When a person uses the Internet, over time, accounts appear in social networks, registration on forums, online stores, online banks. Along with them, the number of accounts on different resources also increases, in order to remember all passwords, and they came up with a password manager. The simplest version of this program is the "notepad" program, some put it in an archive with a password, so the text file with passwords is relatively safe, but the archive is easy enough to crack, and the text file will not be difficult to read, but if it was stored in it online bank passwords? To securely keep passwords from prying eyes, specialized password managers have been developed.

They all work according to a similar algorithm, there is a database in which passwords are stored, most often in a hashed form, and a shell is connected to the database in the form of a convenient interface, such an algorithm can be organized locally, that is, on one computer, or over a network, the database is located on the server, and the user connects through a web form or the "client" program installed on the computer.

Password manager for computer

Consider the KeePass password manager. This manager is so-called "open source", that is, open source, and is free. Since the source code is open, anyone can participate in its modification and testing, including the resistance to hacking. Because of this, "KeePass" has gained great popularity among users.

The program is installed on a computer under Windows XP-10, Linux-like OS (Debian / Ubuntu and the like), Mac OS X, Android (there is portable versions for Windows).

After installation, download the localization of the Russian language, copy it to the program folder and launch KeePass. In the program, select "view-change laguage",

We choose the Russian language,

Then "file-new ..." in the window that appears, write the name of the password store and the path in which it will be created. Then a wizard for creating a password storage will appear, in it we select the type of encryption and additional settings, enter the password to access the storage and click done.

After the above actions, in the groups located on the left side of the program window, select the group and in the main window click on the "add record" button.

In the window that appears, enter the login - the password that must be saved, the site and the comment are filled in as needed. Also, the advantages of this program include a large number of plugins, extensions.

Download KeePass- http://keepass.info/download.html
Localizations—Http: //keepass.info/translations.html

This manager works only on the web, there is an extension for major browsers - Opera, Firefox, Safari, Chrome, IE. There are also clients for mobile platforms - iPhone, iPad, Android, Symbian OS, BlackBerry. It is possible to install the client on Windows, download the database through it and work offline, but synchronization with the cloud database should still take place, this main feature is to organize access to personal passwords from any place where there is Internet.

The resource has both a paid subscription and the possibility of free use with some non-critical restrictions, the interface is very friendly, registration on the developer's website is required to work, then the wizard will guide you through the main stages of creating a password database.

Download LastPass- https://www.lastpass.com/

Corporate password manager. A database is created on a separate PC (server) and the server software is installed for remote client connection. Customers using client software or a browser can log into pre-created accounts and work with them, in fact, this is a password manager, chat, corporate mail. For business, where safety is more important than ever, this is good decision the task at hand.

Download Passwork- https://ru.passwork.me/

Given the current specifics of the Internet, even the most unpretentious users are forced to use one or another program to store passwords.

Even with a very limited number of visited sites, almost every person who actively uses the capabilities of the World Wide Web accounts for several dozen accounts on various resources.

It is almost impossible to remember such a large number of passwords.

For many people, such a loss can cause serious damage in the form of leakage of personal correspondence or loss of access to an electronic wallet.

Therefore, a reliable program that stores all passwords in one place and at the same time protects them using an encryption algorithm is an essential tool on a computer.

However, there are dozens of products in this area that have varying reputations and technical features, and choosing the right one among them is very difficult.

This task is especially complicated for inexperienced users who have a poor idea of ​​what encryption methods are, a trusted connection, dictionary enumeration, etc.

It is on them that it is focused this review, but it will also be able to find many useful information and those who consider themselves savvy in Internet technology.

# 1. KeePass - OpenSource with a human face

Its main advantage is a free license, which allows you to use all the functions of the software for free.

Despite its spartan interface, this software has a wide range of capabilities, which are quite conveniently organized, which is not typical for OpenSource software.

Getting started with KeePass is easy, just a few simple steps:

• After installing the distribution kit, for further convenience, you can organize work with software in Russian.
  To do this, you need to download the localization file in the appropriate section of the official website and place it in the directory with the program files. Then select the View-Change Language function and select the required item.

Advice! At the moment, two branches of the program are supported, versions 1.XX and 2.XX, and the second is backward compatible with the first. We recommend choosing exactly version 2, as it has an improved encryption system and expanded data export capabilities.

• Next, you need to create a new password database. To do this, use the File-New command on the toolbar. Here we enter the invented master password and remember it, as it will be required every time you start KeePass.
  Also in this window you can select such additional protection measures as Key File or Windows Account.

• KeePass's working interface is pretty intuitive. You can create a new record using the key icon with a green arrow on the toolbar or using Edit-Create Record. The new entry menu looks like this:

Advice! KeePass supports an auto-typing feature that can be activated using the Ctrl + Alt + A hotkey. When you press this combination, the login fields will be filled in automatically. You can adjust this function correctly in the menu of each entry by going to the Autodial tab.

• By choosing the Service-Settings function, you can customize the software for yourself. All options are quite thoroughly and clearly described, so if you do not take into account the complex technical issues associated with the encryption procedure, then everyone can figure it out.

Many network security professionals believe that best program is an open source program source code, and the author of this review fully shares this opinion.

But for the sake of objectivity, other options for such specific software should be considered, since some options can also be a good solution.

No. 2. LastPass - modern design and usability

The LastPass developers approached the issue of porting to various systems in a rather original way: the main product is distributed in the form of a browser add-on, which can be downloaded from the app store or from the official website.

there is free version, but it has significant limitations, in particular, it does not support synchronization across multiple devices.

To get started, you need to create a LastPass account, which will be the basis for protecting your password database.

The main advantage of this product is its visual appeal and a rather well thought-out interface, which captivates many users.

After installing the add-on and registering an account, you must enter your username and password in the appropriate field.

You can manage your passwords both through the web interface and through the add-on menu. This article will consider the second option as the most popular.

It is very convenient to work with passwords through this manager: when entering data into the appropriate authorization fields, the user will be prompted to make an entry in the database.

Also, special buttons will be attached to the login and password fields, giving access to some functions.

Advice! Despite the fact that the version in Russian is, as it were, present, the quality of the translation leaves much to be desired. Some menu items are translated inaccurately, and some are signed only in English. Therefore, if you want to fully understand the functionality of the program, at least a superficial knowledge of the English language will be very useful.

Other functions LastPass plugin include the ability to create secure notes, templates for new entries and generate passwords with specified parameters.

These functions may seem quite useful to someone, but, according to the author of the article, they were added only to create the effect of a wide variety of tools.

The program settings, as in the previous case, are quite clear. But most of them in LastPass are related to usability and interface improvements.

These features are the main reason for the popularity of this application.

It should be noted that in 2015, LastPass servers were hacked, as a result of which hundreds of thousands of accounts fell into the hands of attackers.

However, this incident inflicted only reputational losses on the developers, since the user agreement states that the company is not responsible for the data provided to them.

Therefore, if you decide to give preference to this password manager, be sure to analyze other similar products, which may turn out to be at least as good.

Number 3. Dashlane is a multifunctional commercial solution

Feature this manager passwords is its focus on the organization of secure internet payments.

The basic version can be downloaded for free on the official website, but like LastPass, it has significant limitations.

A commercial subscription will cost $ 40 per year, which may be too high for many users.

Also, cross-platform functionality has been successfully implemented, which allows you to import this storage for Android, Windows, iOS and Mac.

The approach to working with Dashlane can be called unique: the software is a complex solution consisting of a desktop client and an add-on for any of the popular browsers.

But often both of these components copy the functionality of each other, and only the version on the computer has some advanced features.

The working area of ​​the main program is organized in a fairly standard way: the upper toolbar, side panel with the most necessary functions and a workspace that takes up most of the window.

Advice! There is no Russian localization, so if you are at odds with the most popular languages ​​such as English, German or Spanish, then Dashlane is not for you.

The best way to get started is to export passwords from previously used managers.

The program has extensive capabilities that allow you to losslessly move records from many different clients, including KeePass and LastPass, for which you need to use the File-Import Passwords function.

To create new entries, you need to use the Password functions in the sidebar, after which they will be displayed in the Security Dashboard.

The settings (access via Tools-Preferences) allow you to organize the synchronization procedure, change the master password and slightly tweak the usability and security features - nothing out of the ordinary.

The browser add-on serves only as a kind of remote control remote control and gives access to basic functions such as generating passwords, viewing and using records, as well as the most necessary settings.

In general, this product is very similar to LastPass: behind a beautiful cover there is a lot of tinsel and a lack of necessary features.

Moreover, all this is supplemented by a paid subscription, which must be renewed annually.

There are other solutions in this area, such as StickyPassword, Roboform, Password, but they are noticeably inferior to the products described in this article.

At the same time, KeePass remains the only cross-platform OpenSource solution that anyone can check the reliability of.

Videos:

Password Manager KeePass Password Safe (program overview)

Review and use the free and easy-to-use portable password manager KeePass Password Safe.

Where to store passwords. LastPass Review

Where are passwords stored? This question is no longer relevant for me, since I store my passwords in the LatPass storage.

Those who spend a lot of time on the Internet (like me) are familiar with the problem of remembering passwords. After all, they register not on one site, but several. And besides, registration is required not only for sites, but also for programs, such as ICQ or. Therefore, even a novice user usually has at least five passwords in his head.

A little about passwords. It is better not to put the same password everywhere, because an attacker, having learned it, will be able to gain access to everything. It is also not recommended to write it to a text file, for the same reason (and it can also be stolen over the Internet).
Therefore, there are password managers that allow you to securely store them in yourself.

So what kind of program is this - password manager? Its meaning is to store in itself any number of passwords from different sites and at the same time block access to them by setting a password.
The main feature of such a program is that you do not need to memorize dozens of passwords and trick with creating new ones, but simply save them in the program and put a password on it. Thus, you only need to know one password instead of several.

I will not describe the programs, I will not write about the possibilities either. You can read about this on their official websites.
I will describe only the basic skills of working with them.

Password commander- a free manager program with a Russian-language interface. Downloading from.

1. Launch, press the button Actions and choose Create new account ... from the menu

Pay attention to the point Install on removable media ...- this means that you can install immediately on USB stick... And all your passwords will always be with you.

2. Select the type of account. The first is best Standard... He's ordinary.
Second it is used if there are several accounts on the computer and can only be changed under it.
The third can be used with a fingerprint, retina, etc. + you need to install an additional paid program.

3. We write the name and choose the storage location

4. Choosing a password encryption method. If simple is enough for you, then choose Default... If you want better protection, then you need to choose Use encryption method and download plugins from the official site using the link in the program itself by clicking Download plugins!

5. Set a password for your account.
Pay attention to the button with a lightning bolt - it will generate a rather complex password.

Important in this window!
1) Remember this password and login. At least get yourself a tattoo, but try to remember them by heart. Because if you forget, you will lose access to all passwords!
2) Try to make your password hint as descriptive as possible. But it should be such that only you would guess about it, and not someone else's uncle.

6. In the next window, click Done and the main program window will appear:

7. We create the first group. I think the most important thing is the mail. So let's create it in the example. To do this, press the big plus sign and Add group ...:

8. This is the window of creatures that will open. new group... By default, here you just need to add its name and click OK... But in the future you can Add to other fields to display, such as URL, E-Mail, file, etc. You can also change their positions with the buttons Up Down.

9. Now we add our mail to the created group. To do this, click on the already familiar "plus sign" and select Add a note..

