Password Managers for OS X
I’ve switched to a Mac and it took quite some time for me to find an ideal password management tool. Of course OS X has an excellent KeyChain Access for password and other confidential information management. Also there are some third party softwares, but most of them are good for personal usage only (by single user). Previously at work we’re using Anypassword in windows for password management. What I needed was a similar tool that stores passwords in an encrypted file (database), so that multiple admins can view/edit it from different platforms (at least from Mac and Windows). In search of this perfect program I’ve tried many password managers available for OS X. So, here they are; some good for single user and some good for system admins, among them I found one perfectly fit for me.
KeyChain
KeyChain is built-in to OS X, which allows you to securely store and manage user ids/ passwords, certificates, keys and other secure notes like bank accounts and pins. It is secured by a master key and you don’t need to remember password for every site. It’s an excellent program for personal use. You can setup to lock your KeyChain after certain time of inactivity or when the system goes to sleep. It is very secure and doesn’t allow other users in the system to access your Keychain or its data.
1passwd
1Passwd uses KeyChain to store the secure information and adds convenience to the password management by adding features like Form Filling, AutoFill, and Strong Password Generation functionality all built directly into the popular browsers (Safari, Firefox, Flock, and Camino). This means you don’t need to switch applications to fill your password. Very convenient indeed. It costs USD 29.95 for a single license.
Pastor
Pastor is an easy to use tool to store all your secrets in RC4-encrypted and password-protected file. This makes it possible for multiple users to use the same password file from different Macs (only Macs). It also has a built-in password generator. The software is Donationware, so if you find it useful you can donate any amount you like.
PC-Mac password vault
PC-Mac PasswordVault is a very simple and secure cross platform password manager. The main advantage of this program is that it’s available across all major platforms i.e Windows, Mac and Linux. I tested it in OS X and Windows XP, it works fine in both OS. But to use it across different platforms you need export the password file to .pve extension, then only it can be opened from any platform with the software. PC-Mac password vault lite edition is free, which is limited to 15 services or entries. This makes it good only for testing the feature, so if you plan to use it you should buy the standard edition which costs USD 14.95.
Passwords Plus
Password Plus goes one step further in bringing the convenience of storing your confidential information. It supports handheld or smartphone in addition to Windows PC and Macintosh. This allows you to carry your confidential information to wherever you go. I tried Password Plus with Mac OS X, Windows XP and synchronized with my Treo600 without any problem. Excellent, now that’s ture mobility. You can download the fully functional 30 day trial version and if you like it you can buy single license for USD 29.99.
SplashID for Mac OS X
Like Password Plus, SplashID also supports handheld or smartphone. There’re several versions available for download — Desktop standalone for OS X and Windows if you don’t want to sync the data with your handheld. Or full installer for OS X, which includes the Desktop Software and palm software. I tested it with OSX and Windows XP. It work well on both Macs and PCs and syncs flawlessly with my Treo600. You can test the fully functional evaluation version with limitation to create 25 records. The standard palm os version with Desktop software costs USD 29.95.
Web Confidential
Web Confidential uses cardfile metaphor, which makes it very easy to use. There are many options available for power users. It has an useful auto backup feature that makes a backup copy of the file every time it is saved. The software is available for Mac OS X, Windows and Palm. I found OS X version very sleek and robust but the Windows version crashes time to time for unknown reasons. And if you want to open a password file saved from Mac version in a Windows PC, you need to change the file extension to .wce, which I think is very inconvenient. You need to download a separate program for palm, which I didn’t test after a bad experience with Windows version. Web Confidential for Macintosh costs you 25 Euros.
Wallet
Wallet has a very polished user interface and gives a true Mac feeling. It comes with some handy features such as Auto Fill, which allows you to automatically fill in the userid/password information to the web sites. With it’s iPod Sync option you can drag and drop the entries to your iPod, and it has another useful feature that logs activity in your database, so you can check if anyone is messing around with your data. This costs your wallet USD 14.95.
