Note: this post presents the results of my research and has not been sponsored by anyone in any way. It’s a long read, but the length is necessary to clarify certain things and explain my reasoning. Choosing a password manager is something that needs to be taken seriously, given the sensitivity of the data it stores.
To maximise the security of your online accounts, you need to use complex and unique passwords, coupled with two-factor authentication (2FA) wherever possible. The latter requires you to enter a temporary code each time you login on a new device. Most of the time, this code is generated using a mobile application such as Google Authenticator or Authy, but it is occasionally also sent via text. This last option should be avoided as much as possible, because text messages are not a secure channel. Two-factor authentication adds an additional layer of security to your account, by asking you for something you own (your 2FA code) in addition to something you know (your password) to authenticate you. Regarding the necessity of having unique and complex passwords, there’s really no secret to it: you need a password manager. In addition to your passwords, password managers also allow you to manage your two-factor codes, which makes securing your accounts that much easier.
To maximise the security of your online accounts, you need to use complex and unique passwords, coupled with two-factor authentication. Tweet this
I have been using 1Password for a little over 2 years, so I figured it was time to take another look at the market to see if it’s still the best option out there. This led me to write this post, for which I compared the four big actors of password management: 1Password, Dashlane, LastPass and KeePass.
Dashlane, LastPass and 1Password all offer synchronisation via their servers. While this may sound scary at first, note that your Master Password is never sent to their servers; the only thing they store is your encrypted password database. It is downloaded and decrypted locally using your Master Password, and sometimes an additional key, depending on the manager.
To briefly get into the technical side of things, the key used to decrypt your password database isn’t exactly your Master Password, but a key derived from it using a key derivation function. The functions chosen by each manager were conceived to be deliberately slow in order to hinder any attempts at brute forcing your Master Password.
Without further ado, here’s a table comparing the features of 1Password, Dashlane, LastPass and KeyPass. For lines containing only text (with no cross or checkmark), the bold options are the better ones. If none of them are in bold, it means all options are equivalent. A green cross means the absence of the feature in question is a good thing. I omitted features that are supported natively by all password managers, which include form filling, password generation, two-factor authentication, etc.
|Encryption||AES-256-GCM using the Master Password and a secret key||AES-256-CBC using the Master Password||AES-256-CBC using the Master Password||AES-256-CBC using the Master Password and a key file|
|Key derivation functions||PBKDF2||PBKDF2||Argon2d
|Global shortcut to open the app||Not really|
|Global form filling shortcut|
|Max. generated password length||64||40||100||64|
|Two-factor code generation||
using a plugin
|Compromised account detection||
using a plugin
|Automated password change||
through their servers (!)
|Master Password reset without data loss||
only for shared vaults
under certain conditions
|Auto-lock when inactive||
disabled by default
disabled by default
|Price||$35.88/year or $3.99/month
for one user
$59.88/year or $4.99/month
for 5 users
|Free (single device)
for one user
|Free (with sync)
Premium for $24/year
for one user
Premium for $48/year
for 6 users
|Payable per month||
+$1/month for one user
+$2/month for 5 users
|Others||First 30 days are free||30 days of premium for free||30 days of premium for free||N/A|
1Password and KeyPass both use a secret key in addition to the Master Password to encrypt user data. Specifically, a second key is derived from this secret key and combined with the one derived from the Master Password to obtain the decryption key. Here’s some pseudo-code representing the calculation of a decryption key. The first version is the way it’s done in 1Password with a secret key and the other version is how it could be done without a secret key, where
HKDF are key derivation functions:
# With a secret key (1Password version) derived_master_password_key = PBKDF2(master_password, HKDF(salt, version, email, 32), 100000) derived_secret_key_key = HKDF(secret_key, account_id, version, norm(derived_master_password_key)) decryption_key = XOR(derived_master_password_key, derived_secret_key_key) # Without a secret key decryption_key = PBKDF2(master_password, HKDF(salt, version, email, 32), 100000)
As you can see, the version with an additional secret key generates a longer decryption key, therefore increasing the overall security, given the secret key never leaves the local machine. This means that even with a weak Master Password, password data is safe when stored in the cloud, thanks to the secret key. However, this isn’t a reason to neglect the security of your Master Password, because you also need to protect the data on your machine. In a nutshell, the purpose of the secret key is to protect data against remote attacks, while the Master Password is used to protect it against local attacks.
Regarding the presence of global shortcuts, Dashlane doesn’t offer any on Windows, and on macOS you have to activate Dashlane in your accessibility preferences to get a splendid ⇧ + ^ + ⌥ + ⌘ + D that can’t be reassigned, which is so horrible that it might as well not be there. KeePass only has a global shortcut to fill forms, while 1Password has both a shortcut to open 1Password Mini and a shortcut to either fill forms or open 1Password mini if it doesn’t find anything to fill.