10. Will open Post editor... Here everything is clear what and how. I just want to draw your attention to the already familiar button with a lightning bolt (password generator) and a button with a keyboard. This virtual keyboard is needed so that no one can trace the keystrokes on the keyboard (from viruses and trojans, if any).

Now the main window of the program will look like this. It remains only to select a username or password and press the button Copy(By default, but you can also use other methods, for example, by dragging and dropping where needed) to enter a password or login into the window:

And you do this with all the folders and data.
You can end there. With all the other settings and parameters, you yourself can easily figure it out.

KeePass Password Safe- a free and Russian-language program. You can download it from. There you can also read about the possibilities and download Portable(does not require installation) version (on a USB flash drive) and Russian localization files (they must be "put" in the program folder).
For especially lazy ones - you can download from my website under the spoiler, but remember - the latest version will always be at the office. site.

We unpack the file from the archive with the Russian language directly into the program itself, then run the program and in the menu View choose Change Language ...

In the language selection window, click LMB on English and click Yes in the dialog that appears

For security reasons, it is recommended that you come up with an original password each time you new registration, otherwise an attacker, having gained illegal access to one account, will be able to easily hack others. It is difficult to remember a lot of different logins and passwords, to write down in a notebook is unsafe, therefore the most the best option unload memory looks use special programs for storing passwords. It is enough to remember just one, the master password, in order to gain access to all the rest.

Price: Free

LastPass- a well-known cloud service for storing passwords, developed by the company of the same name and available on computer operating systems Linux, Windows, OS X, in app stores Google play, AppStore, Store, and also in the form of plugins for major browsers, for example, Mozilla Firefox and Google chrome... This program not only remembers the identification data, but also manages it: it helps the owner generate a new password, changes the data if it notices a hacking attempt, analyzes the complexity and strength of passwords, and makes sure that the passwords from two different accounts are not the same.

Key benefits LastPass:

LastPass considered free program for storing passwords, however, for use mobile versions you need to purchase a premium account.

1Password

Price: Free +

Members 1 Password note as the important advantages of the program the simplicity of its use, as well as a very friendly and pleasant interface. However, these are the advantages of the program for remembering passwords entered on a computer, 1 Password are not exhausted - there are others:

• Cross-platform... The program works on Windows, Mac OS, Android, iOS, and also integrates into the most popular browsers like Opera and Firefox. However, such broad integrability is more the norm for password managers than a distinguishing feature.
• Synchronization... Through Dropbox and iCloud you can open access to the password store to unauthorized users.
• Reliability... The database is protected by the AES-128 cipher, adopted as a standard by the US Government. Data leak is warned by inline keylogger- a device that records user actions.
• Generating passwords. If it is necessary to create a new password, the program for generating passwords does not just give out a random set of numbers and letters, but generates a combination corresponding to the parameters previously specified by the user. Such parameters are the number of characters, the presence of numbers and even the pronunciation of the combination.
• Security auditing capability. The program will check the database for duplicate and weak passwords.

1 Password has the highest rating among peers in the AppStore (4 stars out of 5), however, and this software is not without its drawbacks. Compared to analogues, 1 Password quite an expensive program, and for the owners for the sake of installation full version will have to part with a decent amount. However, even after paying this money, the user will not be able to edit the database from a mobile device.

Dashlane

Price: Free

Password manager released in 2012 Dashlane immediately gained worldwide popularity due to its simple high-quality interface, high security and the ability to automatically fill in forms on web pages. By 2016, there were several updates, and the program managed to "grow" with additional functions. What is different Dashlane?

• Two-factor authentication- a sign of the attention of developers to the reliability of their offspring
• Purchase tracking and integration with e-wallets simplify the shopping process through online stores.
• Accessibility for any device. This program for saving passwords entered on a computer works with both desktop and mobile OS, has a plugin even for Internet Explorer... Cloud synchronization of several devices on different platforms is possible, but only with the purchase of the Pro version.

Basic application functions Dashlane are available for free, but to access the advanced features, you will have to purchase a paid version. Despite the presence of the Pro version, the application has not yet been translated into Russian - this is the main reason why Dashlane not as popular among domestic users as, say, LastPass.

RoboForm

Price: Free +

RoboForm- the "pioneer" and "long-liver" among password managers. The development of this program began in 1999, however, to this day, the application is constantly improving and increasing its functionality. Those who believe that the use RoboForm now, in the presence of many worthy competitors - a sign of unhealthy conservatism, they are mistaken, because the program can really offer the user a lot of unique advantages:

• Versatility... The fact that the password manager works with all major and current operating systems is no surprise. However, how many programs are known that are supported on Symbian, Palm OS, OS and even Windows 2003 ? RoboForm – one of those.
• Mobility... It is not necessary to install RoboForm to a computer or gadget , to use it - thanks to the function RoboForm2 Go, the program can be installed on a USB flash drive and run on public computers.
• Reliability. Base RoboForm encrypted according to the AES-256 standard, which is traditionally used in banking.
• Ability to create multiple profiles. Different people can use the same program - individual information will be stored in each of the password-protected profiles. This allows you to save money and purchase the paid version of the application "bundle".

The manager can be downloaded for free, but then it will not be possible to store more than 10 logins / passwords. To store an unlimited amount of data, as well as cloud synchronization, you will have to purchase a paid version RoboForm Everywhere.

Over the past year, 4.2 billion passwords have been stolen. This is an outrageous figure that should worry anyone who deals with the Internet. The US Federal Trade Commission analyzed what was going on with the stolen credentials. After stolen logins to Facebook, Google, Netflix and online banks are published on a hacker forum, it takes on average only nine minutes before the first attempt to log into your account. Since two out of three users use the same password for multiple services, a stolen key opens many doors at once.

The above number also demonstrates that passwords can now be stolen not only from individual users who fall for the bait of a phishing message. Hackers are targeting large services, which promises huge profits. Large IT concerns such as Yahoo! and Uber.

Generating strong passwords

The US National Institute of Standards and Technology has made adjustments to the rules for creating secure codes. Several innovations:
Length: The strength depends on the length of the password. The longer it is, the better.
No logic: A pointless set of letters is more reliable than you might think. But the password shouldn't be a digital mess.
Uniqueness: Use the password only once.
Verification: The Pwned Passwords online service lets you know if your passwords are being used by someone else or have been published.
Change if necessary: If you steal user data from the servers of any service whose client you are, change the password.

More recently, studies averaged 20-30 password-protected accounts per user. The latest data speaks for much more. A password manager used for corporate purposes stores an average of 191 passwords for business customers. But even those with only ten accounts do not adhere to the basic rule of protection: the password cannot be used more than once.

Protection for all passwords

This is exactly the problem that ten password managers we tested are helping to solve this problem by acting as a safe for secure passwords and running on Android, iOS, and Windows. They store all passwords centrally in one place. These products use powerful AES encryption to protect your safe with a virtually unbreakable 256-bit key. Such a database can only be unlocked with the correct master password. Thus, the user does not need to remember the password for each of his accounts, but only the master password that opens the safe with all other codes.

At the same time, the products we tested operate on two different principles: eight managers, among which the top three LastPass, 1Password and Dashlane, are online services. The encrypted password database is stored at the service provider's computing centers.

This is the most convenient solution for the user, since passwords are used not only on a stationary computer, but also on smartphones and tablets. In this case, to start synchronization, you just need to enter your username and master password. All codes will be at your fingertips anytime, anywhere. However, such services require you to trust the provider and be convinced that the master password is not really available to him and there is no way to access the database in any other way.

The second principle of work, chosen by the developers of such a popular open program like KeePass and also by Steganos for their password manager, this is a local storage of a password database.

We recommend starting with storage on your PC and only then pulling up mobile devices... The advantage of both on-premise solutions is that the user retains full control over the safe. For this reason, we awarded KeePass the highest score in the Security category. This method is less convenient, since you yourself have to think about how to get passwords from your smartphone. However, KeePass is the only program that can interoperate with a variety of applications that read this database format.

For example, for testing, we opted for KeePass2Android (Android) and MiniKeePass (iOS). All other password managers already come bundled with suitable applications.

Double protection of the master password

Password manager security relies on a master password (see block on the right). Therefore, we do not understand why half of the participants in our testing accept even such elementary codes as "1234abcd".

Only 1Password, Dashlane, and the products of such well-known antivirus vendors as F-Secure, Kaspersky and Avira require more complex master passwords. It is equally important to protect your safe by other means - in this respect, the tools from antivirus experts are downright trash.

Choosing a Master Password

Use of suggestions. A funny line from the Netflix series or your grandmother's saying will be a great basis for your password. You can also refer to your hobby. The phrase "I love read Chip magazine" might be a good idea.

The use of upper and lower case letters. Correct spelling -
rather a flaw for the password. ILovereadChipMagazine looks better from a security standpoint.

Embedding special characters. You can also add a couple of special characters: "ILove / readChipMagazine2018 $".

Double authentication. Be sure to use two-factor authentication to further protect access to the password manager.

It is integrated into all good dispatchers, that is, in addition to the master password for access to the repository, you must enter a second factor. In this case, you can be sure that even if the master password falls into the wrong hands along with the database, access to it will still be closed.

Regardless of this, the overall safety of dispatchers is at a high level. Our test leaders, LastPass, Dashlane and Keeper Security, conquer with perfectly implemented password strength checks, calculate duplicates, and even offer a backup option. All products not only store credentials but also create secure passwords- each of them has its own generator integrated.

In practice, however, their technologies are different: LastPass, KeePass and Avira Password Manager are the best at the task. Their generators are impossible not to notice, and in addition, they clearly display the length of the password. The mobile solution from Kaspersky is not so convenient: mobile applications There is no generator, so strong passwords can only be created in the desktop version.

Credentials for apps and web services

Web services are leading in terms of ease of management, and it's not just about simplified synchronization. Specifically, 1Password, LastPass, and Dashlane demonstrate how to build apps right and constantly innovate with the latest technology. For example, all three providers very quickly adapted their applications to the Face ID scanner on the iPhone X. On top of that, biometric unlocking is much more convenient than entering long master passwords.

All password managers offer autofill credentials in the browser to login to the site. This method does not work for Windows programs and applications on smartphones and tablets. The easiest way to do this is to copy and paste the data into the appropriate fields. Android, unlike iOS, makes this easy. For Apple's system, application developers need to integrate specific functionality to work with password managers. If anything, for our leaders - LastPass, 1Password, and Dashlane - there is a long list of supported apps that do without the clipboard.

All solutions have a search function to quickly locate data. However, only 1Password, KeePass and Steganos allow you to integrate multiple databases, thanks to which the user can, for example, separate personal and work accounts. The "Favorites" function is also very useful for displaying frequently used passwords - the data marked in this way is always at the top of the list.

Logging into Windows without a password

Password managers preserve all credentials. The situation with the entrance to Windows is harder since you don't have access to the safe yet. Microsoft integrated the Windows Hello function into the top ten, thanks to which user authentication can be carried out by scanning a fingerprint, recognizing a face or an iris of the eye. Such devices, as, already have the technical means, since a regular webcam is not enough.

Better than browser storage

All participants in our test are integrated into Chrome browsers and Firefox, but only four test participants can cope with Microsoft Edge: LastPass, 1Password, Keeper Security and True Key. Speaking of browsers, their built-in dispatchers are just a repository that lacks important additional features like a password generator. We advise you to turn to special tools so as not to lose peace and sleep due to the horrific news of millions of stolen credentials.