Password Genie 5.2

...

Using a password manager on your desktop computer is definitely easier than memorizing tons of strong passwords. They're even more of a boon on your smartphone's tiny keyboard. Password Genie 5.2 let you sync your saved passwords across all of your PC, Mac, Android, and iOS devices—or rather, across as many of them as your licenses permit. It handles essential password management functions nicely, but its form-filling is weak, and the price can add up if you have a lot of devices.

Compare Similar Products

Compare
  • Dashlane 4

    %displayPrice%
  • LastPass 4.0 Premium

    %displayPrice%
  • Sticky Password Premium

    %displayPrice%
  • RoboForm Everywhere 7

    %displayPrice%
  • Keeper Password Manager & Digital Vault 8

    %displayPrice%
  • LogMeOnce Password Management Suite Ultimate

    %displayPrice%
  • Password Boss Premium

    %displayPrice%
  • Authentic8 Silo

    %displayPrice%
  • True Key by Intel Security

    %displayPrice%
  • Zoho Vault

    %displayPrice%
  • RoboForm Desktop 7

    %displayPrice%
  • LastPass 4.0

    %displayPrice%

A basic subscription, at $15 per year, lets you install Password Genie on up to five PCs or Macs. Password Genie Mobile has almost precisely the same functionality; for $11.99 per year you get one license for iOS or Android. The Password Genie Bundle, reviewed here, shaves a bit off the combined price of those two, coming in at $24.99 per year for five desktops and one mobile device. Got more phones or tablets? Password Genie Mobile (Professional) gives you three mobile licenses for $29.95 per year, and Password Genie Mobile (Family) doubles that, for $49.95 per year.

View All Photos in Gallery

Passwords for you, the master user, synchronize across all your devices. You can optionally create additional users on your desktop devices, each of whom gets a separate password collection. If you want to install Password Genie on mobile devices for other family members, without giving them access to all of your passwords, you'll have to create a separate, non-syncing account for each.

This per-device pricing scheme is rather unusual. Sticky Password Premium and Dashlane 4 don't put any limits on the number of devices for a single account, nor does LastPass 4.0 Premium. If you have a large number of devices, Password Genie can get expensive.

Getting Started
During the installation process, Password Genie requires that you either enter the activation code you received with your purchase or connect with an existing account. There's no option for a free trial. Dashlane and Sticky Password, by contrast, are free to download and use, requiring payment only if you want to sync multiple devices. You can use quite a few competing products for free if you keep the number of saved passwords below a certain limit. And of course, there are plenty free password managers that are very effective.

For my evaluation, the company set up an account in advance, so I logged in as an existing user. Connecting to the account was simple. I entered my email and received verification of the account's existence. To complete the process, I entered the master password, typed a description of the computer, and clicked Register.

Password Genie offered to import passwords from my browsers (Chrome, Firefox, and Internet Explorer) at startup. If you skip this process initially, you can request it later. The program can also import passwords from a CSV file in the format exported by LastPass 4.0 Premium or AgileBits 1Password 4 for Windows. Those with some minor spreadsheet skills can probably massage exported data from other products into the correct format.

The product's grey and white main window is attractive and not at all busy. Six big panels represent Logins, Wallet, Form Fill, Bookmarks, Users, and Settings. There's also a direct connection to the product's 24/7/365 support, with links to FAQs and how-tos, instructions for phone support, and a live chat option.

Security Considerations
As always, you should protect your password collection with a strong but memorable master password. But don't rely on Password Genie to tell you what's strong. I complained about the lax standards in F-Secure Key, which accepted "password" as moderately strong. Password Genie proved laxer still.

When you click the link to change your master password, it takes you to the product's website. The page instructs that a master password must be at least six characters and contain at least one letter and one number. That's setting the bar really, really low, but the actual strength indicator dips lower still. I thought I'd see how it rates "Password." As soon as I typed "Pa" the indicator changed from Weak to Strong. Absurd! Memorize a long, strong master password, please.

Password Genie does offer several ways to enhance your security. By default, it protects against brute-force password guessing on mobile devices by suspending all logins for 30 minutes after three failed attempts. You can change that from one to five failed attempts and set the lockout from five minutes to an hour. And if you fumble-finger yourself into a locked state, you can send an unlock code via email.