KeePassX
KeePassX is the OS X port of the Windows password manager, KeePass. This is exactly what I was looking for. KeePassX uses a database format that is compatible with KeePass Password Safe. This means my colleagues can use windows and I can use Mac or Linux to open and edit the same password database file. I found some minor issues e.g. cannot open the URL after right clicking in the password entry, and noticed that there are less features in the The OS X port compared to Windows version but all the major features are there and work well. The OS X port is relatively new and current version is 0.22. I’ve no doubt that the OS X port will be improved. Some major reasons for my preference to this program are because it’s an Open Source, cross-platform and free. Now, this makes my switch to Mac complete :).
Conclusion
So, you might ask which password manager is best for me? If you’re a normal user who just need to take care of your own passwords, pins and credit cards, the KeyChain built-in to your OS X is an excellent password manager. Utilize it fully. I think you don’t need anything else. But if you are a mobile user and need to carry your confidential information with you wherever you go, you can sync your information to handheld or smartphone using Password Plus or Splash ID. If you are a system/network admin like me and need to keep track of many passwords and also need to share it with your colleagues, KeePassX is for you.
If you know any good password managers for OS X that I missed, please leave a comment.
Update: I’m receiving a lot of traffic from TUAW and thanks to all the people who’ve pointed out the password managers I’ve missed. Following are the readers recommended tools.
Use a plain-text file in an encrypted disk image for password-keeeper – by Michael Bach
Steel, which is very close to Wallet just not as pretty, but cheap – by Chris
Yojimbo, is kinda expensive (US$39). Well worth it for the simplicity of its various shortcut keys and functions though. – by Yinj
info.xhead, it looks very much like Wallet and as almost identical features for 0.05$ more… – by Zeb
Password Gorilla, an open source very secure password tool, available for Windows, Mac and Linux. It’s small, doesn’t require installation and is totally free. – by Rolf
Secret Book and Little Secret – by Thomas
Do any of these force a password change after x amount of days?
I didn’t see the feature forcing password change after x amount of days in any of these programs.
I use a plain-text file in an ecrypted disk image for my password-keeeper. It’s easy to do, as well (OS X only)
1. Create a folder, called Encrypted or something, and in this folder, put a text file with the passwords you want to store. I just used the plaintext export of my old password program. For each line, just put the website username and password, seperated by spaces or tabs or whatever. basically, you want all the information you’d need to know where each password goes.
2. Use the procedure from here to make a disk image out of the Encrypted folder.
3. With the new disk image mounted, Control+Click your password file and select Create Alias. Drag this alias to the desktop and eject the disk.
4. When you double click the alias, it brings up the authentication box for the disk image. type in your password, the disk is mounted and your passwords open.
With this method, you get quick searching, thanks to whatever text editor you choose to use, and it’s all plain text, so its universally portable. But you’re hosed if you forget the password to the disk image.
Thanks for the including 1Passwd in your review! I had a lot of fun writing 1Passwd and have been very happy with the feedback from the Mac community.
Since you were specifically looking for a password manager that you could share with your colleagues, I’m not surprised you didn’t pick 1Passwd to be your first choice as 1Passwd is clearly designed with the single user in mind. While not at work, however, I wonder which program you would have chosen? I’m sure you don’t want to keep your banking & credit card information in the same keepass file you share with others 🙂
As for AnyPassword, I too used to use AnyPassword in a work environment to share passwords, but I found the constant copy-n-pasting of passwords inconvenient. To fill this need for sharing passwords, I would like to extend 1Passwd to support the ability to share keychains. Of course, if everyone is using a Mac, they can simply share the 1Passwd keychain. However, if you have a mixed environment of Mac, Windows, and Linux, this is not possible. I was thinking of adding a keepass import/export feature to 1Passwd so you could easily share your passwords across platforms. Any thoughts/ideas?
