Twitter and Facebook have both been hitting me with the same Dashlane password manager ad for weeks now. So I started thinking, is this really any better than the way that I have been handling my passwords for the past few years? So, I decided to think about it logically and make my decision from my findings.

First, I will cover how I have been handling my passwords for the past few years. I use an app called Keepass; the many ports support OS X, Linux, Windows, Android, iOS, and Windows Phone, Blackberry, PocketPC, PalmOS, and phones that support Java 2 mobile.  This database is encrypted by 128-bit block encryption and 256-bit key encryption. Then, I save my database in cloud storage using SpiderOak, under their ‘Zero Knowledge’ Privacy policy, which means it is encrypted AGAIN so the server has no knowledge of what is being stored. So, in essence, my passwords, even though they are shared between multiple devices, have been thrice-encrypted and require two passwords to retrieve.

Dashlane claims maximum security, utilizing Advanced Encryption Standard 256-bit encryption with “10,000+ rounds of PBKDF2 salt“. Definitely nothing to sneeze at, to be sure. It does support Windows and OS X, no mention of Linux, and boasts browser-integration, where I have to copy and paste my information (although C&P values are removed from your clipboard after one use). I am still unconvinced which is more secure, C&P or a constant open connection to your browser. So I will not be listing that as a pro or con for either.

I am trying to keep this summary as impartial as I possibly can, so let’s list out the pros and cons of each here:

Dashlane


  • 256-bit encryption
  • Salted
  • OS X, Windows, & respective mobile versions
  • Free and Premium (yearly) plans
  • Limited sharing on free plan
  • Free plans
    • do not have web access to passwords
    • cannot sync across devices
Keepass


  • 256-bit encryption
  • Block and key encrypted
  • 24 versions installable on everything except toasters
  • J2E-based for maximum portability
  • Free (FLOSS and no-charge)
  • Unlimited sharing if shared via cloud storage
    • Access to passwords anywhere
    • Sync across all devices

I rarely mentioned the cloud storage, as it seemed appropriate mainly to the syncing and web access aspects. As far as I am concerned, cloud storage aside, my way of doing things is just as secure. Not to mention more widely accessible and cheaper.

Tags: , , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *