SPM

An Independent Security and Privacy Analysis of Popular Password Management Tools

About Us

We are fourth year students at Ontario Tech University and have investigated these tools over a three-month span for our capstone project for DataRisk. Our team is comprised of Matthew Grant, Jamie Kennedy, Stephanie Markovski, Jayden Tan, and Jiechen Zhu. Throughout this project, we operated under the supervision of Claudiu Popa, a certified cybersecurity professional from DataRisk Canada.

The investigation involved narrowing our focus to the features/topics which are important to user privacy and security to the list present in the column headers seen in our table. As well as documenting whether the feature or topic is present and proven. This consisted of researching the tools in depth, substantiating claims where they were made, and where possible, trying it out for ourselves. Our investigation concluded on the 12th of April, 2021.

Our Findings

Tool
Final Score
2FA/MFA Support
Independent Audit
Open Source
Privacy Officer Response
Encryption Standard
IP Whitelisting
Self-Hosting Support
Public Bug Bounties
Class
Password Generation Options
Mobile App Biometrics
Breach Alerts
Present/Previous Vulnerabilities
3.96/5
null
null
No
null
AES-256
No
null
No
null
null
Cloud
Mobile
Length of 0-100 with letters, numbers, and symbols
null
null
null
3.87/5
null
null
null
AES-256
No
null
null
null
Desktop
Cloud
Mobile
Length of 5-128 with letters, numbers, and symbols
null
null
null
3.44/5
null
null
No
null
XChaCha20
No
null
null
No
null
Desktop
Cloud
Mobile
Length of 8-60 with letters, numbers, and symbols
null
No
null
No
null
2.9/5
null
No
null
No
null
AES-256
No
null
No
null
null
Cloud
Mobile
Length of 4-100 with letters, numbers, and symbols
null
No
null
No
null
2.8/5
null
No
null
No
null
AES-256
No
null
No
null
null
Cloud
Mobile
Length of 0-99 with letters, numbers, and symbols
null
No
null
null
2.71/5
No
null
null
null
No
null
AES-256
TwoFish
XChaCha
No
null
null
No
null
Desktop
Variable length with letters, numbers, and symbols
null
No
null
null
2.6/5
null
No
null
No
null
AES-256
No
null
No
null
null
Cloud
Mobile
Variable length with letters, numbers, and symbols
null
No
null
No
null
2.55/5
No
null
null
No
null
AES-256
No
null
No
null
No
null
Cloud
Mobile
Variable length with letters, numbers, and symbols
null
null
null
2.3/5
null
No
null
null
AES-256
No
null
No
null
null
Mobile
Variable length of letters, numbers, and symbols
null
No
null
null
2.29/5
null
No
null
No
null
AES-256
No
null
No
null
null
Cloud
Mobile
Length of 4-40 with letters, numbers, and symbols
null
No
null
null
2.29/5
null
No
null
No
null
No
null
AES-256
No
null
null
null
Desktop
Cloud
Mobile
Length of 6-50 with letters, numbers, and symbols
null
No
null
No
null
2/5
null
No
null
No
null
No
null
AES-256
No
null
null
No
null
Desktop
Cloud
Mobile
Variable length of letters, numbers, and symbols
null
No
null
null
1.8/5
null
No
null
No
null
No
null
AES-256
No
null
No
null
null
Mobile
No
null
null
No
null
null