Top 5 Password Managers

2012 is the year of password theft, according to SecurityCoverage. The security software company says that in the first six months of 2012, online password breaches increased 300% over the same period in 2011.

Maybe you've done okay so far using the same passwords for years, or using the same password for multiple sites so you don't have to keep track of lots of different ones. Maybe you hope that password theft is so rampant that your password will slip past thieves unnoticed. But the time of hoping and crossing your fingers is over if, like many people, you've started storing corporate data in the cloud.

Until companies figure out a better way to protect their data in the cloud, the best solution is to enforce higher security with password managers, said Amber Gott, marketing associate and online community builder at LastPass. Awareness that the tools exist is the first step. "We still find there are plenty of people who aren't even aware that password managers exist," she said. "[But now ] ... we're seeing it cross over to your more average Internet user."

Password managers provide tools to encrypt text files that can store all your passwords that are not Web based, such as Windows and Outlook passwords, Lotus Notes passwords, administration passwords including local and domain accounts, BIOS passwords, encrypted hard drive passwords, cell phone and voicemail passwords, iPad and iPhone passwords, and so on.

Password managers promise greater security while improving the user experience. People get most excited about password managers' convenience, said Gott. "The security for a lot of people is an added benefit," she said.

The best password managers sync to the cloud across all dominant platforms and require multi-factor authentication. Other factors to consider when choosing one are cost, ease use, and extras. Of course, clouds are where much user data is breached. You've probably heard the victims' names: RSA, Sony, eHarmony, LinkedIn. What happens when a cloud-based password manager gets hacked?

LastPass was hacked in March 2011, right around the time Sony was breached. Unfortunately for Sony users, Sony stored passwords in clear text. LastPass, on the other hand, encrypts its passwords and came through relatively unscathed. In other words, the extra protection offered by password managers works.

LastPass

LastPass is a consumer product that's also fine for business use. You can set it up according to the level of risk you're comfortable with, from simply locally caching the master password to two-factor authentication. It's free for the desktop version and $1 a month for the premium service, which includes virtually all mobile platforms--even WebOS--and two-factor authentication. The only downside is its password recovery option of pinging back to a designated recovery computer to create a one-time password. You could compromise your information if you enable account recovery on a laptop that becomes lost or stolen.

KeePass

KeePass is a free, open-source password manager for enterprise IT techies. The app lets you peek under the hood and inspect it for any back doors. You can tweak and compile it yourself. The KeePass site provides XML examples of how to save locally or to a network share. In other words, this is quasi-developer stuff. Network and desktop admins should have no problem using KeePass, even if they visit XML only occasionally. But this is not for newbies.

KeePass 2 adds the capability to synchronize to a specific URL, so the extensions that were created by third-party developers for synching to the Web are no longer necessary.

KeePass works on Windows 98 all the way through to Windows 8 32-bit and 64-bit operating systems, and Mono, for Linux, Mac OS X, and BSD. Contributors have used it to write iPad, RIM, and Android password manager apps.

Clipperz

If you're willing to secure your most sensitive data in the cloud, Clipperz lets you go for broke. Clipperz calls itself "a Web Rolodex, a card index where you can enter any sort of confidential data without worrying about security." It can be used to store and freely organize passwords, confidential notes, burglar alarm codes, credit and debit card details, PINs, software keys, and so on. The card system allows for an unlimited number of fields, so you can customize it any way you like. You could create custom cards for your driver's license, passport information, burglar alarm codes--basically anything that's important to remember and keep safe offsite.

This browser-based plugin is completely free. There is no upsell popup to a premium package. It wins on price, but loses on features.

RoboForm

Tired of typing the same information into online forms over and over again? You might have noticed that a lot of forms for completing business and personal transactions online overlap. You might pay an iPhone bill, submit a health insurance claim, check on money in eTrak--and have to enter a lot of the same info into each form. Just thinking about my insurance company's flex benefits PDF makes me postpone the refund attempt for another day. And just try filling out a form on an iPad, let alone an iPhone.

RoboForm Desktop fills forms with one click. It pre-populates the form with static data such as name, policy number, and so on. You fill out the rest. Employees love the auto-fill-in feature; companies get improved productivity.

And oh yeah, it manages passwords in the same way.

RoboForm is the only password manager in our roundup that doesn't have a free version. A trial of 10 free log-ins is all you're allowed. It costs $29.95 for the desktop. The cloud-based and mobile services are subscription based, at $9.95 for the first year and $19.95 a year after that. RoboForm works on the iPhone, iPad, Android, BlackBerry, Windows Mobile, Palm, and Symbian. RoboForm Enterprise, which integrates with Active Directory and group policy for central management, is priced separately.

Windows 8 and Live ID

Microsoft is broadening the scope of Windows Live ID. Already it is used to view licensing keys and store OneNote data, as well as provide 5GB of free storage. Starting with Windows 8, the Live ID logon now will be a password and forms manager as well.

Because it is integrating the capabilities into the operating system, Microsoft can add features that standalone password managers cannot. For instance, with Windows 8 Microsoft is throwing in a lightweight environment manager that can save a wide range of settings such as your lock screen picture, desktop background, user tiles, and browser favorites and history, among many others. They automatically sync when you log into Live ID. Will this conflict with third-party environment managers such as Quest or AppSense? Windows 8 ships in October so we'll find out soon.

Additionally, Microsoft also lets you log into Outlook.com, Windows Messenger, and (formally known as) Metro apps without a password interface, and the setting and last-used state persist across all your Windows 8 PCs.

Thanks to SecurityCoverage for this infographic of password breach statistics.

Thanks to SecurityCoverage for this infographic of password breach statistics.