Password Managers for OS X

I’ve switched to a Mac and it took quite some time for me to find an ideal password management tool. Of course OS X has an excellent KeyChain Access for password and other confidential information management. Also there are some third party softwares, but most of them are good for personal usage only (by single user). Previously at work we’re using Anypassword in windows for password management. What I needed was a similar tool that stores passwords in an encrypted file (database), so that multiple admins can view/edit it from different platforms (at least from Mac and Windows). In search of this perfect program I’ve tried many password managers available for OS X. So, here they are; some good for single user and some good for system admins, among them I found one perfectly fit for me.

KeyChain
KeyChain is built-in to OS X, which allows you to securely store and manage user ids/ passwords, certificates, keys and other secure notes like bank accounts and pins. It is secured by a master key and you don’t need to remember password for every site. It’s an excellent program for personal use. You can setup to lock your KeyChain after certain time of inactivity or when the system goes to sleep. It is very secure and doesn’t allow other users in the system to access your Keychain or its data.

1passwd
1Passwd uses KeyChain to store the secure information and adds convenience to the password management by adding features like Form Filling, AutoFill, and Strong Password Generation functionality all built directly into the popular browsers (Safari, Firefox, Flock, and Camino). This means you don’t need to switch applications to fill your password. Very convenient indeed. It costs USD 29.95 for a single license.

Pastor
Pastor is an easy to use tool to store all your secrets in RC4-encrypted and password-protected file. This makes it possible for multiple users to use the same password file from different Macs (only Macs). It also has a built-in password generator. The software is Donationware, so if you find it useful you can donate any amount you like.

PC-Mac password vault
PC-Mac PasswordVault is a very simple and secure cross platform password manager. The main advantage of this program is that it’s available across all major platforms i.e Windows, Mac and Linux. I tested it in OS X and Windows XP, it works fine in both OS. But to use it across different platforms you need export the password file to .pve extension, then only it can be opened from any platform with the software. PC-Mac password vault lite edition is free, which is limited to 15 services or entries. This makes it good only for testing the feature, so if you plan to use it you should buy the standard edition which costs USD 14.95.

Passwords Plus
Password Plus goes one step further in bringing the convenience of storing your confidential information. It supports handheld or smartphone in addition to Windows PC and Macintosh. This allows you to carry your confidential information to wherever you go. I tried Password Plus with Mac OS X, Windows XP and synchronized with my Treo600 without any problem. Excellent, now that’s ture mobility. You can download the fully functional 30 day trial version and if you like it you can buy single license for USD 29.99.

SplashID for Mac OS X
Like Password Plus, SplashID also supports handheld or smartphone. There’re several versions available for download — Desktop standalone for OS X and Windows if you don’t want to sync the data with your handheld. Or full installer for OS X, which includes the Desktop Software and palm software. I tested it with OSX and Windows XP. It work well on both Macs and PCs and syncs flawlessly with my Treo600. You can test the fully functional evaluation version with limitation to create 25 records. The standard palm os version with Desktop software costs USD 29.95.

Web Confidential
Web Confidential uses cardfile metaphor, which makes it very easy to use. There are many options available for power users. It has an useful auto backup feature that makes a backup copy of the file every time it is saved. The software is available for Mac OS X, Windows and Palm. I found OS X version very sleek and robust but the Windows version crashes time to time for unknown reasons. And if you want to open a password file saved from Mac version in a Windows PC, you need to change the file extension to .wce, which I think is very inconvenient. You need to download a separate program for palm, which I didn’t test after a bad experience with Windows version. Web Confidential for Macintosh costs you 25 Euros.

Wallet
Wallet has a very polished user interface and gives a true Mac feeling. It comes with some handy features such as Auto Fill, which allows you to automatically fill in the userid/password information to the web sites. With it’s iPod Sync option you can drag and drop the entries to your iPod, and it has another useful feature that logs activity in your database, so you can check if anyone is messing around with your data. This costs your wallet USD 14.95.

KeePassX
KeePassX is the OS X port of the Windows password manager, KeePass. This is exactly what I was looking for. KeePassX uses a database format that is compatible with KeePass Password Safe. This means my colleagues can use windows and I can use Mac or Linux to open and edit the same password database file. I found some minor issues e.g. cannot open the URL after right clicking in the password entry, and noticed that there are less features in the The OS X port compared to Windows version but all the major features are there and work well. The OS X port is relatively new and current version is 0.22. I’ve no doubt that the OS X port will be improved. Some major reasons for my preference to this program are because it’s an Open Source, cross-platform and free. Now, this makes my switch to Mac complete :).

Conclusion
So, you might ask which password manager is best for me? If you’re a normal user who just need to take care of your own passwords, pins and credit cards, the KeyChain built-in to your OS X is an excellent password manager. Utilize it fully. I think you don’t need anything else. But if you are a mobile user and need to carry your confidential information with you wherever you go, you can sync your information to handheld or smartphone using Password Plus or Splash ID. If you are a system/network admin like me and need to keep track of many passwords and also need to share it with your colleagues, KeePassX is for you.

