- Simple, straightforward client
- Handling of multiple vaults
- Portability via a flash drive
- Local data encryption
- Vivid open source community
- Free of charge
- Very limited import options
- Only stores passwords
Long gone is the age of passwords being kept on sticky notes or in spreadsheets. Nowadays a password manager can handle virtually everything, even providing seamless importing from browsers, military-grade encryption and cross-platform syncing.
However, there is typically the same issue across any of these solutions: the free versions are often too limited and lack crucial features, while the premium subscriptions to unlock those extra functions require a long-term commitment and often come with unnecessary extras that you don’t need or want.
Password Safe, a Windows-exclusive program, is nothing like that. This password manager, created by leading security expert Bruce Schneier, is now an open source solution available to anyone to further its development. But regardless of its origin and current state, it’s a neat password manager that provides a ridiculously simplified interface – admittedly at the cost of certain other features that are commonly added as extras. But don’t let its simplicity fool you, since Password Safe is still a powerhouse program.
Passwords can be organized according to custom-made groups and are encrypted locally, while everything is backed up within the vault – a huge asset if something goes wrong. Add the unofficial – but equally simple – Android and iOS clone apps into the mix and we can firmly say that Password Safe may well be a worthy choice if you’re hoping to avoid the traditional costs of password managers.
Password Safe Introduction
Compared to similar password managers like Sticky Password or RoboForm, Password Safe’s own design is quite lackluster. However, the Windows-exclusive software more than makes up for it by being incredibly simple to use, delivering exactly the sort of secure ease-of-use that Schneier wanted to achieve.
In fact, Password Safe is so simple that it provides only the most important features – all available from a convenient toolbar – meaning that there are no fancy extras like sharing, emergency contact and a password evaluator. While this does mean the software is more limited, it’s a great concept for those looking for a more streamlined and purposeful program.
Still, there is one aspect that most password managers don’t include by default that Password Safe includes. Here there is the option to manage multiple vaults at the same time, all of which can be merged, compared or synchronized with one another. Simplicity is important when it comes to credentials, too, meaning that Password Safe can’t store any non-password data. Once the vault is filled with passwords, however, there is the option to leave them the way they are or categorize them to your liking by creating groups. The software can also import login credentials – from either .CSV or .TXT files – but in such cases Password Safe automatically creates a separate group that can then be edited freely later on.
As for logins, creating and editing them is quite easy since all that is needed is the username, the password, the URL, and which group the new information should belong to. Additionally, an expiry date for the password can be set – adding an extra layer of security – while a custom password policy can be used to manage your regular password changes.
To make Password Safe’s use even more convenient the program provides auto-fill and auto-login for all credentials saved to the vault, and includes a password generator that allows for complex and strong passwords to be created based on the set password policy or any criteria you like.
There are two additional features worth mentioning. One of them substitutes cloud syncing with the option to install the whole software onto a USB-drive. The other is the backup function, with which the current state of the entire database can be saved to be readily available should anything go wrong.
Apps and Browser Extensions
As might be expected from an open source password management solution, Password Safe doesn’t have browser extensions. But since the important features usually provided by such add-ons – like auto-fill and auto-login – are all present in the software itself, the lack of add-ons is not such a problem. It’s possible to import existing credentials from relevant files, too, which is commonly the best reason to use a browser add-on.
What was unexpected from Password Safe, however, is that it’s also available for Android and iOS phones as well – albeit via apps built from clones of the open source desktop software, rather than official mobile equivalents.
However, as a result of the open source nature of both of these applications, they each have completely different user interfaces to the desktop program. These two apps do sport the same simplicity as the desktop counterpart they are developed from, but they also have the look and feel of many other commercially-sold password manager apps.
pwSafe 2 – the iOS version developed by Rony Shapiro’s company, App77 – has some pretty advanced features, such as full compatibility with the base Password Safe desktop software. However, this app can only be used after paying $2.99. On the other hand, the Android version is free of charge, but it is a bit more lacking than its iOS equivalent.
However, don’t let the oversimplified interface of PasswdSafe – the Android version developed by Jeff Harris – fool you, as feature-wise the app provides everything the desktop software has.
This means that there is access to group credentials, the copy and pasting of passwords and usernames to their respective websites, and even the adding of new login information. Additionally, the app is also capable of managing password expiration dates and password policies.
Setting up Password Safe and using it for the first time is ridiculously easy. Not only does the program itself occupy a small amount of disk space at only 11MB, but the installer also prompts users to either save Password Safe to a flash drive – adding portability into the mix – or opt for the regular installation process.
Once the program is up and running the first vault has to be created alongside a master password, the strength of which is automatically evaluated. And no, we didn’t say “first vault” by mistake: Password Safe is indeed capable of handling multiple vaults at the same time, out of which the last one that was opened previously will be displayed when the software is launched again.
As mentioned before, Password Safe doesn’t interact with any browsers installed on your computer, and so the vault has to be filled manually. Granted there is an option to avoid the manual migration of credentials from a browser to Password Safe but, unfortunately, it’s rather complicated. By default Password Safe can import data from plain .TXT or .CSV files, but in these cases the process will likely be interrupted several times by an error message until the exported database is manually formatted in such a way that Password Safe finally accepts it.
The same bumpy import process applies to KeePass, the one password manager that this app is compatible with, but it’s basically the only way to ensure all login credentials are properly imported from browsers or other password managers.
Security and Privacy
When it comes to security, open source solutions are typically double-edged swords: on one hand, these programs will never be as refined as their commercially-sold counterparts; but on the other hand, such software is constantly updated by the community, and these users will usually alert others should the program become compromised.
In Password Safe’s case, however, there is no need to be alert, as the founder, Bruce Schneier, is a true security expert – and if someone is capable of putting together an unbreakable password manager, it’s him.
There are several reasons why Password Safe is considered to be extremely safe – and not just by its proud creator. Firstly, it uses local encryption with the option to sync between devices by simply opting for the software’s portable version. Secondly, the program uses the Twofish algorithm with a 256-bit key, a strong encryption method that was one of the options to become the industry standard as the basis of the AES-256 encryption that the majority of password management companies use to this day – meaning it’s an exceptionally good choice of encryption.
And lastly, Password Safe’s desktop version can be paired with two-factor authenticators manufactured by YubiKey, some of which are already compatible with the FIDO (Fast IDentity Online) interoperable authentication standard.
If Password Safe’s simplicity, overall usability and outstanding security weren’t convincing enough, its zero-dollar price tag will definitely blow away all doubts.
There are a few catches, though. The most important limitation to the software is that it’s exclusive to Windows computers (10, 7 and even XP). Another important thing to note is that Password Safe doesn’t have a premium version, which means that – aside from regular updates issued by users developing the open source program – the software is unlikely to receive any additional features and official updates from Schneier. Other developers may use Password Safe as the basis to build a password manager with other added features, similar to how the developer of the iOS clone app is selling his app pwSafe for $2.99 in Apple’s App Store.
As such, Password Safe doesn’t offer upgrades with extras like password sharing, emergency access for trusted third parties, a password strength evaluator, browser add-ons, or official mobile apps developed in-house. Moreover, advanced features like in-built two-factor authentication aren’t readily available, and the program will only ever handle your passwords. The philosophy of Password Safe is that a password manager should be solely for passwords, meaning that anything else like storing software licenses and credit card data – typically labeled as premium features elsewhere – isn’t part of Password Safe’s world.
However, if we take such convenience features out of the equation, it’s hard to deny the benefit of Password Safe when so many other programs require payment to access these missing features anyway.
When it comes to providing help and support Password Safe is on par with some of its competitors and other open source projects. As it is common with open source solutions, the main support method is via the discussion forums, where Password Safe users can exchange opinions, suggest improvements and provide help to each other. Although turning to the forums is the fastest way of getting help, there is also an option to write an email inquiry, which is answered within a short period of time.
For further assistance users can turn to the short but informative FAQ, read the latest news about releases and bug fixes, or learn the use of the software via a quick guide or a short video reminiscent of the trailer of The Lord of the Rings.
As expected from an open source solution, Password Safe’s list of features is limited to the bare minimum, which is best highlighted by the rather complicated way of importing passwords from similar programs, the lack of browser extensions and the software’s Windows exclusivity.
However, when it comes to everything else, Password Safe is on par with commercially-sold solutions and, in certain cases, even manages to surpass them. The simplistic interface ensures hassle-free password management, including such features as auto-fill and auto-login, the option to create and manage multiple vaults, and database backup. All these features of Bruce Schneier’s magnum opus are part of the two clone apps that have been developed for Android and iOS, as well.
So if you need nothing more than a simple, free password manager to keep your login credentials in a secure vault, then downloading Password Safe is definitely the choice for you.