Getting hacked because you used a lame password can be even more damaging than getting hit with a Trojan or botnet infestation. A number of security vendors, Symantec among them, include a password manager as a component of the security suite. Symantec Norton Identity Safe is also available as a free, standalone product, though its features aren't precisely the same as those of the version included with the suite. While it performs all of the essential password manager tasks, its feature set has been all but unchanged for years. Its more innovative competitors are drawing farther and farther ahead.
Compare Similar ProductsCompare
LogMeOnce Password Management Suite Premium%displayPrice%
1U Password Manager%displayPrice%
Enpass Password Manager 5%displayPrice%
LastPass 4.0 Premium%displayPrice%
Sticky Password Premium%displayPrice%
You can sync your Identity Safe passwords across any number of Windows, iOS, or Android devices, and can also log in to your stored data from any secure browser. While the product hasn't changed much in years, it does boast a few new features since the last time I reviewed it. On iOS devices it supports touch ID for authentication, and a new Safari extension allows it to auto-fill your data. The Android and iOS editions both support credit card capture and autofill. And it supports Windows 10.
Easy Setup and Installation
Getting started with Identity Safe is a snap. Download it from the Identity Safe website, launch the installer, and click the big Agree & Install button. Enter your email address to sign in or create a new Norton account. You use the Norton account to manage all of your installed Norton products, not just Identity Safe; it's not the master password for Identity Safe.
As with LastPass 4.0, LogMeOnce Password Management Suite Premium, and most other password managers, Identity Safe relies on one master password to protect all of your other passwords. This is the one password you must memorize, and it needs to be both complex and not easily guessed. The program won't accept your master password unless it's at least eight characters long and contains at least one of each character type.
Shortly after installation you'll get a prompt from the program to install its Chrome add-on. You'll accept the Internet Explorer add-on the next time you launch that browser. As for Firefox, well, there's a problem. The latest version of Firefox changed the program architecture enough that Identity Safe is no longer accepted. Symantec has no specific estimate for when a fix will become available. Firefox fanatics should choose a different password manager.
Import and Export
One great thing about free password managers is that it costs nothing to kick the tires and give the product a try. One thing that really eases that kind of experimentation is the ability to import and export your password collection, so you don't have to repeat the setup process in each program. LastPass can import from two dozen competing products, and KeePass 2.28 handles three dozen.
You can export (and optionally encrypt) your Identity Safe passwords to a proprietary format, and import them into another instance of the program. You can also export to .CSV format. But in terms of importing from other programs, Identity Safe doesn't offer anything beyond the ability to import a .CSV file of the proper format. By default, the program does automatically make encrypted local backups of your data.
Password Capture and Replay
Like most password managers, Identity Safe automatically captures your username and password as you log in to any secure site. It slides in an information bar at the top of the webpage reporting that it captured the data. You can click an Options button to give the captured data a friendly name, or cancel the capture. If you already have credentials recorded for the site, Identity Safe asks whether to replace the existing data or create a new record.
When you revisit a site for which the program has saved credentials, it automatically fills them in. If there are multiple sets of credentials, it asks which you want to use.
You can also click a button in the Norton security toolbar for quick access. There are two ways to view your saved data. Clicking Logins gets a simple list of all your saved logins, which can get rather long. If you have a lot of logins, you should organize them using tags. More about tags shortly. Once you've done this, clicking Tags gets you a menu in which each tag becomes a handy submenu.
Editing and Organization
From the browser-button menu you can also choose Open Identity Safe, which launches the full program. Here you can view a full list of all your saved passwords, with the friendly name, the username, and a password field whose data is masked until you click the adjacent button. Each password also gets a color code indicating its strength.
As noted, you can choose a friendly name for a saved item at the time of capture. That's probably a good habit to get into. But you can also edit the name later on, and add tags. Alas, you can't add tags at capture time. LastPass and LogMeOnce both allow assigning newly captured credentials to groups (their equivalent to tags).
Now that you're using Identity Safe to manage your passwords, you can use long, random passwords, ones that you'd never be able to remember without help. Like most password managers, Identity Safe includes a password generator. 1U Password Manager and oneID are among the few that don't.
The unusual thing about Norton's password generator is that it's not part of the program. If you want to generate some random passwords, you go to the product's website. There's no need to log in, so anybody can use this tool. By default, it generates eight-character passwords using only alphanumeric characters. Don't accept those lame defaults. Set it to at least 12 characters, and set it to include punctuation. There's no reason not to, since you don't have to remember the generated password. Sadly, your settings aren't saved, so you'll have to tweak the configuration every time you surf to the site and generate a password.
