By Neil J. Rubenking
If you're not using a password manager, chances are good your secure websites are protected by weak passwords that you use over and over again.
Bad idea! You really need to protect your accounts.
If that's not enough motivation, how about protecting your accounts and saving Florida's endangered manatees? A portion of the proceeds from each sale of Sticky Password Premium goes to a manatee protection fund.
The connection goes deep; Lamantine Software is Sticky Password's parent company, and "lamantine" means manatee in French.
The company's mascot is a friendly, bespectacled manatee.
Best of all, the product does its job very well.
For $29.99 per year, you can install Sticky Password Premium on all of your Windows, Mac OS, Android, and iOS devices, and it syncs data between all your devices automatically.
If you can make do without cross-device syncing, you can use it for free, just as you can with Dashlane 4.
There's also a Lifetime edition for the product's biggest fans, a one-time purchase that gets you all the features of Premium indefinitely.
The Lifetime edition lists for $149.99, but if you click the link at the top of this article to see it, you'll find that for you it costs $99.99.
In order to sync your passwords between devices, Sticky Password usually stores an encrypted copy of your data in the cloud. Nobody can get at that copy without having both your online account password and your master password.
For the super-paranoid, Sticky Password offers a more secure option: Wi-Fi sync.
In this mode, your devices sync directly with each other when they're connected to the same Wi-Fi network. Your data never goes to the cloud.
Getting StartedDuring the installation process, you create a StickyAccount.
Enter your email address and create a strong StickyPass—the password you'll use each time you install Sticky Password on a new device. You also define a separate master password, required each time you log in.
During installation, Sticky Password can import bookmarks and stored passwords from supported browsers, and the list of supported browsers is huge.
In addition to the usual suspects (Internet Explorer, Firefox, Chrome, and Opera) it works with less common browsers, among them SeaMonkey, Pale Moon, and Comodo Dragon.
If you're switching to Sticky Password from LastPass, RoboForm Everywhere 7, or KeePass 2.28, you can import your existing passwords. You can also import passwords exported by another instance of Sticky Password, which can be handy if you've chosen the no-sync free edition.
As you visit secure websites, the browser plug-in captures your credentials and offers to save them. You can edit the entry's name at capture time, and assign it to a group, though you can't create a new group at this stage the way you can with LastPass 4.0 Premium.
When you revisit the site, Sticky Password automatically fills in the stored credentials.
If you've saved more than one account for the site, a popup window lets you select one. You can also click the product's browser button and select from a menu of all your saved logins.
In testing, I found that Sticky Password did an unusually good job of capturing login credentials, even for sites that baffle other password managers. Many competitors simply can't handle a login that doesn't have username and password on the same page.
Sticky Password managed this kind of tough login with ease.
Some login pages are just plain weird. Like LastPass and RoboForm, Sticky Password handles such pages by letting you capture all data fields on the page, not just the ones that look like a username/password pair. Not many password managers are this flexible.
Application PasswordsYou can also use Sticky Password to enter credentials for applications that require a password.
To select the program, you either browse to the filename or drag a crosshairs icon onto the password-entry window.
Enter your login credentials and you're done.
I found that it worked even with a brand-new password-protected program that I coded myself. LastPass and Keeper Password Manager & Digital Vault 8 are among the few competing products that handle application passwords.
Most of us probably set our email and instant messaging systems to remember the password, so they start up immediately.
That's convenient, but not necessarily secure.
Turning off password memory and using Sticky Password to log in is definitely the more secure option.
Password Generation and RatingWhen you click in the password field while setting up a new account, Sticky Password offers to generate a strong password.
Choose a length from 4 to 99 characters, select the character sets you want (uppercase letters, lowercase letters, digits, and punctuation) and click Generate. Like LastPass, it lets you exclude too-similar characters, for example, capital O and the digit 0.
The password generator flags password strength as Low, Normal, Enhanced, or High. Using the default settings, you get 15-character passwords with no punctuation (since some sites don't permit punctuation).
Those settings result in passwords in the High strength range.
To check the strength of your existing passwords, click the Quick Access tab, click Warnings, and click the button titled "Turn warnings on." You'll see a list of all saved sites whose password strength is in the Low range.
I would prefer a full, actionable report on the strength of all passwords, like what you get with LastPass and Dashlane .
As it is, a six-character all-alphabetic password like "abCDef" can receive a Normal rating, meaning it won't show up in the warning list.
This is one Sticky Password feature that could still use some improvement.
Online StickyAccountQuite a few password managers let you access your stored data by logging in to your account.
Intuitive Password 5.0 and the free oneID work strictly online, with no client required. LastPass, Dashlane, RoboForm, and others offer online access as needed.
