For years, we’ve been touting the virtues of KeePass Password Safe , a free open-source program for storing all your website passwords and associated notes behind a single master password. And to synch KeePass across multiple machines, we’ve been recommending that readers store the encrypted database on Dropbox. However, we got to wondering whether the popular browser-based password manager LastPass was a superior, one-stop solution. So this month, we invited the two free password trappers to duke it out for bragging rights.
KeePass is a very straightforward database. After selecting your master password and/or key file, you simply start adding entries by typing or copying-and-pasting URL, user name, password, and any relevant notes into the designated fields. There are options for groups and sub-groups, as well as icons to aid in organization of your database.
You can enter all of that same info into your LastPass Vault in a similar manner; but with the browser plugin installed, you’re also able to capture URLs and login info as you visit your various favorite sites, via the LastPass icon that resides in your browser bar. This makes LP that much more convenient for populating a comprehensive database of all your online sites and accounts.
Your KeePass database is kept secure behind either a master password or a key file (that you keep on a USB drive, for instance), or both. The entire database is encrypted using AES 256-bit encryption by default, or Twofish 256-bit encryption, if you prefer. Every password is automatically measured for quality, and a random password generator will churn out a password to your specification. Finally, the open-source nature of KeePass means its code, and its integrity, can be scrutinized by anyone, adding a degree of confidence.
Right-click any entry in your KeePass database and you can launch the URL and auto-fill your login info.
LastPass also uses 256-bit AES, and reportedly encrypts and decrypts your data locally on your PC, so it’s unusable from LastPass’s servers. Like KeePass, LastPass will tell you if a password needs improvement, and generate a random password for you if you like, but that feature isn’t directly tied to your Vault entry, making it a bit less convenient, so KeePass wins this round by a hair.
Both KeePass and LastPass offer auto-fill options that can make launching and signing into your websites very easy. In KeePass, you first right-click a database entry to Open URL, and then right-click the entry again to Perform Auto-Type—which will insert your login credentials into the appropriate fields. By default, username and password are entered. For multi-page logins and other special instructions, it’s possible to create command strings, but this obviously takes time and trial.
Using the browser plugin, you can populate your LastPass Vault by saving data as you visit all your favorite sites.
With LastPass, a single click on a Vault entry will take you to a URL and log you in, in one fell swoop. In theory, you can auto-fill on a site with multiple login pages by saving the data entered on each page, but we were unable to get this to work properly and also found it created confusing clutter within our Vault. We appreciate, however, that LastPass is capable of automated form filling, for, say, address and credit card info.
On the surface, the browser-based LastPass might seem to have the advantage here. After all, you can access your password vault from any machine that’s connected to the Internet—and any changes you make to your data are stored in a single place on the cloud. But with KeePass stored in a cloud drive, such as Dropbox, you have that same functionality, as long as you have the program installed on whatever machine you’re using, or you launch it from Portable KeePass on a USB drive (incidentally, to get all of LastPass’s functionality, such as Auto fill/Auto login, you need to have the browser plugin installed). What’s more, KeePass offers a number of Android and iOS ports for free, so you can also access your passwords from a smartphone. To get LastPass on a smartphone you need to pay $12 a year for the Advanced version.
As convenient as these programs make it to store your passwords, it still takes time to get your database set up just right for maximum efficiency, so it’s important to consider the long-term prospects of each solution. KeePass lives on your computer, so it’s not subject to the failings of a remote server. With LastPass, however, a locally cached copy of your passwords is stored on you PC by default when you use the LastPass plugin. Both programs offer export options for backup purposes and the ability to import into another program if the need arises—although, we had a much easier time importing our KeePass data into LastPass than we did importing LastPass data into KeePass, for what that’s worth. We also must point out that KeePass, being an open-source utility, is less vulnerable than a business-based solution, giving it the edge over LastPass.
The fact is, if you want to keep your personal info from getting into the hands of every Tom, Dick, and Sergei hacker, you must use distinct logins, of sufficient complexity, for all your various accounts, and a password manager makes that possible. LastPass offers the convenience of being tied to your browser, so you can easily save your entered data and access it from other PCs. But our loyalties still lie with
Password Safe, for its open-source nature, free smartphone app, and universal access when stored in Dropbox.