The available two-factor authentication system is also email-based. You can enable it so you need an emailed code for every login, or just each time you add a new device.

In Dashlane or LastPass, you can run a security audit to get an actionable report on weak and duplicate passwords; these two can automatically update passwords on some common sites. Password Genie is more proactive; if you have weak passwords it displays a warning on the main window; it also marks entries that have weak passwords with a red unhappy face icon.

The password rating system for logins is different than for the master password, but has its own quirks. One of my passwords is 15 characters long, with uppercase letters, lowercase letters, and punctuation. But because it has no digits, Password Genie flagged it as weak; tacking on a digit jumped it to strong. The same password with digits and no punctuation rated moderate. And "1!Passwo" earned a strong rating. I have more faith in the deeper analysis performed by KeePass 2.34. If KeePass says your password is strong, you can rely on it.

Password Capture and Replay
Like most password managers, Password Genie installs add-ons for popular browsers so as to automatically capture credentials when you log in to a secure site. When it detects a login, it pops up a retro-looking window that lets you give the item a friendly name and optionally assign it to a new or existing folder. If there's already a saved login for the site, you can choose to either create a new login or replace the existing one. Password Genie handles password change events, and can capture credentials during creation of a new account.

In testing, I found that it captured passwords from standard login pages without trouble. However, anything out of the ordinary gave it trouble. LastPass, Sticky Password, Keeper Password Manager & Digital Vault 8, and RoboForm Desktop 7 manage oddball logins by letting the user choose to capture all fields on the page.

Password Genie should be able to capture known multipage logins like those used by Yahoo Mail and Gmail, though my company contact noted that changes to those pages can temporarily cause problems. In my testing, I initially thought this feature wasn't working. It turns out that when I copy/pasted the password, it didn't work, but if I typed it in, the way a normal user would, it worked fine.

When you return to a site, Password Genie automatically fills in the saved credentials. If you have more than one set of credentials, it offers a pop-up menu. And, as with most similar products, you can pull down a menu of all your saved logins from the browser toolbar button. Selecting one both navigates to the site and logs you in.

Password Generator
This product's password generator defaults to creating 10-character alphanumeric passwords, with no symbol characters. That's better than Symantec Norton Identity Safe, which creates eight-character alphanumeric passwords by default. However, for proper security, you should go into the settings, raise the default length to 16 or more, and enable use of all character sets. There's no reason to use shorter, less secure passwords when you have an app that takes care of remembering them.

When Password Genie detects a password change or new account creation event, it automatically pops up the password generator. Dashlane does something similar, displaying a password generator button near the password field. Password Genie lets you tweak password length and character sets for a particular site without changing the defaults. However, it doesn't automatically fill in the generated password; you must copy and paste it.

What's in Your Wallet
You might think that Password Genie's Wallet component would only store things like bank accounts and credit card information, but it's actually more versatile than that. In addition to those two categories, it includes templates to store birthdays, car rentals, frequent flyer accounts, hotel loyalty accounts, insurance data, passports, prescriptions, and vehicle information, as well as a general-purpose secure notes field.

Each category includes its own collection of data fields. For example, besides the name and date, a birthday entry includes the option to email you a reminder up to five days before the big event. Along with the expected credit card data, you can fill in the customer service number. And so on. These wallet items sync to all your devices, along with your passwords, so they'll always be at hand. You use the Bookmarks component to make your favorite webpages ubiquitous in a similar fashion.

Weak Form Filling
Password Genie lets you create any number of profiles for filling personal information into Web-based forms. Each profile includes name, address, email, and four types of phone number. You can also add one credit card and one bank account, optionally pulling these from existing Wallet entries.

There's no option for multiple instances of fields like you get with RoboForm or Password Boss Premium. If you want the option to choose between multiple credit cards, you'll need make a copy of the profile for each. LastPass lets you choose profile and credit card separately. Dashlane not only stores multiple credit cards, it displays them next to the card-entry field as images using the color and bank logo you selected.

I filled in all fields in a profile with imaginary data and put it to the test. The results were unimpressive. On RoboForm's All Fields Test page, Password Genie filled in the last name, but not the first. It inserted city, state, and zip, but not street address. The fax number field was filled, but not the home, work, or cell phone numbers. And so on.

Admittedly, that's just a test page. For a real-world test, I visited Target online, selected a Chewbacca mask, and began to check out as a guest. Password Genie did not fill a single one of the name and address fields, not even when I clicked the browser button and actively selected Form Fill from the menu.

My experience at Walmart's website was also strange. On this site's checkout page, Password Genie filled the first name, last name, and email address correctly. However, when I submitted the data, the website somehow didn't see the entered data. It flagged each field in red, saying, "This information is required." I corrected the problem by cutting the data from each field and pasting it back in, but I don't know if the average user would figure that out.

I reported these problems, in great detail, to my company contact, who responded, "We will forward this information to our development team and make sure we fix these in upcoming releases." I do hope that happens, but I experienced a similar weakness in the form fill component when I reviewed an earlier version of this product.

Mobile Experience
Depending on which license or licenses you purchased, you may be able to install Password Genie on one or more Android or iOS devices. Install the free app from the appropriate store, log in to your account with your master password, and create a PIN. Now your passwords sync with the mobile device. Do note that by default passwords sync every five minutes. You can change that to one or 10 minutes, or request an immediate sync.

The product's mobile interface is almost identical to its appearance on the desktop, especially if you hold the mobile device so the display is in landscape mode. There's no Users panel, because that feature isn't part of the mobile version. A Support button takes its place.

That PIN you created takes the place of the master password; you only need the master at the time you connect the device to your account. If you've protected your device with a lock screen, that plus the PIN may be sufficient security, especially if you retain the default setting that automatically locks the program after five minutes of inactivity. And, as noted, a phone thief who tries to guess your password will, by default, get locked out for 30 minutes after each three failed guesses. For added security, enable the email-based two-factor authentication. Those using iOS devices can log in using Touch ID.

On both iOS and Android, your saved logins launch in an internal browser. That makes it easy for Password Genie to fill in the credentials. LastPass, Dashlane, Sticky Password, and a few others manage to fill forms in other iOS browsers using the Share icon menu. F-Secure Key, among others, accomplishes Android autofill using a special keyboard. But using an internal browser is a fairly common solution.

It's also possible to invoke the Web form filling component on a mobile device, but it's a bit awkward. You must navigate to the page using the built-in browser, which doesn't have history or bookmarks built in. When Password Genie detects a fillable form, it pops up an offer to fill in the blanks, with the same scattershot results as under Windows.

Online Management
You can't access your passwords online the way you can with LogMeOnce Password Management Suite Ultimate, Zoho Vault, LastPass, Dashlane, and many others. This could be considered a virtue, since if you can't log in remotely, neither can a crook.

What you can do online is manage your account overall. As noted, changing your master password is an online occurrence. The list of users includes a forgotten password link for each. Of course, if you're the only user, you couldn't reach this page without knowing your password. In an alarming lapse of security, clicking the forgotten password link emails the password directly to the user, in plain text!

The online console also lists all of your devices, along with details like when the product was installed. Other detail elements proved a bit confusing. For my Windows installation and my two iOS installations, the Version field displayed the name I chose for the device. The Android installation displayed 5.0 in the Version field, and omitted the name. Next to each device is a button to remove it from the account, for example, if you got a new phone.

Ups and Downs
Password Genie 5.2 does a good job capturing and replaying passwords, even handling new account setup and password change events. However, oddball login pages can baffle it, and in testing the form-filling feature proved spotty. It also lacks advanced features like secure password sharing, password inheritance, and automatic password changing. Two-factor authentication is nice, as is the ability to shut down a password-guessing thief. But its rating system for master passwords is terribly lax, and the similar system for website passwords is quirky.

Our Editors' Choice password managers give you everything this product does, and more, and they don't put limits on how many devices you can sync. LastPass 4.0 Premium, Dashlane 4, and Sticky Password Premium are our top recommendations.

Categories
GAMES
0 Comment

Leave a Reply

Captcha image


RELATED BY