Snappy freeware and shareware reviews since 1996
print page       bookmark us     
The Free Software Store
Home Master Software Index Definitions About Us/FAQs

Why Your Browser's Password Manager Isn't The Best Place To Keep Your Passwords

Both Internet Explorer and Firefox have inbuilt password managers. And since 95% of the world use one or the other of these browsers (and many people use both), they're a prime target for malicious hackers.

The password managers in both browsers are easy to use (and that's the attraction of using them). They don't require you to install any other software or to invoke a separate application every time you need to recover a password.

But this ease of use can create a false sense of security. Because the sad truth is that neither of these password managers is really very secure, and a trained hacker can get their hands on your passwords through them fairly easily.

Of the two, Firefox's password manager is slightly more secure than Internet Explorer because it allows you to set a Master Password.

If you do this and make your Master Password longer than 8 characters using mixed case and keyboard symbols, then the chance of having your passwords hacked is greatly reduced.

But unfortunately most people don't do this. And this means that when it comes to security, both IE and Firefox are risky places to keep sensitive Net passwords (eg: your online banking details).

This is why using a separate password manager is better than using the one that comes with your browser (even if it's marginally less convenient). Especially for highly critical information that could cause you real annoyance and/or pain if it fell into someone else's hands.

If you want to find out more about this, read the "Password Concerns With IE and Firefox" article we've linked to further below.

It's a little bit technical but a great eye-opener (if you want to reduce the technospeak and/or are really pressed for time, you can skip to the core information on page 2 of part 2 by clicking here)

Other Password Manager Resources

Password Managers
Background: A password manager is a software program that stores your usernames and passwords - simple!

Most computer users accumulate a large number of passwords fairly quickly. Apart from passwords that may come with your PC or Mac software, you'll also quickly accumulate a lot more as you surf the Net (eg: passwords to chat boards; online banking; online shopping; free email services etc etc). And you'll accumulate even more if you start publishing on the Net yourself (eg: your FTP passwords; your web server passwords etc).

In an effort to stay on top of this endless complexity, many people either use the same usernames and passwords or a very small set of them. This can make life a little bit easier (on the one hand) but it's also a far riskier strategy (on the other) if your common password(s) are ever discovered.

But even if you run a very tight ship, this strategy is still only of limited use. Why so? Because many of the passwords you'll get are ones you have no say in at all (eg: software licence keys etc).

This is where a good password manager can be of tremendous help.

A really good one can not only help you locate passwords quickly and easily, but if it's Net-enabled it can put the password you need right under your fingertips when you visit sites that require them. A password manager will also provide you with protection against phishing (ie sites masquerading as other sites); help you complete online forms quickly and easily; and - all in all - greatly simplify your life.

There are a lot of password managers available out there - including the insecure ones built into Internet Explorer and Firefox (see sidebar) - but we've found six of the best (including one that runs on Mac and Linux as well as Windows). And we think at least one of these is likely to meet your needs in this area.

Here's what they are:


Popular Password Managers
KeePass Password Safe
KeePass Password Safe is an open source password manager that provides a very, very high level of security. KeePass allows you to put all your passwords in a single database which is locked with one master key or a key-disk (you can even use both methods together if you want to!). This means you only have to remember one single master password (or insert the key-disk) to unlock the database. The database itself is encrypted using the most secure encryption algorithms currently known (AES and Twofish). This makes KeePass files virtually impossible to crack if your database falls into the wrong hands. KeePass will import passwords from other popular password safes and can export your data in TXT, HTML, XML and CSV Files. The software allows you to group passwords (you can even create directory trees of them if you need to) and has sorting and search functions to make password location quick and easy. KeePass is also Net-aware and will auto-complete forms or logins if it's running in the background when you surf to a password-protected site. However, you can override this function if you need to. Best of all - for the busy person on the go - KeePass is easily portable and can be moved from one machine to another via a USB stick without needing any installation whatsoever. The latest Windows version of KeePass needs the free Microsoft .NET Framework to run (this comes with Vista and can be downloaded from Microsoft for all earlier versions of Windows) but the previous version (1.1) doesn't need .NET at all. KeePass is multi-platform and versions are available for all versions of Windows (from Win98 to Windows Vista); for Macs; and for Linux. There are also more than 30 language versions available too. Get KeePass Password Safe and/or the Microsoft Net Framework.


Any Password
Any Password is an easy-to-use password manager that lets you store and arrange all your passwords, user IDs, and related information in a tree form. Like Keepass Password Safe (above), Any Password saves your information in encrypted files which can be protected by a single master password. So the only thing you need to remember is the master password for the file itself. Any Password can also generate random passwords with specified parameters (ie length, used characters, etc). You can also find any stored information very easily using the program's incremental search feature. And although the base version of Any Password doesn't have the auto-completion features that KeePass does (this is only available in Any Password's commercial Pro version), what it does have is a multi-user capability. This means it can be used on an office network and each user can have their own individual data files. The software is also available in 21 different languages (including Chinese). Any Password runs on all versions of Windows from Win95 through to XP (the latest version also runs on Windows Vista) and the software is free for individual and not-for-profit charitable entity use. For-profit entities and educational institutions can obtain a license for between US$19 and US$25.
Get Any Password.


Access Manager
Citi-Software's Access Manager is a password manager that keeps all your passwords in one simple-to-use list. Like KeePass and Any Password (above), it offers fast, easy and highly secure password storage and one master password is all you need to remember to access your data file. Access Manager is modelled on Microsoft Outlook and has MS Office 2003 style menus and toolbars (it even supports Windows themes and styles) . So most people will find it blends into their standard Office suite fast and has a very low learning curve. But what we've found particularly nice about Access Manager is that in addition to having many of the features of other Password Managers, the software also allows you to keep unlimited notes with each password record which you can use to store links to a document, file, folder, program, web site and/or email address (very handy!). Access Manager runs on all versions of Windows from Win98 to XP and is available in a completely free base version or an enhanced trialware Pro version that provides multi-user capabilities and some additional security, transport and export options that are very nice to have. The base version is free for private, non-commercial use and you can upgrade to a standard or Pro licence for between US$20 and US$25. Get Access Manager.


Password Dragon
The Password Dragon password manager uses the Java Runtime Environment (1.5 or higher). And if you've installed this (it's free), it will happily run on Windows, Linux and Mac OS and you can even boot it from a USB. Like other password managers reviewed here, Password Dragon only requires a single master password and its data files are securely encrypted. It also carries out many of the same functions as other password managers (eg: easy search and sorting on all fields or specified fields; can be launched from within your applications or your browser; freeform notes field for each record etc). But unlike the others, Password Dragon also includes a user-defined preferences file where you can set a large number of things to suit the way you want to work, including everything from an auto time-out (eg: lock the application after N minutes of non-use) to the default start-up fields and the default startup sort order and category. Password Manager is very easy to use despite its impressive range of features, and if you don't need a multi-user capability and are happy to engage in a little extra effort to get it installed (ie adding the Java Runtime Environment to your computer if you don't already have it), its power and easy portability can more than make up for these small, one-time inconveniences. Password Dragon is freeware and very highly regarded by many users. Get Password Dragon and the Java Runtime Environment.


ByteEssence's PassKeeper is a multi award-winning password manager that provides a slightly simpler array of functions than other programs reviewed on this page. But if you're looking for an easy-to-use password manager that performs all the day-to-day password management functions you're likely to need, then this may be the password manager for you! PassKeeper allows you to easily add, edit, delete and move passwords between groups and will import or export your files in HTML, CSV or TXT format. It also has integrated tools like a random password generator, a password strength analyzer, a secure file shredder with 7 wiping algorithms and a boss key (ie panic button) for instant minimisation. It also has an auto-timeout feature and can be easily ported from one machine to another on a USB stick. PassKeeper runs on all versions of Windows (from Win98 to Vista) and it's freeware (though a donation to the author to help pay for overheads would be appreciated). Get PassKeeper.


Finally, if you're looking for something a bit different in this area and/or are just looking for software to automate away some of the tedium of online shopping or bill-paying, Billeo is a combined password manager, bill pay assistant and online shopping assistant that's won a PC Magazine Editor's Choice; is endorsed by a large number of brand name retailers; and is worthwhile looking at. Billeo remembers unlimited passwords and other personal information (such as credit card and bank account numbers) for each member of your family in a separate vault. It automatically retrieves the data needed for e-mail logins, shopping orders, banking, bill paying and other online activities. You can drag-n-drop credit card or bank account numbers into forms and next time Billeo auto-fills the form for you. It uses 128-bit encryption to protect your data in the vault. Passwords can be copied to another computer, viewed, edited, backed up and restored. Uniquely, Billeo Password Manager Plus can also be used to save web pages (eg: confirmation numbers, travel itineraries etc) and you can store saved pages for future reference and/or forward them to others via e-mail. Billeo runs on Windows 2000 and XP and is freeware. Get Billeo.
This page last updated: 15-Aug-2008


Home Master Software Index Definitions About Us/FAQs
Copyright © 1996-2019 The Free Software Store  |  Privacy Policy  |  Email Us  |  Top Of Page