Re: Bryan’s question:
1Passwd doesn’t offer this feature yet, but several users have asked for it so we have added it to our todo list. We will add it in an upcoming release.
Please note that we are a very active development team, so please let us know if you have any suggestions or ideas to improve 1Passwd further.
Cheers!
–Dave Teare
Co-Author of 1Passwd
You missed steel, which is very close to Wallet just not as pretty, but cheaper.
Check it out,
Chris Hoage
I switched from Pastor to Yojimbo by BareBones. It’s an information store program that can also store passwords and serial numbers, but is kinda expensive (US$39). Well worth it for the simplicity of its various shortcut keys and functions though.
You missed the one i currently use : info.xhead, it looks very much like Wallet and as almost identical features for 0.05$ more…
Very similar to Wallet, although the GUI is not quite as polished, I am very happy with info.xhead even if the name doesn’t seem that Mac-like!
Well, d’oh me for taking so long to post that someone nipped in before me and now I’m just echoing people. 🙂
Try out password gorilla, an open source very secure password tool, available for Windows, Mac and Linux. It’s small, doesn’t require installation and is totally free.
http://www.fpx.de/fp/Software/Gorilla/
info.xhead is an application that springs to mind. It has a very AddressBook type of look but is very flexible in that you can define your own fields for entry. I also can back up to .Mac.
Ummmm. Wallet looks very similar.
Hi Dave,
thanks for stopping. Sorry that your comment was caught-up by Akismet. I’ve just released it.
First of all let me congratulate you and your team for writing such an excellent tool – 1passwd.
Keepass import/export would be a great feature to have but ultimately I think if you can develop a cross-platform tool (Mac, Windows, Linux and PDA/smartphone), this could make 1passwd a must-have for all.
i have to chime in for SplashID… since i take my PalmOS PDA everywhere with me, it’s absolutely indispensable to have my password list with me, synced up with my Mac.
I use Secret Book[1] and Little Secret.[2]
[1] http://www.i-graph.com/?q=node/1
[2] http://www.mani.de/en/software/macosx/littlesecrets/index.html
Thanks for the review – I switched to a Mac a few months ago, and I’ve been putting off choosing a wallet program. I used eWallet on Windows and my Treo 650, and I loved it, and was heartbroken to learn that they didn’t make a Mac version. Unfortunately, many of these programs are extremely out of date. Passwords Plus is not a Universal binary, and SplashID requires Classic!! So I can’t even run SplashID on my MBP, and I’m a little frustrated that Passwords Plus will be using Rosetta all the time. Oh well, hopefully Mark/Space or somebody like that will step up with something nice.
I’m running SplashID perfectly fine on Mac OS X without Classic, albeit on a PowerPC system. I use it to sync with a Treo 650, using Mark/Space’s Missing Sync (replacement for Palm HotSync). In fact, I just upgraded to a newer edition not too long ago, but both it and my previous version run on Mac OS X natively.
One odd bit about their installer is that it has an icon that greatly resembles a low-res Classic icon for Installer VISE–rather than the current Installer VISE icon. And it doesn’t use the Apple Installer that’s part of Mac OS X.
SplashID Desktop definitely doesn’t require Classic; I’ve run it natively on OS X (PPC systems, like Histrionic) for almost five years. But it still looks/feels like a Classic app. I doubt that’ll ever change since SplashData has shown no interest in providing anything more than minor maintenance updates for several years. I stopped submitting requests when its future development potential looked grim.
To its credit, SplashID and synching has always worked flawlessly for me with a +500 entry (and growing) database. Such highly consistent reliability for an app in this category makes it easier to forgive the UI shortcomings. And I still rely on the Palm synching, which eliminates every alternative with a nicer *looking* OS X UI although every one I’ve tested (for curiosity’s sake) has had some feature and/or usability limitation that I’m able to work around in SplashID. I’m satisfied using Keychain Access for OS X-only secure data.
CiphSafe is another good one for personal use.
http://ciphsafe.sourceforge.net/