Best tools for protecting passwords

There are a number of additional features for the iOS version, such as sending you to a secure browser session where you can clear any Web-based data for additional security. There is also a demo mode where you can show your associates how the software works without revealing any actual passwords, since mobile users like to share their apps more often. Eventually, these features will find their way into the desktop and browser versions.

The software also has a number of protective options that keep you from tripping your own mistakes on its preferences screen. This includes the ability to clear the clipboard and lock the vault on exiting the app or when the desktop screen saver is active. On the desktop preferences, you can see at a glance which browser plug-ins you have installed and which isn't protected, that is a handy reference.

All 1Password versions include a strong password generator, where you can set up a random password. You can adjust the slider control for particular length and complexity (the highest grade of password beyond Excellent is Fantastic). On some of its generator tools, you can also choose whether the password is pronounceable, uses non-ambiguous characters, and allows for repeating characters. It would be nice for Agilebits to update its versions to offer consistent features across the browser, desktop and mobile versions.

1Password doesn't support as many smartphones as LastPass, and its synchronization could use some attention, but otherwise is a fine tool for individual password use. Pricing is also simple: each copy sells for a $50 one-time fee.

RoboForm Enterprise

RoboForm, as you might surmise from its name, approaches bulk password management from the forms automation business.  It is a study in contrasts. In its favor are its solid password management features. There are two disadvantages: how the software is constructed and supported.

Getting the software installed is a bear, and will require a certain sequence of prerequisites that aren't well documented. This isn't helped by the lack of support that we received. Our problem was unique: In the middle of our review, the team responsible for supporting the Enterprise software left the company. Hopefully, by the time you read this, this vacuum will be filled. Once you get everything installed, you shouldn't have too many issues getting it deployed to end users because it comes in several handy packages, including Windows MSIs.

The software is sold in several versions, including Pro, Enterprise, and managed console (which seems like an odd name). Each are priced differently in two basic configurations: a standalone Workstation version and an Enterprise version. The console software costs $5,000 for the first 50 users, with volume discounts, and an annual maintenance fee of $1,000 on top of that. The Workstation licenses are charged by user and by device, so you want to stick with the Enterprise pricing. Yes, this is confusing.

The managed console includes the cloud synchronization service called Everywhere. This means that every hour (or more often if you change the default), users' passwords are synchronized from their vaults, so they can access them from whatever device they choose. There is another add-on module called 2Go, where you can copy your password vault to a USB thumb drive and move it around. And there is also a Web client, which is useful on a borrowed PC for example.

The tool comes with a browser plug-in that can access its features like other products reviewed here, including bringing up a complex password generator and a button to force synchronization with its cloud service. The plug-in also contains various menus, such as for configuration control, to set up new logins, and to support a Windows biometric fingerprint reader.

You can set up autologoff time outs for screensavers or when the PC goes into standby, as most of the other products reviewed here also can do. One differentiation is that it creates a portal start page where you can directly click on your saved logins, similar to how Single Sign On products operate. You can save both files and logins to its vault, and you can also assign files to particular users or groups for secure collaborations.

The product has the second widest mobile OS support, including iOS, Android, BlackBerry, and Windows Phone. It supports Chrome, IE, Firefox and Opera browsers and has a status screen showing you which browser plug-ins have been installed, although IE information is segregated to another set of screens for some odd reason.

The Enterprise version of RoboForm includes the ability to recover any of your user's master passwords, because they are stored encrypted on a network share. This is something most of its competitors currently lack. It also has the ability to bulk import Active Directory users to help with the initial setup.

TrendMicro DirectPass  

Like the other consumer-grade tools, DirectPass has no enterprise management features. It also had the fewest overall features and the most issues in its use, and we would recommend that you wait until its next release before seriously evaluating it. For example, of the six products tested, it was the only one that didn't include a password generator. Trend promises to include this feature in its next release. Instead, it just captures logins from when you bring up a Web browser session. There is no way to manually add the website and its associated password to a separate list.

DirectPass synchronizes your vaults through its own cloud-based service, which is simple. Its vault can contain text files and also general Web form data. You can force the synch through buttons on the interface, or it should automatically do so when you bring up the software.

We had problems using DirectPass with our Pro Preview version of Windows 8.1. It worked fine with XP or on our iPhone. It took an hour before all the identity listings and notes were initially synchronized but thereafter the sync happened pretty much in real time.

Also, the capture dialog on Windows 8.1 would appear at the same time the browser-based "save this login" message would appear. Trend acknowledges all of these items and is working on fixing them and making an updated client available when Windows 8.1 is released later this fall.

The good news is that it supports Windows from XP-SP2 up to and including the original version of Windows 8 and on both 32 and 64 bit versions. It is also available for Android (running at least v2.3) and iOS (running at least v4.3). DirectPass has a simple pricing plan: $15 per user per year. You can use it free if you just want to save at most five passwords with the tool.

Strom is the founding editor-in-chief of Network Computing magazine and has written thousands of magazine articles and two books on various IT and networking topics. His blog can be found at strominator.com and you can follow him on Twitter @dstrom. He lives in St. Louis.

How we tested password managers

We installed each product on a Windows 7 or a pre-release version of Windows 8.1 desktop. We also used Android and iOS phones and Mac desktops (if a client was available for these systems) as well as Windows servers, and various Web-based services such as Dropbox, Gmail, and a Wordpress blog site to test these logins.

We connected to the various websites with at least Firefox and Chrome browsers to try out the associated plug-ins, too. When there was a cloud-based service available to synchronize our password vault, we signed up for that service and observed whether our password data was propagated across to the various clients. We also took notes on the relative differences in the clients across different OSs both in terms of functionality and user interface.