I wrote last week about the stunning password and user name theft that Hold Security had unearthed (“Cautionary Note About Hold Security”; August 12).  In that blog, I mentioned Graham Cluley’s important discovery about the fee that Hold Security would charge consumers who wanted to find out if any of their passwords and user names had been breached.  Mr. Cluley mentioned several password management services about which I said I’d be writing more.

I looked at the sites for several password management services.  I’m not recommending any of them but these are services about which consumers should be aware. The password manager services allow consumers to store all of their passwords, along with other confidential information, into one secure site.  Hayley Tsukayama wrote a very helpful article about password management, including a good summary of several of the services along with the pros and cons (www.washingtonpost.com, “How to keep track of your passwords without going insane”; August 7).

She reviewed two of the three services I had mentioned, e.g., LastPass and 1 Password.  She also included Dashlane.  I also mentioned KeePass which has similar features as the others but is a completely free and open source password manager.  I mention that because, as Ms. Tsukayama wrote, the other services are free unless a consumer wants to sync his passwords across multiple devices, such as between a smart phone and a computer.

For that kind of premium service, there are different fees charged by the services:

  • LastPass charges $12.00 a year;
  • 1Password charges a one time fee of $50.00 for Mac and Windows, $18.00 for iOS and $10.00 for a full version of the app on Android; and
  • Dashlane charges $30.00 a year.

All the services operate along the same lines.  They are online storage lockers that retain all of a consumer’s passwords in encrypted databases.  The passwords are locked behind a single master password that only the consumer knows.  That’s the good news.  But as Ms. Tsukayama notes, that also means the consumer has to remember that master password because it can’t be retrieved from anywhere else.  The services can also store secure notes, credit card information as well as other information that a consumer has to fill in on various websites.  Another attractive feature of these services is their ability to generate random passwords for accounts that are strong and are remembered in their various lockers or vaults.  That way, a consumer can access these passwords while browsing the web by clicking onto a button on his browser and choosing the account for which he needs to fill in information.

Are there downsides to these services? Consumers are relying on the security of the various password manager services when using them.  KeePass notes on its website that in addition to being free and open source that its encrypted database is not stored in the cloud but strictly locally.

As I said, I’m not endorsing any particular service but I am strongly encouraging consumers to think about the ways in which they are storing their passwords.