Criteria to make the list
- Free plan
- Well established with good user base and reviews
- Single user based need
Areas for consideration
- Cross device & platforms support for Deskptop App/Storage
- Portable version
- Mobile App
- Web browser extension
- Sync Passwords across all devices – access your data from anywhere, on any device
- MFA – multi-factor authentication, which helps protect you from phishing attempts by requiring an additional form of authorization to log into your accounts, such as a code generated by a mobile app or a fingerprint scan
- Emergency access
- Export password database securely – if you ever need to switch providers becuase they change their service or increase their charges etc then it’s vital you have the ability to switch providers
- Account recovery
- Encryption method
- Encryption location
- Password generator
- Company Cloud, Personal Cloud or Local password stroage
- Transport Layer protection
- Compliance & Audits
- Auto & manual fill
- Additional storage facilities – secure notes, credit card details etc
- User and Device limits
- Open Source
- Desktop App: Windows | Linux | MacOS
- Access: Web browser Extension | Mobile App | CLI | Company Cloud | Personal Cloud – Using Docker container
- MFA
- Vault items Unlimited
- Sync passwords across devices
- Secure Password Generator
- Max users 1 & Devices limit 2
- Item storage unlimited
- Encryption – E2E, Exports
- Open source
- Security audits
- Password generator
- Company Cloud, Personal Cloud or Local password stroage
+ Nice GUI
+ Available on F-Droid
– Higher limitations on free plan
- Deskptop App: Windows | Linux | MacOS – Alternatively, using Homebrew: $ brew install –cask buttercup
- Access: Web browser Extension | Mobile App | CLI | Personal Cloud
- Secure Password Generator
- Devices Unlimited
+ A reliable password manager that offers premium services for free
+ Simple and easy to use
– Under active development
– Mobile App is currently for Access/Read only
- Deskptop App: Windows | Linux | MacOS
- Max user 1
- Access: Web browser Extension | Mobile App
- Sync passwords across devices
- MFA
+ Pair your devices to make it easy to approve log-in attempts
LogMeOnce
+ Removes master password by putting in place additional security settings, so that you can’t get locked out of your account by forgetting a master password
+ Single Sign On functionality, so once you’re logged in with a service you shouldn’t expect to need to keep signing into the self-same service
TBC
- Deskptop App: Windows | Linux | MacOS
- Access: Web browser Extension | Mobile App
- Devices limit 1
- Vault items Unlimited
- Sync passwords across devices*
- MFA
- Secure notes
+ Nice GUI
+ App Authenticator
+ Support for fingerprint verification
+ Monitors the dark web for data breaches
– Users will now have to choose whether they want their accounts on mobile OR desktop, therefore Unlimited devices of one type
- Deskptop App: Windows | Linux | MacOS
- Access: Web browser Extension | Mobile App
- Devices Unlimited
- Password generator
+ Fork of the old-time KeePassX password manager with extra features
+ Organisation with password folders
- Deskptop App: Windows | Linux | MacOS
- Access: Web browser Extension | Mobile App
- Devices limit 1
- Vault items 50
- Sync passwords across devices
- Secure notes
- MFA*
- Company Cloud, Personal Cloud or Local password stroage
+ Well known brand and security level
+ 256-bit advanced encryption standard (AES) to scramble your password vault
+ Only ever stores your passwords locally – meaning that even if Dashlane’s servers are hacked, your password details won’t be leaked
+ Monitors the dark web for data breaches
+ Automatically change your passwords on about 300 popular sites – useful if you’ve been recycling the same password everywhere
– MFA activation from desktop app
– Closed source
- Deskptop App: Windows | Linux | MacOS
- Access: Web browser Extension | Mobile App
- MFA
+ Designed by the renowned security technologist Bruce Schneier
- Deskptop App: Windows | Linux | MacOS
- Access: Web browser Extension | Mobile App | CLI
- Secure notes
- Deskptop App: Windows | Linux | MacOS
- Access: Web browser Extension | Mobile App
- Sync passwords across devices
- Password generator
- Vault items Unlimited
- Secure notes
- Password generator
- MFA
+ App Authenticator
- Password generator
- Vault items Unlimited
+ Organisation with password folders
+ Integration with Zoho apps – Mail, Desk, Projects, Flow
- Deskptop App: Windows | Linux
- Access: Web browser Extension | Mobile App
- Portable
- Password Generator
+ Multi language support
+ Organisation with password folders
- Company Cloud, Personal Cloud or Local password stroage
- MFA
- Password generator
+ Convenient updating of weaker passwords
– No device syncing
Exceptions
TeeHuss Algorythm
With every password manager there is a flaw somewhere. This could be that providers require your trust in terms of how and what they store and ensuring they implement the good theory advertised. We have come up with a system rather than a form of storage or container of passwords. The majority of password managers require a master password, so we move into the realm of “putting all your eggs in one basket” scenario.
We have a very safe method to implement your passwords, make them unique across each site and no data stored anywhere at all! (well it is stored in your brain, but nowhere else!).
So what is this neat invention, well it essentially involves mapping out all the issues with password managers and incorporating all the security aspects needed whilst making it convenient and safe. Our solution is a personal password algorythm we have named the TeeHuss algorythm. We invent our own algorythm and this is all we need to remember all of our passwords securely and for free! Here’s how it works;
TeeHuss Algorythm to create your passwords will be made of the following variables;
- Your name – in your chosen format
- The website in question – in your chosen format
- Set of numbers – based on your own limit
- A special character(s)
- A hash function
Using the above fields you would agree a set format and memorise points 1, 3, 4 & 5. Only point 2 will change and be unique to each website, however you’re not required to memorise it as it’s based on the site you’re visiting. You can would then parse the string into a hash conversion tool like Cyber Chef or for more security savvy, you can download and app which can do the same function but this will be offline and to go a step further you can download this to a different device. This method is the furthest we can go without encroaching unreasonably into inconvenience.
You as the user to implement this method would need to agree on the format of these 5 points and only you would know this format. By remembering the format, it is easy to apply across any website of your choosing.
Let’s use the above algorythm and imagine we want to implement this ourselves, here would our algorythm and what we need to remember;
- My name in this format: EDward
- Website in this format: FACEbok
- Number set: 2468
- Special character(s): &
- Hash function: SHA3
So we would use the above string to login to our Facebook account. Our password would be EDwardFACEbook2468&SHA3
Whilst this maybe reasonably complex in itself, our method requires parsing this string through a quick conversion tool by copy/pasting. Let’s say our chosen Hash function is SHA3 then the actual password we would input/paste into Facebook would be;
3f92d8146f5e6d70c7d68cef7096be01f1ea4021915c2374733d6097b6fb03200214aa7424ac9297e2c0df09f0b1e21a9b39919f73ba9143f5dbb4536d84f0ee
To apply the same logic on another website, let’s say Youtube then the only part of the string WE input into the hash conversion would be point 2. The rest stays the same yet produces a completely different output. We know have a method of coming up with a password [algorythm] that is easy to remember yet complex and unique across every website. To hack this password, you would need to know the order of points 1-5 and the exact formats of each point. Even point 2 is protected becuase if someone assumes “Youtube” is in your password string, they don’t know which order it comes in or the format of how to write it or the Hash algorythm to convert it!
+ Passwords are not stored..anywhere! It uses an algorythm instead
+ Works offline
– To change your Masterpassword, you’ll need to change every single vault item too
- Password generation
– GUI only
– Not Cross platform Deskptop App, Linux only
- Deskptop App: Windows | Linux
- Access: Web browser Extension
+ Nice GUI
+ Support for wearables, tags, TOTP, biometrics, and Keyfiles for adding an extra layer of authentication
– Not open source
– Not free on mobile
Not included in the list
- Keeper – no free option/plan
- 1Password – no free option/plan but their security is highly rated and they run Bug Bounty programs
- NordPass – no free option/plan
- KeePassX – we used the better fork KeepassXC instead