h1

Looking for a new password manager: Part 1: The search and initial testing

April 27, 2022

After some 15 years, the password manager I’ve been using every day (Passwords Plus [PP] from DataViz) is finally closing up shop (https://dataviz.com/passwords-plus-discontinued). They sent out an email last last week to say that support (which I’ve never used) will cease at the end of June, and the cloud storage will cease/be deleted at the end of December 2022. They decided NOT to go for a subscription model. It’s such a shame as this is software I use every day, it auto syncs with my Android tablet and phone, and I’d be happy to pay a subscription for it. DataViz has recommended another password manager (mSecure) and offered a special discount for it for the first year, but before I jump into signing up for that, I needed to do some research.

This will be a long series of posts as I’ll document what I did, what I’m looking for, etc. and what the showstoppers are for me (i.e. the things that I can’t accept and that will eliminate that software for me; Note: ‘Showstopper’ is a common term in the software industry and refers to a bug that prevents the system from working, or a piece of functionality that doesn’t work as it should and prevents the user from going further, either because the function is broken or because it is deemed essential *for that user*).

My first step was to find out a little more about the offer to switch to mSecure recommend by DataViz. DataViz says that mSecure can import all my PP data, which I’ve found out is a BIG deal for me—I have some 500 records in PP, though many aren’t passwords. Some of the non-password info I store in PP includes product information (manufacture, model and serial #, date and place purchased, warranty info, other notes about the purchase or sign-up details for registering the product, manufacturer’s URL, support email/phone etc.), software info (similar to the above, but with fields related to software such as version number, registration key etc.), identity info (e.g. passports, drivers licences, Medicare cards for me, my spouse, my parents), banking info for various accounts, computer and network info (IP addresses, MAC addresses, etc.), extensive notes for various things like Microsoft Partner Network (which changes URLs and passwords all the time), and so on. I use PP for much more than just managing logins on the web, so whatever password manager I choose HAS to have the facility to store (and preferably import) my existing data.

One of the things PP does really well is provide a big range of templates for filling in basic info related to that template, AND the ability to create your own templates. And once you’re in a record, you can add, delete or modify fields and field names too, and set field types (e.g. password, date field etc.). I didn’t realise how much this was important to me until I started looking at other password managers—many do not have this ability and I’ve realised that’s become a showstopper for me.

PP can also export your data into an unencrypted CSV file. This will become important later, but for now, know that I’m not at all keen to copy/paste all 500 or so records from one password manager to another (each record can have up to about 10 fields and extensive notes, so that could well be some 5000+ bits of information to copy/paste). So a password manager that can import my PP data, with minimal cleanup (yes, I expect some cleanup, but it must take less time than copy/pasting!), will gain extra points.

I posted on Facebook that I was looking for a new password manager and my techy friends came good with some suggestions of programs they use, which narrowed down my options. The main ones they mentioned were (in no particular order): Dashlane, 1Password, LastPass, and BitWarden. I’ve spent the last two days reading review articles on each, watching YouTube videos, checking product pages, lists of features, forums, comparisons etc. All seem to do the basics of managing website logins and personal data, but the lack of detail about creating custom categories/templates, custom fields, importing data from other systems (particularly PP) was telling. And none seemed to offer templates/categories for things like product information. The sample CSV import templates were minimal at best, just including URLs, usernames, email addresses and passwords. I have MUCH more data than that I’d want to import. Interestingly, the password managers recommended by my friends all appeared in the top 5 or 10 lists of password managers.

A note on prices: Price was NOT one of my main criteria. Most password managers cost less than US$60 per year, with many costing less than US$40 per year. I also didn’t need a ‘family’ plan, so my cost would be for a single user with multiple devices. It’s a product I use every day, so a price point below $100 is fine by me.

mSecure

I’m going to test mSecure last. Why? Because it barely cracks a mention on the internet, and is not listed in the top 5, top 10 or even top 20 lists of password managers compiled by various reputable computer and other geeky websites. I’ll also leave it until last as it’s the one that offers the closest match to PP and I want to test others that are in the ‘top’ lists first to see if one of those will suit me. And the most recent videos about mSecure on YouTube are 8-10 years old—this doesn’t augur well…

1Password

I started with this one as it had a couple of features that looked promising, specifically its travel vaults for use when travelling overseas and it has a Windows app that’s separate from (but synchs with) the website interface and your devices (a Windows app is my preference). To date, I’ve only tested the Windows app and the website interface via the 1Password website (https://my.1password.com). I have not installed the Chrome extension, nor have I tested it on my Android devices as yet. My first tests were to see how easy the interface was to use, whether I could import my PP data, what sort of template/categories it used, whether I could customise fields/field labels to suit my data etc. While it seems easy to use and the synching works seamlessly, I encountered some issues with it that may be showstoppers for me. Specifically:

  • The free 14-day trial isn’t exactly ‘free’. You have to enter your details, including a credit card, before you can download the software/start your trail. They say you won’t be billed in the 14 days and that you can cancel (not yet tested).
  • The Windows app uses the mm/dd/yyyy format for any date field and there’s no option to change it. It displays as MMM dd, YYYY in the 1Password website, so this isn’t a complete showstopper for me, but it is an annoyance as I have to remember to convert my dd/mm/yyyy dates to mm/dd/yyyy.
  • I can’t add custom categories at all, nor change a category for a record once it’s been filled in. The templates/categories they have is all you get. You can work around this by setting up a Secure Notes record with as many fields as you like and you can change the names of the fields from say ‘text’ to ‘Model #’ to suit how you want to display your data. But it’s cumbersome and incredibly time consuming. I did find a forum hint that suggested you set up a Secure Note record as a template (e.g. Product Information Template) with the fields and field labels required and with dummy data (such as xxxx for each field), then save that. When you need to add a new product, duplicate that record and populate it with the new information. That’s a reasonable workaround, but could be avoided if you could set up your own categories/templates with your own fields, as has been able to be done in in PP for the past 15 years. Below is the list of available categories in 1Password—for many people, things like API, crypto wallet, outdoor license, server are just not relevant, but you can’t add more or delete those you’ll never use. And the wording? You can’t change that either—so things like Social Security Number just don’t match for other countries, though you can add/modify/delete the fields. I foolishly added a record for a piece of hardware (a network hub’s details) under ‘Wireless Router’ as it seemed the closest, but it’s now stored forever under the Wireless Router category and I can’t change that without deleting the entire record and creating it anew under secure Notes, which seems to be the only really customisable area, but which has an unintuitive name. Not a showstopper for me, but a major inconvenience.