If you know any good password managers for OS X that I missed, please leave a comment.

Update: I’m receiving a lot of traffic from TUAW and thanks to all the people who’ve pointed out the password managers I’ve missed. Following are the readers recommended tools.

Use a plain-text file in an encrypted disk image for password-keeeper – by Michael Bach

Steel, which is very close to Wallet just not as pretty, but cheap – by Chris

Yojimbo, is kinda expensive (US$39). Well worth it for the simplicity of its various shortcut keys and functions though. – by Yinj

info.xhead, it looks very much like Wallet and as almost identical features for 0.05$ more… – by Zeb

Password Gorilla, an open source very secure password tool, available for Windows, Mac and Linux. It’s small, doesn’t require installation and is totally free. – by Rolf

Secret Book and Little Secret – by Thomas

CiphSafe, is another good one for personal use. – by Pdog

18 comments on “Password Managers for OS X
  1. bryan says:

    Do any of these force a password change after x amount of days?

  2. I didn’t see the feature forcing password change after x amount of days in any of these programs.

  3. Michael Bach says:

    I use a plain-text file in an ecrypted disk image for my password-keeeper. It’s easy to do, as well (OS X only)

    1. Create a folder, called Encrypted or something, and in this folder, put a text file with the passwords you want to store. I just used the plaintext export of my old password program. For each line, just put the website username and password, seperated by spaces or tabs or whatever. basically, you want all the information you’d need to know where each password goes.

    2. Use the procedure from here to make a disk image out of the Encrypted folder.

    3. With the new disk image mounted, Control+Click your password file and select Create Alias. Drag this alias to the desktop and eject the disk.

    4. When you double click the alias, it brings up the authentication box for the disk image. type in your password, the disk is mounted and your passwords open.

    With this method, you get quick searching, thanks to whatever text editor you choose to use, and it’s all plain text, so its universally portable. But you’re hosed if you forget the password to the disk image.

  4. David Teare says:

    Thanks for the including 1Passwd in your review! I had a lot of fun writing 1Passwd and have been very happy with the feedback from the Mac community.

    Since you were specifically looking for a password manager that you could share with your colleagues, I’m not surprised you didn’t pick 1Passwd to be your first choice as 1Passwd is clearly designed with the single user in mind. While not at work, however, I wonder which program you would have chosen? I’m sure you don’t want to keep your banking & credit card information in the same keepass file you share with others 🙂

    As for AnyPassword, I too used to use AnyPassword in a work environment to share passwords, but I found the constant copy-n-pasting of passwords inconvenient. To fill this need for sharing passwords, I would like to extend 1Passwd to support the ability to share keychains. Of course, if everyone is using a Mac, they can simply share the 1Passwd keychain. However, if you have a mixed environment of Mac, Windows, and Linux, this is not possible. I was thinking of adding a keepass import/export feature to 1Passwd so you could easily share your passwords across platforms. Any thoughts/ideas?

    Re: Bryan’s question:

    Do any of these force a password change after x amount of days?

    1Passwd doesn’t offer this feature yet, but several users have asked for it so we have added it to our todo list. We will add it in an upcoming release.

    Please note that we are a very active development team, so please let us know if you have any suggestions or ideas to improve 1Passwd further.

    Cheers!
    –Dave Teare
    Co-Author of 1Passwd

  5. Chris says:

    You missed steel, which is very close to Wallet just not as pretty, but cheaper.

    Check it out,

    Chris Hoage

  6. Yinj says:

    I switched from Pastor to Yojimbo by BareBones. It’s an information store program that can also store passwords and serial numbers, but is kinda expensive (US$39). Well worth it for the simplicity of its various shortcut keys and functions though.

  7. Zeb says:

    You missed the one i currently use : info.xhead, it looks very much like Wallet and as almost identical features for 0.05$ more…

  8. Dan says:

    Very similar to Wallet, although the GUI is not quite as polished, I am very happy with info.xhead even if the name doesn’t seem that Mac-like!

  9. Dan says:

    Well, d’oh me for taking so long to post that someone nipped in before me and now I’m just echoing people. 🙂

  10. Rolf says:

    Try out password gorilla, an open source very secure password tool, available for Windows, Mac and Linux. It’s small, doesn’t require installation and is totally free.

    http://www.fpx.de/fp/Software/Gorilla/

  11. slithytove says:

    info.xhead is an application that springs to mind. It has a very AddressBook type of look but is very flexible in that you can define your own fields for entry. I also can back up to .Mac.

    Ummmm. Wallet looks very similar.

  12. Hi Dave,

    thanks for stopping. Sorry that your comment was caught-up by Akismet. I’ve just released it.

