I started my journey with password managers a bit late, and yet in the now far 2007. I started with that old fashion thing called ‘software’, remember that? No, it’s not an app!
So, yes, the first software I used was KeyPass.
It was great! I suddenly started adding the notes I had here and there on physical notebooks in KeyPass, and my dear old Windows desktop computer became the keeper of my secret passwords (yet not secure at all). In that period, I started using Linux as well, and KeyPass was available for Linux too, amazing! All I had to do was to copy the passwords database file from Windows to Linux, done!
Well, all good right? Not entirely, I started working for a company and, at some point, I needed to have my passwords synchronized; at that time Dropbox was just starting, and I didn’t embrace it soon enough. And so, after I kept moving my KeyPass database from one computer to another via that amazing thing once known as USB key, I figured out that the time was right to search for an alternative, and an alternative had just one definition in my mind: online and cross platform password manager.
I then discovered an online service called Clipperz. That was the first time I tried an online password manager and it was… just there! Everywhere! No matter the operating system or computer I was using. At that point, my passwords were something like 50, so not a big deal to migrate. As a plus, the website was run by two Italian guys, Giulio Cesare Solaroli and Marco Barulli, and so I was truly proud to finally say that a new innovative project was, actually, an Italian product!
Since then, I used Clipperz for at least 5 years. Quite a lot if you are thinking about it from an online/internet point of view. In the meantime, though, a lot of things were changing, smartphones were becoming more and more prominent, and I added to my arsenal a Mac notebook, a Windows notebook and a Mac Mini, so switching from one device to another wasn’t just an occasional task, it was becoming the way I’m still working now.
I, therefore, recommended Clipperz to anyone, I was truly a fanboy! I also had a coffee with good guy Giulio Cesare back in Milano ages ago and it was fascinating; he kindly explained why their approach was different from the other players in the market. LastPass was emerging at that time, and I appreciated a lot Clipperz efforts to make the password managers more secure and… let’s say, “truly secure”.
Safe in Cloud
After a while, something started to change again, I was using my Android devices more and more (tablets as well) and the need of a dedicated app was always bigger, and Clipperz was unfortunately stuck only with their web interface, not even mobile optimized. And so I dug and searched for a while, and finally landed on a small yet very interesting new app called Safe in Cloud.
The idea of Safe in Cloud was simple, passwords database stored in Google Drive or Dropbox (and other services as well) and synced across every device; they started with Android and Windows and later also added iOS and MacOS. The overall experience was great, the app worked very well, super fast, available offline and with a nice and clean UI. So, again, I began to evangelize Safe in Cloud to friends and family and started to fading away Clipperz from my list of recommended tools. I actually kept both Clipperz and Safe in Cloud because they never added a web interface and every time I needed a new website or password added, I had to change the offline app first and then update the web version as well.
Happy ending? Not quite!
Moving Forward: LastPass
I always severely dismissed the big player in the industry called LastPass because… well, basically because the interface and user experience was just terrible! I also wanted to trust online reviews, which were explaining how it wasn’t good enough in terms of security. After a while, I finally decided to give LastPass another try; they just revamped their interface and apps so it seemed the right move. The LastPass approach is slightly different from other password managers. They have three kinds of entities, websites cards with autologin, secure notes and autofill. With website cards you can have only one set of username and password each, so for example, if you want to store multiple Google logins, you have to create separate cards, one for each Google account.
At the beginning, this can sound weird but stick with me, things are getting better!
The real power of LastPass is truly in their browser extensions (I’m using Chrome but they have it for almost every browser out there, yes, also for Microsoft Edge). Let’s continue with the Google example; when you are presented with the login screen, you can choose, from a handy drop-down list, which Google account you want LastPass to fill in for you. This way, you don’t even have to copy paste username and password from your password manager, everything is handled by LastPass. If you are working with hundreds of websites, this is just invaluable. I can have all my client credentials securely stored and switch from one to another with just a few clicks and without even knowing or copying the actual passwords.
The goal here is, of course, to enforce web security as well. I can now use 90 character passwords (if the website supports it) as easily as I use the infamous “123456” (you are NOT using it, right?). The LastPass Android app offers the same functionality and it’s just mind blowing. You can, for example, download the Amazon app, go to the login and, if LastPass recognize that particular app as a web service, it will pop up a message asking you to fill it with you stored data, truly amazing and time saving. It is available offline, of course, and also makes use of the new fingerprint sensor authentication, if your device supports it.
The other options in LastPass are secure notes, where you can store specific sets of information in a predefined template (they have just added a new functionality and now you can create your own templates), like Email, Credit Cards, WiFI, Server, FTP accounts etc. The autofill is just like the Chrome autofill, you store your set of name address city etc. and you can automatically fill whatever webform ask you for your address in a blink of an eye.
All gold with LastPass then? Not entirely.
The downside, in my opinion, is the lack of flexibility. I would love to have some sort of ‘open note’ I can easily change, rearrange fields, rename etc. in an easy way; templates are useful but sometimes you just want to add your stuff in your messy and personal way! You can also attach images and files to your notes, but the process is not very good, and if you want to view them offline, you have to download them every time, which is not a good option for me.
I know what you are thinking, what about security? They have a big range of options and you can use them all combined together. I currently use the two-factor authentication, the Google one with the automatically generated numeric codes (which, if you aren’t using already, just go here and embrace it as soon as you can!), and now also the LastPass proprietary app called LastPass Authenticator. On top of this, I also have an USB dongle I have to insert every time I access LastPass from a new computer which is YubiKey. In the account settings page, you can also restrict LastPass access to a specific country or IP address, or even blacklist some countries.
I didn’t mention the most amazing thing of LastPass yet: sharing! Yes, you can share websites credentials or folders with other LastPass users, and even hide a password and let them use it anyway. For example, you can share your Amazon shopping credentials with your son (actually maybe not a good idea) but don’t allow him to change or view the password but still be able to login to the account. Collaborating this way is fantastic, imagine you hire a new person working for you, or simply a temporary collaborator for a particular project, you can easily create a folder with only specific clients usernames and passwords you manage and let him use them all at the day one with no effort at all. A simpler example can also be a shared folder with your partner with common websites accounts, like, once again, Amazon or grocery shops and Gas and Electricity providers etc. Maybe another folder shared with your family. Because you don’t want your dad coming to your place and asking you for the wifi password every time you change it, right?
Nice one, so how much for all this?
They start with a free plan that used to be locked to just a single device but finally, they realized that it’s 2016 eventually, so they removed this restriction, and you can now use it on whatever device you want, for free. They offer a pro and enterprise version, which, despite the term, is not very expensive at all, it’s just 24$/year; this is the one I have because it allows me to create unlimited shared folders and other cool, under the hood stuff; go there and give it a try! Their comparison chart here.
So yes, that was quite a journey, I now have more than 600 entries in my LastPass account, and I can’t be more happy and productive. At some point, you have to deal with productivity. I don’t waste my time copy pasting passwords all day long in order to switch from one account to another anymore. Maybe this is not a problem for you, but if you constantly jump from one website to another and ‘change identity’ all day, this is really a game changer.
Of course, there are a lot of different options out there, all pretty much valid.
I want to close this article with few points I think a good password manager should have in order to be considered, which I found in LastPass:
- Web interface
- Native apps for major platforms
- Browsers extension
- Strong security with numerous options
- Easy to use
- Nice and clean interface