The best password managers for Android
- 05 April, 2018 20:11
Protecting your online accounts is more important now than ever — and using a password manager is one of the easiest and most effective ways to do it.
Why? It's simple: Reusing passwords puts you at a heightened risk for hacking. If someone discovers your password at just one website — via any sort of breach, be it large-scale or targeted — they can then use that same password to crack into your accounts at countless other places. It happens all the time.
In a world that requires passwords for just about every online activity you do, most security experts agree: The secret to keeping yourself safe is relying on long, random passwords (in conjunction with two-factor authentication, when it's available). Remembering even a few such passwords is difficult enough, but doing so for dozens or hundreds of sites and services is nigh impossible for mere mortals. And that's where the password manager comes into play: It makes it possible to generate and keep track of all that info without needing a Rainman-caliber brain. With a password manager, you need to remember just one master password, and the manager creates and remembers the rest.
Figuring out which password manager is right for you, however, isn't so easy. But I'm here to help. I've spent a significant amount of time using each of the major password managers available for Android (using a Google Nexus 6P phone with Android 8.1 Oreo software for all of my testing).
Here are my recommendations.
The best Android password manager for most people
When you use all the major Android password managers back to back, one thing becomes immediately clear: LastPass is in a league of its own. The app is intuitive and easy to use, and — critically — it works consistently well across the entire Android experience.
At its core, LastPass makes it super-simple to store sign-in info for apps and websites and then to automatically fill in your credentials whenever you're prompted. LastPass intelligently utilizes Google's Oreo-level autofill function in combination with Android's accessibility system to provide quick and reliable responses anywhere a sign-in prompt appears.
(If your device doesn't yet have Oreo, LastPass will rely solely on the accessibility system for all of its field-filling work. The result is a less polished and smooth experience, but it's still perfectly functional.)
Beyond the basics, LastPass is packed with useful options. The app has a complex password generator and a security analysis feature that'll look at all of your passwords and suggest areas where you could improve your security (by strengthening weak passwords, for instance, or eliminating passwords used in multiple places). It can store secure notes and form-fill profiles — though for the latter to work on mobile, you'll have to either use LastPass's own internal browser (which you probably won't want to do) or manually copy and paste info from the app into your regular browser one field at a time.
Speaking of browsers, LastPass has excellent integration with all the major desktop offerings — as well as native app options for Windows and Mac, if you prefer — so keeping your info accessible across multiple platforms is painless. LastPass uses its own secure cloud storage, with device-level encryption, for syncing all data.
You can take advantage of the service's core features, including multi-device access, free of charge. For US$24 a year, you can upgrade to a premium subscription that gives you expanded storage for notes and documents, the ability to use YubiKey and Sesame as two-factor authentication methods, and the ability to create an emergency access plan that would provide someone else access to your account after an extended period of inactivity.
Family plans are also available for $48 a year for up to six people, as are managed team plans for $29 per user per year and policy-compliant enterprise plans for $48 per user per year.
The best Android password manager with multiple storage options
If you want more control over where your data is stored, 1Password is the way to go. The service allows you to keep your info in its own cloud servers for simple syncing, just like LastPass, but it also provides options for using Dropbox, iCloud, or even a direct Wi-Fi connection for syncing between devices.
Those extra options come at a cost, though — both in terms of actual dollars and in terms of the experience you'll receive. 1Password costs $36 a year for individuals, $60 a year for families with up to five people, $48 per user per year for teams, or $96 per user per year for pro business plans with advanced access control.
And despite the additional dollars, using 1Password on Android just isn't particularly pleasant — especially compared to the standard LastPass establishes. If I had to come up with one word to describe the experience, it'd be "clunky." That applies to the initial setup, in which the app fails to prompt you to enable the various system-level autofill permissions that make things work (and when you find the commands to activate those on your own, it then forces you to input your master password three times in a row — once per permission, seconds apart — to get the job done).
It applies, too, to the service's method of security, which eschews standard two-factor authentication and instead asks you to hang onto an "emergency kit" PDF file that contains a specific sign-in address and 40-character "secret key" that are both required whenever you set up the app on a new device.
It applies to the app's lack of common sense in detecting what login info is appropriate for any given situation. When trying to sign into Twitter, for instance, instead of just providing my saved Twitter credentials, 1Password required me to take the extra step of searching my database — even though there was only one Twitter-related entry present — and then told me it couldn't verify that Twitter should have access to my Twitter sign-in info and made me take yet another extra step to authorize it.
It even applies to the service's desktop browser extensions, which may not be Android-specific but are going to be part of the overall picture for most people. With Chrome, for instance, 1Password has two confusingly overlapping extensions — a regular 1Password extension and a newer and more robust extension called 1Password X — and depending on where you look, you'll be directed to install one or the other without any clear explanation.
Plus, instead of prompting you to save a username and password via a post-sign-in pop-up, as LastPass does, 1Password's desktop extensions make you click a little icon within a username or password field and then select to save from there. That means if you type in your credentials incorrectly, they'll be saved anyway — and on top of that, in my experience with Chrome, the app didn't even save the username and password together; it saved only one or the other and left the other field blank.
Like I said, it's all quite clunky — but if data storage options are critical for you, it's still your best bet.
Wait — what about all the other Android password managers?
You may have noticed that some reasonably popular password managers didn't make the cut. In each case, there's a reason.
Dashlane, for instance, works really well within apps on Android. But for websites pulled up in the browser — which typically represent a fair amount of a typical user's sign-ins — it's clunky and inconsistent to the point where it's basically just unusable. In my tests, Dashlane frequently didn't show up at all when I was trying to sign into sites in Chrome. And when it did appear, it did so via an awkward floating bubble that'd remain present even after the sign-in page and the site itself had been closed.
Particularly considering that the app is priced higher than any of the products mentioned above, that just doesn't seem acceptable. That being said, it does appear that Dashlane is using autofill enhancements in Android P to improve its mobile browser experience, so we'll see if the situation changes later this year.
Enpass, meanwhile, is relatively unusual in that it offers a fully featured, multi-device setup with an array of third-party storage options and without the need for an ongoing subscription. Instead, you just pay a one-time fee of $10 for a lifetime cross-platform license.
The problem is that the Enpass experience is anything but elegant. To wit: Instead of letting you select credentials alongside an app's login field, Enpass always forces you to flip back to its full app interface in order to select and confirm the username you want to use. With websites, Enpass doesn't give you any active prompts; instead, it's up to you to open up your phone's notification panel and then manually activate a persistent notification whenever you want to fill something in.
I could write a novel about Enpass's usability issues — and that's to say nothing of the fact that the service has no option for dealing with a lost master password other than to give up on your data and start over (!) — but you get the point. The app just doesn't seem particularly well-suited to professionals, and most folks on a budget would be better off going with LastPass's free option.
Then there's KeePass (and for the love of all things holy, make sure you capitalize that "P"). KeePass is a free, open-source password manager that relies on local software and — if you so choose — your own method of cross-device data synchronization (be it your personal server space, a cloud storage service like Dropbox, or portable physical storage like a USB drive).
KeePass can be great for the technically inclined who don't mind taking on a project, but it's quite complicated and consequently not something that's easy to recommend to the masses — or to anyone working in a corporate environment. It also doesn't have any sort of official Android app, so you're left to choose from a variety of independently created clients with varying degrees of poise and polish.
Beyond that, there's a long list of also-rans — adequate but unexceptional apps that fail to stand out from the pack or to match the aforementioned titles in areas like feature availability, user experience, cross-platform support, and established trustworthiness.
That's why the two apps above earned recommendations in their respective categories — and rest assured: These recommendations will be revisited and revised regularly.