Sticky Password's online console exists to manage your license keys and trusted devices.
In particular, if you've lost or replaced a device you can remove it from the trusted list, to lock out any possible access by a thief.
By default, Sticky Password will authorize any new device, as long as you enter the StickyPass the first time. You can change that so authorizing a new device also requires a one-time PIN, sent to your registered email address.
If you've finished setting up Sticky Password on all of your devices, you can configure it to stop accepting any new devices.
Finally, from the console you can wipe out all of your personal data, or wipe out your account entirely.
I don't know how often the average user would do this, but I very much appreciate an easy way to delete my data when I've finished with a review.
Biometric AuthenticationBy default, your master password is required every time you log in to Sticky Password. You can configure the product so that instead the presence of a particular USB drive or Bluetooth device authorizes your access. Note that this isn't two-factor authentication, as the USB or Bluetooth authentication replaces the master password.
You can also configure Sticky Password to use fingerprint authentication on iOS and Android devices that support it.
I had a little trouble seeing this feature at work on iOS.
It turns out that if you actively click Lock, you must enter the master password to log back in.
Touch ID comes into play only when you switch away from the app and then return.
Sticky Password's designers are still fine-tuning the Touch ID logic; it may change.
Of course, that doesn't help if you're using a Windows or Mac desktop. Note, though, that Sticky Password powers password management for EyeLock's myris device.
This device is promising enough that PCMag gave it a Technical Excellence Award, but the $279.99 price tag puts it out of reach for many. LastPass supports the widest range of two-factor authentication options, and True Key by Intel Security lets you use facial recognition to authenticate, but Sticky Password is the only one associated with iris-recognition biometrics.
Portable PasswordsWhile you can't access your passwords online by logging into your StickyAccount, you can create a portable USB-based edition of the program, with all of your current passwords included.
This gives you a kind of two-factor authentication, as you must both possess the USB drive and know the master password.
You can use the USB-based tool to log in to your saved sites just as you would the regular version of Sticky Password.
As with the portable editions of RoboForm, KeePass, and others, any new logins you capture will be stored only on the USB drive, not auto-synced with other installations.
Web Form FillingYou can define any number of identities in Sticky Password.
These are collections of personal information for filling Web forms.
Elements include personal details, snail-mail address, online contact information, and business details, as well as a finance page that can store credit cards and bank accounts.
The similar feature in RoboForm lets you create multiple entries for any field.
Sticky Password allows multiple credit cards and bank accounts, but all the other fields are singletons.
Like LastPass and Dashlane, Sticky Password can also capture data that you've already entered in a Web form. When it detects you're submitting a form, it offers to add the fields it recognizes to an identity entry.
When Sticky Password recognizes that you've navigated to a Web form, it puts a red border around the fields that it can fill. Just click the browser button and choose the desired identity.
As with most password managers, it won't necessarily fill all the fields, so be sure to double-check any that don't have a red border.
Bookmarks and Secure MemosAs noted, Sticky Password offers to import bookmarks from your browsers during installation.
Those bookmarks become available on all of your devices, which is certainly handy.
A secure memo is a formatted text document that Sticky Password stores and syncs, along with your passwords and identity data.
Ten predefined templates list the likely fields you'd want to save for data types including drivers' licenses, passports, and credit cards. You can edit the memo any way you like, or create a new one from scratch.
Secure memos aren't used for filling forms.
They just store important information for you, and make it accessible on all your devices.
Mobile EditionsI checked out Sticky Password on an iPad, an iPhone, and a Galaxy 7.
As expected, I had to enter my StickyPass to authorize each device for the first time.
I verified that Touch ID serves to authenticate on the iPhone.
When you go to launch one of your saved logins, you get a choice: use the Sticky Password browser with AutoFill, or use another browser and copy/paste the credentials.
If you browse to a site with saved credentials within the proprietary browser, you'll be able to AutoFill just as if you had launched it directly from the program.
An Excellent ChoiceSticky Password Premium is an effective password manager.
It handles oddball logins better than most competitors, offers multiple syncing options, and even manages passwords for applications.
And its ability to sync via Wi-Fi, without using the cloud, offers an extra degree of security.
I'd still like to see the USB/Bluetooth authentication option revised to work along with, not instead of, the master password.
A password strength report that includes more than the very weakest ones would also be nice.
These are just minor quibbles, though, nothing that would keep Sticky Password from joining LastPass 4 Premium and Dashlane 4 in the Editors' Choice winners' circle.
Back to top
PCMag may earn affiliate commissions from the shopping links included on this page.
These commissions do not affect how we test, rate or review products.
To find out more, read our complete terms of use.