Filling Web Forms
Filling Web forms with your personal data is a feature that's common in commercial password managers, not so much in free products. LastPass, LogMeOnce, and Identity Safe are the only ones I've seen that include this feature.
You can create any number of what Identity Safe calls Addresses. Each Address includes a full name, birthdate, gender, and physical address, as well as an email address and several phone numbers. LastPass collects a very similar set of personal data. In addition to personal data, you can save any number of credit cards or bank accounts in your online Wallet. RoboForm Everywhere 7 can fill vastly more fields, but then, it's not free.
When you click in any field on a page that Identity Safe recognizes as a Web form, it offers a list of your available Address and, if appropriate, Wallet items. Just choose what you want and click a button to have Identity Safe fill the form for you.
In order to install Identity Safe, you must also install the Norton Toolbar. It's a requirement. That's fine, because the toolbar is actually quite handy. However, you'll also be prompted to Norton-ize your home page and default search engine; you may or may not want that.
The toolbar displays Norton Safe Web's rating of the current website and also marks up search results in popular search engines. Green means the site has been scanned and is safe, orange means it may be risky, and red means it's actively dangerous. Untested sites get a gray icon, and super-secure sites rated for online transactions get an oversized OK icon. If Safe Web rates a site as dangerous or iffy, you can click through for a full report on just what dangers are present, along with a community rating and any comments from other users.
One big risk to password security is phishing, which is the practice of attempting to steal passwords by putting up fake sites masquerading as, say, PayPal, or a bank. Enter your credentials into one of those and you've handed your account to the fraudsters. But Norton's toolbar is so good at detecting and blocking these that I use it as a benchmark to rate other antiphishing products. And if you open your sensitive sites directly from Identity Safe, there's no chance you'll accidentally go to a fake site.
A password manager can be extremely useful on a mobile device. No more trying to type passwords like d73j7T%3 on that tiny keypad! Like LogMeOnce and 1U, Identity Safe offers both Android and iOS apps. Enpass Password Manager 5 is unusual in that you must pay a one-time fee of $9.99 for its mobile apps. LastPass supports iOS and Android smartphones and tablets, but there's catch. You can only use the free edition on one kind of device, desktop, smartphone, or tablet.
Identity Safe on a mobile device has all the same features, but its interface is nicely reshaped to match the platform. On any mobile device it offers to let you log in using a PIN code as an alternative to your master password; on iOS devices, you can log in using Touch ID.
There are some differences between the mobile editions and the Windows version. The password generator is a built-in feature in mobile editions. It still defaults to eight-character passwords, but at least it uses all character types by default. And if you change the settings, it remembers. There's no full-on form-filling on mobile, though it can capture credit card information using the camera and fill in full credit card details in Web forms (as long as you're surfing via the app's built-in browser). On iOS devices, you can configure Safari to let Identity Safe fill in passwords. Android's accessibility feature lets Identity Safe fill credentials in Chrome and in some apps.
What's Not Here
Identity Safe includes all of the basic functions you'd expect, such as password capture, replay, and generation, as well as form filling. However, it doesn't go much beyond those basics. This product's features have been static for years, while competing products have evolved and branched out.
LastPass, LogMeOnce, and Enpass, for example, let you securely share login credentials with other users. LastPass and LogMeOnce even provide for inheritance of your passwords in the event of your demise. KeePass, oneID, 1U, LogMeOnce, and LastPass let you add some form of two-factor authentication to protect your sensitive passwords. I don't count Identity Safe's support of Touch ID as full-fledged two-factor, since it's platform-specific.
While Identity Safe does rate password strength in its main display, LastPass and LogMeOnce offer an actionable report that identifies week and duplicate password and also offers links to fix them. These two even have the ability to fully automate password updates on certain sites.
A Decent Choice
If you have Identity Safe because it came as part of Symantec Norton Security Premium, you might as well use it. It does perform all the basic tasks I would expect of it, and it integrates well with the Norton toolbar. But if you're not already committed to Norton, I recommend choosing one of our Editors' Choice products instead. LastPass 4.0 and LogMeOnce Password Management Suite Premium are so brim-full of features that they challenge all but the very best commercial password managers. Why settle for less?