What Chrome password manager fits my requirements?

5

4

To prevent myself from using the same password everywhere I would like to start using a good password manager.

Because most of my passwords are used in the browser I'm searching for something that integrates with Chrome. However, searching for password manager on the Chrome extensions website gives me 88 options, I don't know which to choose.

My requirements are the following:

  • Passwords must be stored encrypted on the hard-disk. No online storing of my passwords
  • It must be able to generate a password for me
  • I must only give my master password at the beginning of a browser session (or after some hours not using my browser)
  • I must be able to browse through the passwords (preferably only after giving my master password again)
  • It must be able to fill passwords automatically or with mouse right-click menu.

Which of these managers fulfill these requirements? Extra points for a manager that uses a well documented format for the encrypted password file, so that I can access/write it myself if I want.

addition: I expect Chrome extensions to work on all platforms, but Ubuntu is the most important one that needs to be supported.

Peter Smit

Posted 2010-12-14T09:18:49.690

Reputation: 7 906

Answers

6

As fr as I know, Lastpass and Keypass are the two with the widest user base and the most renown. Lastpass is free but not open source, Keypass is both. I have used Lastpass for years on my Firefox, and I picked it at the time because it was said to provide the smoothest browser integration. If I set a site to auto-login, all I have to do is go to it, and Lastpass logs me in, zero clicks. As far as I know, Lastpass fits all your criteria, except the storing of passwords online.

I can understand your concern about its storing your passwords. I do not recommend ever automating your most sensitive passwords, such as your bank account's - which, if you have it, is a reason to change banks, since a decent bank should not allow its users access with only a password. I have a physical device into which I stick my bank card and type a code, which is standard in my country.

However, online access is such a huge boon that it is worth it, and Lasppass is really really careful. I believe the master password is never ever stored online: if you lose it, say bye-bye to your Lastpass vault. When I am at my parents', I just log into my Lastpassed Firefox, and I have all my synchronized passwords, very handy. And in the library I can just log into my vault online. I believe even the vault never lets the password leave the computer. You should check that in the manual.

A keylogger is its only weakness, but hey, keyloggers are alway fatal. However, if you set your Lastpass to auto-login the master password, and you have all websites covered by Lastpass, you never type in a single password, so that even a keylogger won't see anything.

Then the only weakness would be someone's stealing your computer. But! You can set Lastpass to only display a website's password after entering the master password (you can still log into sites, just not see it), even a thief cannot see your passwords. And he won't have your master password even if he is still logged into your Lastpass. He could reset your password though, but that applies to any password manager. I think Lastpass lets your do a remote log-out of all sessions on all computers, but I am not sure.

I am not sure whether you could decrypt your passwords yourself, no idea. Good luck choosing!

Cerberus

Posted 2010-12-14T09:18:49.690

Reputation: 593

Thanks for the excellent answer. I indeed chose for Lastpass, just because of the reasons you described. My Finnish bank has one time passwords (and my Dutch bank indeed a device for my bank card), so I'll not use it for them. PayPal however uses passwords, and I'm at the moment considering whether I would store that password in my vault. – Peter Smit – 2010-12-16T12:16:07.923

OK cool. I am with a Dutch bank too. I remember how surprised I was, the first time I realized that I could simply use Paypal with a password, the American way. I would never ever store that in my vault, nor my Ebay password, just to be sure. Nor Amazon. – Cerberus – 2010-12-16T23:52:51.737

6

I would personally not use an extension, I would use Keepass.

It stores in very high encryption and it works with any open application that has a username/password field.

William Hilsum

Posted 2010-12-14T09:18:49.690

Reputation: 111 572

Does it support autofilling or easyfilling of webpasswords? Or should I always open keepass to copy paste a password from there? – Peter Smit – 2010-12-14T09:28:06.410

Secondly, does it work flawlessly on Ubuntu (my main OS) and Windows? – Peter Smit – 2010-12-14T09:30:22.227

I am not to sure of Autofilling, but it is easy. I have Keepass open, single click on the username field in the browser, switch to Keepass and click on the website, it then fills out the information for me. – William Hilsum – 2010-12-14T09:30:36.037

It is flawless multi platform! You can use Dropbox or other applications to synchronise your database between machines! – William Hilsum – 2010-12-14T09:31:17.707

It has a linux version called KeePassX although it does not have as many features as the Windows version. Autofilling is called Autotype in this program because it simulates keystrokes to enter passwords. The 2.x version has a password entry obfuscation that combines keystrokes, clipboard, and arrow keys and is insanely secure, but doesn't work on Linux. – digitxp – 2010-12-16T12:15:41.917

3

LastPass fits your needs perfectly. Plus, your password database is stored online (encrypted, of course) so it is available to you anywhere.

bitslave

Posted 2010-12-14T09:18:49.690

Reputation: 1 063

Hmm, I'm still a bit skeptical about the online sharing, but they almost have me convinced! – Peter Smit – 2010-12-14T12:13:29.840

Well, it comes highly recommended by Steve Gibson who is something of a security guru and pretty conservative in his adoption of anything. He gives his assessment here.

– bitslave – 2010-12-14T13:07:04.217

2

What about the built-in Chrome password manager? It fits all your requirements :-)

FredT

Posted 2010-12-14T09:18:49.690

Reputation: 31

2Chrome's password manager is encrypted with your Windows user password. I doubt that is very secure. – digitxp – 2010-12-16T12:16:29.687

0

Intel True Key Password Manager ~ https://www.truekey.com

I'm using from a long time and satisfied.

P.S. It is premium service. For free, you can maintain 15 logins.

user684584

Posted 2010-12-14T09:18:49.690

Reputation:

Asked: 2010-12-14T09:18:49.690

Viewed: 2 605 times

Active: 2017-03-07T08:35:02.667