviews for the iOS app are also quite negative, mostly due to the poor design and limited functionality.
I’m surprised you didn’t include Sticky Password. IMHO it deserves a review instead of being listed as an alternative.
IMO it is better than Roboform. I can’t comment on the others as I’ve never used them and never heard of Dashlane until today.
I was using Sticky Password for a number of years and was very impressed with it. I upgraded to PRO V 5 through GOTD and used it for awhile.
When I bought my new PC I purchased V 6. (if you own an older version, one can purchase the latest version at 40% off the purchase price.)
The free version allows for 15 accounts vs only 10 for Roboform. While Sticky Password states there is no support for the free version, there is a forum (for both free and pro versions) where one can obtain help. It also has a portable version as well.
I’ve been impressed with their help and support. Not only that but when I pointed out a problem with the program on certain web pages, they looked at it, kept in touch with me about it, and within a couple of days had fixed the problem so that others wouldn’t experience it also. They also thanked me for pointing it out.
To me that earned my loyalty.
As for Sync and Cloud that isn’t important to me, so isn’t relevant for me.
I’ve been using Dashlane since its Beta and love it. The biggest factor for me on any program is customer support, and Dashlane has the best CS of any password manager I’ve ever used, the 2 problems I had with Dashlane (Firefox integration on first install and password failure after updating recently) were both solved within 24 hours of reporting them.
With other password managers I have used it has taken days to weeks for them to solve an issue, sometimes longer, and if you depend on a password manager a lot it can be a real pain in the rear end not being able to log into a site for a extended period of time.
Who is paranoic please do not read this .
Others can check this tools , SecureSafe and Mitto .
http://www.securesafe.com/en/
http://mitto.com/
Thanks for the detailed review!
It got me checking sites and features for Dashlane, LastPass and KeePass. I’m going to try KeePass to see if it meets my needs – running a portable app from a USB stick means I can access passwords at work if needed, without logging in to a cloud-based data farm.
All three appear to allow ways to group sites, allow notes, etc. And all three seem to be a step up from my lifetime license for Roboform that they “broke” a while ago to get more money from me. Not likely!
Thanks for pointing out Dashlane, which I am hearing of for the first time right now. It sounds like it may suit my needs very well.
I have tried all the others, and rejected them for one reason or another, all mentioned by someone or other here. I do like Keepass, for some things, at least. LastPass I set up an account long ago but then decided I really didn’t like it for whatever reason, and used it only a very brief time.
My only question right now is how they have decided to store their data … hopefully, they use a “seed” in their cryptographic hash ( http://en.wikipedia.org/wiki/Salt_%28cryptography%29 ) … I hope to discover whether that is true before I trust such data to the “cloud”. I am encouraged that DashLane does not demand storing to the cloud, though. Unfortunately, some major security breaches where password hashes were stolen, have revealed that companies who ought to know better don’t use “salt”. That means that every user who uses the password “password”, “123456″, etc., are immediately discovered without requiring any computer power on the part of the hacker, but only a simple database table lookup.
I hope to try Dashlane out soon, after doing a bit of research.
Lastpass can be used (for free) on mobile devices via bookmarklets.
@Mr.Dave: Exactly how did Roboform break your lifetime license?
@Finell: When new version came out, they wanted me to pay for the upgrade. The version I had (6.something) quit working with newer versions of Firefox. Technically, Mozilla broke Roboform, but since Siber Systems quit honoring the license I had (yes, it covered upgrades) rather than make the fix available to me, I blame Siber Systems for my loss of functionality.
@ashraf. As usual, a great summary and importantly, readability.
Of course the chances of getting volunteers to do it at this level are pretty tiny… as I mentioned in my “Reviewers Request” post.
The few that can do it, usually are too busy chasing a buck. – Or a small daughter around the house! :-)
But your member’s comments here are always useful too, reminiscent of your days in GOTD.
Thanks for all the help.
@njwood60:
It all depends on how well the password manager implements its encryption. Keepass, for example, does 6000 rounds of encryption out of the box, and you can increase this to any number to slow down the time to initially unlock the data base. Even if you’re using a GPU for brute forcing, this will put a crimp in your works
Have you (DotTechies) got McAfee free site adviser ?
If you have read on. If you do not, then you must stop reading immediately.
I was Researching ( Cough! ) today’s BitsDuJour free giveaway of a password Manager. Someone mentioned LastPass.
I Googled for it, and LastPass DOT com was the first hit.
I clicked on it, and McAfee went berserk, and blocked a malicious something.
On further careful investigation I discovered that the malicious link is identical to another one that I found (which is also the one that Ashraf links to above).
The malicious one starts with http://
The safe one starts with https://
OOPs when I typed the above I intended to say that I found another link that DID NOT trigger McAfee, and that safer link was identical to Ashraf’s
@Rob (Down Under): Maybe McAfee can’t scan HTTPS links, which are encrypted. Or the link is spoofed, mis-identified, or just insecure.
You should double check with URLVoid, VirusTotal, etc. and report any false positives.
About the LastPass free giveaway, I see nothing on Google, even with specific site: searches. Are you sure it exists, at least publicly?
Edit: actually it’s ‘Password Depot’ right?
@J.L.:
Yes, the BitsDuJour giveaway (for one day) is ‘Password Depot’.
When I was browsing their giveaway page, someone mentioned the free LastPass, which is what got me Googling
How about ForgetPass.com? It does even have a registration and sign in page. And all your passwords are encrypted and stored locally on your computer.
My guess is that the URL you clicked on was not LastPass.com but some horsebull bit.ly cloaked link (which I never click on) or even a camouflaged link that took you to infection site.
Actually, LastPass has fantastic mobile support. Without downloading the app, I have used it on iOS devices by syncing “bookmarklets” in Safari.
This means you can log into LastPass on the mobile website, enter your credentials and then, when you, come across a website log in page, you just select the bookmark and it runs javascript which logs you in. You can configure how long your bookmarklets remain active for once you log into a device.
It is a huge time saver and actually makes storing your passwords in a password manager more convenient.
Dashlane is interesting, but I already uninstalled it. For one thing, the text is WAY too small. The other thing is that it didn’t work on most websites that I tried. Scrolling the mouse wheel didn’t work half the time either.
Sticky Password actually works much better, but the problem with Sticky Password is that it too uses WAY too small of text, making it a pain to use. Plus the author doesn’t mention a single word about what security he uses, like salt or hashes etc. And its way overpriced.
I have been using Lastpass for a few years now, and it works on most websites and the text is larger because its viewed in the browser window where you can increase the text size. I also use a Yubikey with my Lastpass.
Keepass I haven’t used for years. It lacks the auto filling ability most others have.
Kaspersky also has their own password manager, but the text in it is also way too small. Apparently they must be using low resolution monitors.
Just one question that I have,I wonder if any company can somehow upload your information at anytime they want? probably but who would know? any input on this?