Stump the Geeks

Choosing a password manager is a matter of trust

March 17, 2013 

Q. I have a question about an app I downloaded on my iPad and iPhone5: Passwords Plus. You create a long master password that allows you to access the info you store in the app. The info can be anything from bank accounts and credit card account numbers to passwords for various websites.

My question is whether this app and maybe others that are similar are safe.

I have so many passwords that I created an Excel spreadsheet with all of that info, and started entering the data from the spreadsheet into Passwords Plus. Then I started thinking that it may be just as vulnerable as other apps out there.

Patti B., Durham

One important thing to remember about password storage solutions is that safety, as with all things, is relative.

Passwords Plus ($4.99-$9.99), from DataViz, is like several other password management systems on the market in that it specializes in storing and protecting your own database of passwords in the cloud. LastPass (free to $12 a year) and 1Password ($49.99 to $69.99), which I’ve discussed here before, are two other popular options.

Cloud storage certainly makes things convenient. Making your information accessible wherever you are on whatever device means you’ll never lock yourself out of your email – as long as you can remember your master password.

But whenever you allow your data to leave your possession, there’s always a risk.

That being said, the security behind Passwords Plus makes it relatively safe. The passwords themselves are encrypted before they leave your device using an industry standard technique, meaning everything you store in the cloud is unreadable to anyone but you.

If the idea of stashing your passwords on someone else’s server – no matter how secure – makes you uncomfortable, you should also consider giving Password Safe a try. It’s free and open-source, and according to IBM IT Security Architect Jeff Crume, well established among geeks in the know. Like the products I’ve already mentioned, it secures your information using a single master password, except everything is stored locally on your own computer.

Any of these solutions, as Crume points out, are probably preferable to using a spreadsheet to keep track of everything.

“One thing I can say for sure is that while Excel is a very serviceable spreadsheet it is not a great password vault,” Crume said in an email. “That’s not surprising since it wasn’t designed to be one in the first place.”

You are right to be wary, though. With little barrier to entry for distribution centers like Google Play and other online marketplaces, it can be tough to separate the good products from the bad.

Crume says looking for tools with long track records is often a safe bet. Finding tools with large user bases and positive reviews from IT experts can also be helpful.

None of this guarantees 100 percent security. But asking these questions can help you can find your own solution for keeping your passwords safe – at least relatively.

“In the end, you’ve got to trust something. Either it’s your memory, a spreadsheet, a sticky note attached to your monitor (none of which do I recommend) or a purpose-built tool for storing passwords in a secure manner such as those I’ve mentioned,” Crume said in an email. “Choose wisely, because the keys to your own personal kingdom are at stake.”

Send technology questions to stumpthegeeks@newsobserver.com. Please include your name, city and daytime phone number. Sorry, we can’t answer every question.

News & Observer is pleased to provide this opportunity to share information, experiences and observations about what's in the news. Some of the comments may be reprinted elsewhere in the site or in the newspaper. We encourage lively, open debate on the issues of the day, and ask that you refrain from profanity, hate speech, personal comments and remarks that are off point. Thank you for taking the time to offer your thoughts.

Commenting FAQs | Terms of Service