Commercial Password Manager Test: 4 out of 9 recommendable
German testing authority Stiftung Warentest looked closely at nine commercial password managers in its most recent print issue.
The password managers that it reviewed and looked were: Dashlane Premium, McAfee True Key Premium, Keeper Security, LastPass Premium, 1Password, SafeInCloud, F-Secure Key Premium, Kaspersky Password Manager, and Enpass.
Only the first four mentioned password managers received a recommendation by the testers. All password managers were graded based on security, usability and extra features. Here is a list of things the testers put much of the focus on:
- Master password rules, and rules for passwords that are generated and/or stored in the application, for instance the minimum and maximum length of passwords, and complexity.
- Security features such as support for two-factor authentication, protection against third-party access, or security auditing features.
- Documentation, and how comfortable and easy setup and daily use is.
- Extra features such as support for saving other data, use of profiles, saving of critical data such as credit card numbers.
The testers analyzed the data sending behavior of each application furthermore by tunneling all traffic through a proxy server.
The test reveals little unfortunately when it comes to the actual ratings. Only one program, F-Secure's Key Premium, received the best rating in the password requirements group, while better rated programs such as Dashlane Premium or LastPass Premium only the second best rating. It is unclear why that is the case as it is not revealed in the test.
The testers put a lot of focus on usability, as it made up 40% of the overall rating, and the application's data sending behavior was not taken into account at all.
Stiftung Warentest criticized the sending behavior of the Android application in all programs that ended on its recommendation listing. Some password managers sent data, for instance a device's ID to third parties according to Stiftung Warentest.
Keeper Security and LastPass Premium got the best overall ratings in the security group, Dashlane Premium in the usability group.
The testers looked at the password managers of web browsers as well in the test, but don't recommend using them. The two reasons given are that they don't come with password generation options, and that browsers are connected all the time to the Internet which increases the attack surface. Lastly, only some support the optional setting of a master password.
Only four of the nine password managing solutions received a recommendation, but those that are recommended are not necessarily the programs that are the most secure to use.
Security made up only 40% of the overall rating, with extra features making up another 20% (which could include extra security features). Usability is without doubt important, but the 40% that it contributed to a program's overall rating seems a bit high in a field where security is of utmost importance.
I would have liked a stronger focus on security features, for instance whether you may save the password databases offline only, can sync between network devices, where the data is stored, how the company reacted to security incidents in the past, whether security solutions were audited by third-parties and so on.
Last but not least, I would have liked to see a comparison to free tools like KeePass as well (which would have done well in security, not so well in usability based on test criteria).
Now You: Which password manager do you use and why? (via Deskmodder)Advertisement