Twit­ter and Face­book have both been hit­ting me with the same Dash­lane pass­word man­ag­er ad for weeks now. So I start­ed think­ing, is this real­ly any bet­ter than the way that I have been han­dling my pass­words for the past few years? So, I decid­ed to think about it log­i­cal­ly and make my deci­sion from my find­ings.

First, I will cov­er how I have been han­dling my pass­words for the past few years. I use an app called Keep­ass; the many ports sup­port OS X, Lin­ux, Win­dows, Android, iOS, and Win­dows Phone, Black­ber­ry, Pock­et­PC, Pal­mOS, and phones that sup­port Java 2 mobile.  This data­base is encrypt­ed by 128-bit block encryp­tion and 256-bit key encryp­tion. Then, I save my data­base in cloud stor­age using Spi­derOak, under their ‘Zero Knowl­edge’ Pri­va­cy pol­i­cy, which means it is encrypt­ed AGAIN so the serv­er has no knowl­edge of what is being stored. So, in essence, my pass­words, even though they are shared between mul­ti­ple devices, have been thrice-encrypt­ed and require two pass­words to retrieve.

Dash­lane claims max­i­mum secu­ri­ty, uti­liz­ing Advanced Encryp­tion Stan­dard 256-bit encryp­tion with “10,000+ rounds of PBKDF2 salt”. Def­i­nite­ly noth­ing to sneeze at, to be sure. It does sup­port Win­dows and OS X, no men­tion of Lin­ux, and boasts brows­er-inte­gra­tion, where I have to copy and paste my infor­ma­tion (although C&P val­ues are removed from your clip­board after one use). I am still uncon­vinced which is more secure, C&P or a con­stant open con­nec­tion to your brows­er. So I will not be list­ing that as a pro or con for either.

I am try­ing to keep this sum­ma­ry as impar­tial as I pos­si­bly can, so let’s list out the pros and cons of each here:

Dash­lane
  • 256-bit encryp­tion
  • Salt­ed
  • OS X, Win­dows, & respec­tive mobile ver­sions
  • Free and Pre­mi­um (year­ly) plans
  • Lim­it­ed shar­ing on free plan
  • Free plans
    • do not have web access to pass­words
    • can­not sync across devices
Keep­ass
  • 256-bit encryp­tion
  • Block and key encrypt­ed
  • 24 ver­sions instal­lable on every­thing except toast­ers
  • J2E-based for max­i­mum porta­bil­i­ty
  • Free (FLOSS and no-charge)
  • Unlim­it­ed shar­ing if shared via cloud stor­age
    • Access to pass­words any­where
    • Sync across all devices

I rarely men­tioned the cloud stor­age, as it seemed appro­pri­ate main­ly to the sync­ing and web access aspects. As far as I am con­cerned, cloud stor­age aside, my way of doing things is just as secure. Not to men­tion more wide­ly acces­si­ble and cheap­er.

Tags: , , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *