Password managers, thanks to Heartbleed, are top of mind this week. While nothing can save you from sites with truly idiotic password requirements, a good password manager tool makes it tremendously easier to prevent identity theft and fraud.
Dan wrote about password managers back in 2009, but that's so five years ago. I took an informal poll around the office and here's what iMarcians use today, as well as a few others that are well-reputed.
(Impatient? Jump to the TL;DR.)
1Password:
https://agilebits.com/onepassword
Platforms: Windows, Mac, Android, iPhone, iPad
What's special about it: It does pretty much everything, pretty much everywhere. Very configurable strong password generator; integrates tightly with Chrome, Firefox, Safari and IE; syncs across your devices using Dropbox (or iCloud); insanely deep organization (tags, favorites, folders); secure notes; software licenses; manages and auto-fills credit cards and multiple identifies into web forms. iPhone/iPad version includes a built-in browser, handy for banking.
Pros: Powerful, runs on all the big four platforms.
Cons: Not cheap. $50 for Windows or Mac, or $70 for a cross-platform bundle. $15 for iPhone/iPad (currently on sale for $9). Also, the Android version is read-only; you can't add and edit new passwords.
It's currently on sale for half off the usual price.
More iMarcians use 1Password than any other tool.
Password Hash:
https://www.pwdhash.com or http://crypto.stanford.edu/PwdHash/
Platforms: Firefox, Chrome, Opera, iPhone.
What's special about it: Creates a custom password for any website using one password of your choice. Implemented as a browser extension for desktop Firefox, Chrome and Opera.
Pros: Free and easy. Very effective at blocking website phishing attacks.
Cons: No official mobile support, but there is a $0.99 iPhone app, KeyGrinder, that implements the same algorithm and is thus compatible.
One iMarcian uses this.
LastPass:
https://lastpass.com
Platforms: Browser extensions for Safari, Firefox, Chrome, Opera, Internet Explorer. Native app on Windows Phone, Blackberry OS 7, Blackberry Playbook, Symbian, Android, WebOS.
What's special about it: Supports two-factor authentication.
Pros: Runs everywhere. Everywhere. If you have one of the great-but-gone WebOS tablets or Blackberry Playbook, LastPass has you covered. Free-as-in-beer for desktop PC/Mac use.
Cons: Advertising-supported. Paid subscription is required for mobile access (but at $12/year, it's cheap).
One iMarcian uses this.
KeePass:
http://www.keepassx.org
Platforms: Linux, Windows, Mac
What's special about it: It's free-as-in-liberty – GPL 2.0 open source license.
Pros: Source code hosted at GitHub. Fork it yourself!
Cons: Clunky. Autofill remains an "experimental" feature years after its introduction, and Linux-only.
No iMarcians use this.
mSecure:
https://msevensoftware.com/home
Platforms: Windows, Mac, Android, iPhone, iPad, Windows 8 Phone
What's special about it: Optional self-destruct feature to beat brute force attacks. Works on Windows 8 Phone. Syncs using Dropbox.
Pros: If you use Windows 8 Phone, this appears to be your best bet. Inexpensive; just $20 for Windows or Mac.
Cons: Windows 8 Phone version doesn't yet support Dropbox sync.
No iMarcians use this.
Go be forth, be secure, and encryptify:
Aside from picking a tool that supports your computers and/or mobile devices, which you use is largely a matter of personal taste. I suggest…
Power user's delight: 1Password or LastPass.
Free as in Beer: LassPass, KeePass or PwdHash.
Free as in Liberty: KeePass or PwdHash
Finally, here is a list of top sites that you should change your password now. Get to it!