  • Once you add fields to a record, you can’t rearrange the order of them to display more like you’d want. For example, if you add a new text field for Serial #, then another for Model #, you can’t later go back and move Model # to display before Serial # in the record—you have to delete both entries and start again. Actually, if you’ve added say 6 fields and you want to change the order of the top 2, you have to start again from scratch because any additions you make get added to the bottom of the list. This certainly isn’t very usable. not a showstopper, but a major inconvenience.
  • Changing master password: I was able to change my master password in the app. But when I went to see if that had synched with the website interface, the system was down for maintenance. I tested later once it was up and had to enter my old password in the website interface even though the new password was in the app. At some point, the website interface changed to match the app, then I couldn’t get into the app with the new password and had to use the old one. I’m still not sure if they are synched. NOTE: I eventually had to change my master password via the website interface under my profile, not my login settings. The app logged me out straight away and got me to use my new master password. So it worked but it certainly wasn’t intuitive.
  • Exporting data: One thing I found out is that you can ONLY export basic website login details to a CSV file. NONE of your notes or other fields will get exported. I believe the export to their own proprietary format does keep everything, but that’s not of much use if you need to change to another password manager, though it may be useful if you want to keep a local backup of you data. This is a showstopper for me.
  • Importing is limited to a very basic CSV containing logins and that’s about it. I did find a forum where someone has gone to a lot of trouble to make a converter for PP data (and data from other password managers) for importing into 1Password (https://1password.community/discussion/30286/mrcs-convert-to-1password-utility-mrc-converter-suite). The instructions in the Readme file are pretty geeky as you have to download some particular Perl software, install it, then do some command line stuff as an admin to do the conversion. But after about 20 mins I had a 1Password-formatted file of some 500 records to import. And then I found there was NO import function in the Windows app, and the only import type on the website interface was for a basic CSV file. A bit more searching and I found that the current Windows app (v8) DOES NOT allow the import of *.1pif files! Only v7 of the app allows that (see https://1password.community/discussion/125389/how-do-i-import-a-1pif-backup-into-1password-8). This is a showstopper for me.

I’ve now given up on testing 1Password any further and will test LastPass and Dashlane next, followed by mSecure. The results of that testing will be in other parts of this series of posts. I won’t cancel 1Password just yet—I’ll see how the others suit my needs first.

Update 4 May 2022: I’ve now deleted my 1Password account. Why? Well, it came second after LastPass for me (still to test mSecure) AND because it has a key combination that opens the app on Windows every time I use that set of keys. And what key combination is that? Ctrl+Shift+space, which is a STANDARD key combination to add a non-breaking space in Word for Windows that I use EVERY day and often many times in a day in my editing work. To have the app open instead of adding a non-breaking space was just horrible.

8 comments

  1. Consider also ROBOFORM EVERYWHERE by Siber Systems. I’ve been very happy with it for many years synched between Windows, Android, & iOS systems.


  2. […] The official blog of CyberText Consulting – technical communication specialists « Looking for a new password manager: Part 1: The search and initial testing […]


  3. […] In Part 1 of this series of posts, I told you what I was looking for in a password manager, and documented some of the failings of the first one I tested—1Password. I haven’t ruled out 1Password yet as it does have a Windows app, and that’s what I’m used to. I’m a bit wary of web-based apps only. In Part 2 I tested LastPass, and despite it being web-based only, I haven’t ruled it out entirely yet either as it has some compelling customisation features. […]


  4. Try https://keepass.info/
    I use it in a simple fashion, using it as a database which can easily be updated, hierarchical categories modified and so on, but I have not explored the Android version, auto use on the web, although I have read some good reports and some technical stuff I did not have time for. Take a look, if interested.
    Stephen


  5. […] left testing mSecure until last, as I explained in Part 1. Because I have quite specific requirements, most of the main password managers I tested just […]


  6. Thanks for doing the legwork for us. You have saved all of us a ton of time.


  7. We already were using Lifelock/Norton on our laptop and two phones, so I tried their password manager, at no incremental cost to our existing subscription. I went into Dataviz PWPlus and for all the critical info (not necessarily passwords), I added them to a new category “Norton Transfer”, which narrowed my manual transfer list from 500+ to about 250+. Since Norton can’t take a CSV file from PWPlus, and further doesn’t allow “notes” (non-PW info in a password file), I saved all my passwords in Norton “Notes” files. This means that I can’t use the browser autofill extension, but I don’t want that feature anyway (the last thing I want is for Google to be playing with my encrypted passwords). Actually, the download of the Norton passwords went awry, and that extension didn’t install correctly anyway. The sign-in procedure needed is a little unusual, also.


  8. Keepass Password Safe V 2.51.1 964-bit)
    https://keepass.info/
    This can import using Passwords Plus CSV.

    Hope this helps,
    Stephen



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: