Summary comparison of three password managers
These password managers make it easy to use long, randomly generated passwords that are unique to every site. They store your passwords in a locally encrypted vault and the only password you need to remember is one strong master password. They all support mobile devices, work offline, and have some form of syncing. When generating random passwords, they let you specify the password length and allowed character types so that you can meet the password requirements of a given web site. The developers of these programs
DO NOT have access to your data.
LastPass is the most cross-platform. It has extensions for Chrome, Firefox, Safari, Opera, and IE, and mobile apps for iOS, Android, Windows Phone, and even BlackBerry. You can also access it via the web, which still performs the encryption and decryption locally in your browser so that the LastPass company does not have access. It supports various forms of multi-factor authentication, such as Google Authenticator, YubiKey, and the Grid, and also supports one-time passwords. Also syncs secure notes and autofills forms.
Downsides: Your locally encrypted password vault is required to sync via LastPass servers, and none of their service has been independently audited for security. Though the JavaScript source code of the web site and some of the browser add-ons is publicly viewable, there are also binary browser plugins which are closed-source. Mobile apps require a $12/yr subscription to LastPass Premium.
1Password has a nice user interface and optionally syncs via Dropbox, iCloud, or WiFi.
Downsides: The Mac, Windows, and iOS apps cost money (relatively pricey). The Android app is free, but it's only a viewer and can't add or edit entries. No Linux app, no support for mobile OSes beyond iOS and Android, and no multi-factor authentication. 100% proprietary and closed source. I'm not aware of any independent security audit having happened for 1Password.
KeePass is free and open source, so outside developers have full access to the source code, allowing anyone to confirm for themselves that KeePass follows good security practices and that nothing fishy is going on behind the scenes. Optionally syncs via Dropbox or FTP. There are various third party programs and browser add-ons to support a variety of platforms and browsers. Can be run as a portable app from a flash drive. Supports a variety of plugins to add functionality.
Downsides: Not sure. Would someone who has used this app comment on its downsides? There doesn't seem to be multi-factor authentication or web access.
---
Disclosure: I have only used LastPass, so my knowledge of the other two is limited. If you have corrections or additions you'd like to make, please comment.
Note:
I originally posted this in a Reddit discussion of this breach.