    First of all let me congratulate you and your team for writing such an excellent tool – 1passwd.

    Keepass import/export would be a great feature to have but ultimately I think if you can develop a cross-platform tool (Mac, Windows, Linux and PDA/smartphone), this could make 1passwd a must-have for all.

  13. David says:

    i have to chime in for SplashID… since i take my PalmOS PDA everywhere with me, it’s absolutely indispensable to have my password list with me, synced up with my Mac.

  14. Andy Fowler says:

    Thanks for the review – I switched to a Mac a few months ago, and I’ve been putting off choosing a wallet program. I used eWallet on Windows and my Treo 650, and I loved it, and was heartbroken to learn that they didn’t make a Mac version. Unfortunately, many of these programs are extremely out of date. Passwords Plus is not a Universal binary, and SplashID requires Classic!! So I can’t even run SplashID on my MBP, and I’m a little frustrated that Passwords Plus will be using Rosetta all the time. Oh well, hopefully Mark/Space or somebody like that will step up with something nice.

  15. Histrionic says:

    I’m running SplashID perfectly fine on Mac OS X without Classic, albeit on a PowerPC system. I use it to sync with a Treo 650, using Mark/Space’s Missing Sync (replacement for Palm HotSync). In fact, I just upgraded to a newer edition not too long ago, but both it and my previous version run on Mac OS X natively.

    One odd bit about their installer is that it has an icon that greatly resembles a low-res Classic icon for Installer VISE–rather than the current Installer VISE icon. And it doesn’t use the Apple Installer that’s part of Mac OS X.

  16. sjk says:

    SplashID Desktop definitely doesn’t require Classic; I’ve run it natively on OS X (PPC systems, like Histrionic) for almost five years. But it still looks/feels like a Classic app. I doubt that’ll ever change since SplashData has shown no interest in providing anything more than minor maintenance updates for several years. I stopped submitting requests when its future development potential looked grim.

    To its credit, SplashID and synching has always worked flawlessly for me with a +500 entry (and growing) database. Such highly consistent reliability for an app in this category makes it easier to forgive the UI shortcomings. And I still rely on the Palm synching, which eliminates every alternative with a nicer *looking* OS X UI although every one I’ve tested (for curiosity’s sake) has had some feature and/or usability limitation that I’m able to work around in SplashID. I’m satisfied using Keychain Access for OS X-only secure data.

  17. pdog says:

    CiphSafe is another good one for personal use.

    http://ciphsafe.sourceforge.net/

4 Pings/Trackbacks for "Password Managers for OS X"
  1. […] I originally spotted this at TUAW – it’s a great roundup of all the available password storage software for Mac OSX. […]

  2. […] KeePassXKeePassX is the OS X port of the Windows password manager, KeePass. It uses a database format that is compatible with KeePass Password Safe. This means my colleagues can use windows and I can use Mac or Linux to open and edit the same password database file. OS X has a built-in password manager called KeyChain, which is a perfect tool for a single user but for system and network admins it lacks some major feature like sharing the passwords with other administrators. You can check the password manager roundup for more. […]

  3. […] After switching to a mac, I tried many desktop password managers, and had written about Password Managers for OS X, which got a lot of attention. It’s needless to mention the importance of using a password manager since we use passwords to protect almost everything digital, and we’ve so many of them today. Currently we trust most of our private data like, emails, bookmarks, documents, spreadsheets and calendar events to some online providers like Google, Yahoo or Microsoft. So, how about your secrets and passwords stored online, somewhere in the cloud? I know what your immediate response is, passwords? No way I’m going to store my passwords online! But you might want to give a second thought because now the technology is secure enough. Thanks to Host-Proof Hosting. If the owners of the servers wanted to mess around with your information, or even if the server gets hacked, they won’t be able to recover your data. In Host-Proof Hosting the sensitive data is always transmitted to the server in encrypted from using a pass-phrase. The good thing is that, this pass-phrase is never transmitted to or stored in the server. The server can never access the stored data in it’s plain form. All the encryption and decryption takes place in the client side, inside the browser. This is basically a “Zero-Knowledge” web application, where the provider knows nothing about your actual data. * User enters pass-phrase to begin using the system. Browser retains the pass-phrase as a global variable. * User requests a list of all data belonging to him. * For each record, the system stores the associated user ID in plain-text, the record ID in plain form, and the record content only in encrypted form. (The message content is one or more database columns, each encrypted.) Thus, system is able to return a list of record IDs for this user. * User selects one of the record IDs. * System checks that this user ID is associated with the record ID, and returns the corresponding message content. * Browser uses stored pass-phrase to decrypt the contents. […]

  4. […] After seeing a post on Password Managers for OS X, I decided to share my technique. I’m not sure where I found this idea, but it isn’t something I could have thought of on my own. […]