All managers fare pretty well with regards to the maximum length of their generated passwords and they all offer support for two-factor code generation, even if a plugin is required to add the feature to KeePass. Compromised account detection is where things start to get interesting. Dashlane and LastPass only notify you that a service for which you have an account has been breached, whereas 1Password and KeePass both use the APIs of HaveIBeenPwned to check if any of your passwords have been compromised (KeePass requires a plugin for this).
Dashlane and LastPass are the only ones to offer automated password changing, but they don’t do it in the same way. The only acceptable way to do this is the LastPass way, because it does it locally on the user’s machine. Dashlane’s implementation however, presents one huge security risk, by doing the change through their servers, meaning your passwords transit through them and end up in clear text at one point or another. If you want more information on this, I encourage you to read my post on the subject. To quote my post:
The best way for a service to guarantee the secrecy of data is to ensure they never have access to it in the first place. Tweet this
This is quite a pity, because everything was going well for Dashlane until I wondered why 1Password didn’t have a password changer, which made me stumble upon this answer on their forums. I checked their allegations, and the results of my research can be found the aforementioned post, with some other absurdities I came across as well. In the end, the password manager I thought I would be presenting as a viable alternative to 1Password ended up being a manager I strongly recommend people stop trusting. The issues outlined in my post clearly show they’d rather have a “wow-effect” instead of guaranteeing the security of their users’ data 120%, which is unacceptable for a password manager. I really hope Dashlane will fix these problems in the future so that I can recommend them.
With that being said, I know what you’re thinking: “What about KeePass/1Password’s compromised password detection?” Well, this one does abide by the security by design principles, because they never send your password or anything that could allow to identify it to the servers of HaveIBeenPwned, which is the service used for the verification. It works by hashing your password locally (see below) and sending the first 5 characters of this hash to HaveIBeenPwned, which responds with all known password hashes that start with the partial hash that was sent. The password manager then checks the previously generated hash against this list; if it is found, it means the password was leaked in a breach at some point. The design of this API is just beautiful, because it’s simple and secure at the same time. I wouldn’t have expected anything less from Troy Hunt.
What’s a Hash?¶
A hash is a fingerprint obtained by passing a piece of data through a hashing function. The hashing function does various mathematical operations on the data to get its fingerprint—or hash—, which often has a fixed length, in such a way that the same data will always yield the same hash, and that any change to the data causes its hash to change. Finding the input value of a secure2 hash is infeasible; the only way to do “find” the input value of a hash is to compute hashes of random data until you find the right one. As an example, here are the hashes of “test”, “Test” and “antidisestablishmentarianism”:
sha1('test') # a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 sha1('Test') # 640ab2bae07bedc4c163f679a746f7ab7fb5d1fa sha1('antidisestablishmentarianism') # 3fb02f5916ca73ae2d95e9d45d7bffaf62bd9b42
KeePass is the only open source manager, but the three others are regularly audited by independent entities to verify that their implementation reflects what is described in their respective whitepapers3. With that being said, it is undeniable that being open source presents a huge advantage for KeePass, because anyone can audit its code, which theoretically guarantees its security. This is also why it isn’t really a problem for KeePass to not have a bug bounty4, which is a program that offers monetary compensation for the disclosure of vulnerabilities.
Unfortunately, KeePass is plagued by the issue that plagues many open source products, which is the lack of ergonomics of its interface. In addition to that, you have to juggle different applications depending on the platforms you use, as well as handle the synchronisation yourself, which I find impractical. For these reasons, I cannot see myself using KeePass for now, because it requires too much manual configuration for things that other managers offer from the get go, in clear and beautiful interfaces. However, I totally understand why certain people would be drawn to this type of solution; I just think it does not suit everyone.
Then comes what happens if you forget your Master Password. 1Password only allows you to restore access to shared vaults, provided the people you shared it with haven’t all forgotten their Master Passwords. It’s a bit like losing the key to your house: if another person still has a key, they can come open the door for you; otherwise, you’ll have to call a locksmith. The difference here is that the locksmith can’t help you either.
The only manager that truly allows you to get your data back if you forget your Master Password is LastPass. This may sound nice, but don’t be fooled: this is actually a bad thing. Basically, your vault has a second decryption key, which is itself encrypted using a recovery key that never leaves your machine. This encrypted decryption key is sent to their servers, waiting to be used. When you request a reset of your Master Password, you receive a code by email or text to activate the reset procedure. Once activated, LastPass fetches the encrypted key from the server, decrypts it locally using the recovery key, uses it to decrypt your password database and finally asks you to choose a new Master Password. Given the recovery key never leaves your machine, it only works on a machine where you have already used LastPass, and for some reason only via the browser extension.
Even if it doesn’t look like it could allow LastPass to access any of your data, it still poses a security threat. If a person were to gain access to your unlocked computer, they would most probably also have access to your emails (and maybe your phone if you left it on your desk as well), which means they can start the recovery procedure. Once the procedure is started, they don’t even have to complete it. Once LastPass has decrypted your data, it doesn’t force you to enter a new Master Password, which means they can just skip this step and freely browse the unlocked LastPass library. All that remains is to delete the emails and you will be none the wiser. Note that it’s possible to deactivate this feature, but the fact that it’s active by default presents a security risk. Thankfully, if you have two-factor authentication enabled for your account, access cannot be restored with a 2FA code. The risk of this happening is pretty small, but it’s still ridiculous to have a default configuration that isn’t 100% secure.
Regarding auto-lock features, they are disabled by default for Dashlane and LastPass, including if you quit them, which is also an absurd default configuration. This means that once they are unlocked, they will remain so until you manually lock them, even if you quit the application.
Regardless of the issues mentioned above, I find 1Password clearly outweighs Dashlane and LastPass on many points:
- Better encryption by using a combination of the Master Password with a secret key;
- Detection of compromised accounts1;
- Global form filling shortcut;
- Ability to pay per month for an additional dollar;
- Global shortcut to open the application (only in regards to Dashlane);
- Great maximum password length (only in regards to Dashlane);
- Price (only in regards to Dashlane).
The first big point is encryption. As I explained above, for identical Master Passwords, 1Password will always be more difficult to crack, given the 34-character secret key that’s added to the Master Password. It makes the storage on their servers significantly more secure, given the security isn’t directly related to the quality of the Master Password anymore. Detecting compromised accounts is extremely handy; much more than being able to change passwords automatically, which is the only “missing” feature. As long as a password is secure, the only reason to change it is a suspicion that it has been discovered by someone or something that shouldn’t have. The only password managers that enable you to check this are 1Password and KeePass.
Dashlane and LastPass are also missing a global form filling shortcut; this is definitely not essential, but I use 1Password’s so often that I just couldn’t imagine not having it. Dashlane is also missing a proper global shortcut to open it, which is really a pity. The length of passwords generated by Dashlane also leaves much to be desired, as mentioned above.
Looking at their prices, Dashlane is 24% more expensive than 1Password, with LastPass being tough to beat given their free offer. However, I much prefer paying less than the price of a sandwich each month for total peace of mind and a password manager which meets my requirements 200%. 1Password is also the only one to allow users to pay per month, which could suit some people better, even if it costs 33% more.
As you have probably guessed by now, my final recommendation is 1Password for people who want something that works out of the box with excellent ergonomics and a beautiful interface, or KeePass for those who absolutely want to have an open source manager, even if that means they will have to handle more things manually. All that remains is for you to create a strong Master Password!
Creating a Strong Master Password¶
The ideal choice for a Master Password is a passphrase composed of multiple words separated by spaces, with an invented password somewhere in between; something like “dog table KJ3L9!NGoWB; server jacuzzi nebula”. This makes for a long, secure password that is easy enough to remember but hard to crack. A great way to obtain your words is to use Diceware, which is a list of 7,776 numbered words that allows you to choose each word by throwing 5 dice. Using dice makes this totally random, which in turn makes it secure. It is important to use actual dice and not an electronic dice in order to guarantee randomness. Let’s imagine you get 3—5—4—5—1 with your first dice roll: your first word will then be “knob”, as can be seen in the list below:
35446 knit 35451 knob 35452 knock 35453 knoll
All you have to do is repeat the process to get the 4 remaining words. After that, you can throw a single dice to determine where to place the invented password: a 1 would put it at the start, while a 6 would put it at the end, a 3 after the second word, etc. Note that there are also translated versions of the word list.
Stateless Password Managers¶
Stateless password managers have been left out of this comparative deliberately, as they are inherently less secure. They work by deriving a key from your Master Password, which is then fed into a deterministic function, which in turn generates a password based on the derived key and the site name you supplied. Since the function is deterministic, the same site name and Master Password will always generate the same password. This makes security rely very heavily on the strength of your Master Password, as a hacker only needs to guess your Master Password and the site name you used to obtain your password. With a traditional password manager that uses an encrypted database, a hacker needs to steal the database, guess your Master Password and, in the case of 1Password and LastPass, guess an additional secret key. In short, database-based password managers require the hacker to steal a database in addition to guessing your passwords, which is one hell of a lot more complicated.
SHA1 and MD5 are not secure hashing functions. The best option for secure hashing is to use specialised password hashing functions such as bcrypt, PBKDF2, etc. ↩
I do have to note that I had to go through Google to find the one for LastPass, which is odd, because I would expect it to be available directly on their homepage. ↩
The European Union allocated a 71,000 € bug bounty to KeePass from January 15 until July 31, 2019. Bug bounties have also been allocated to 14 other open source projects. ↩