Sticky Password Premium | Tech News
If you’re not using a password manager, you’re putting your online accounts at risk. It’s just not possible to remember a random, unique password for every website without help, so you wind up using simple, easily guessed passwords, and recycling the same password for different sites. Sticky Password Premium handles remembering your passwords and helps you generate new, strong ones to protect your accounts. It does everything you’d expect from a password manager, and more, but it doesn’t quite match the advanced features of our top choices.
For $29.99 per year, you can install Sticky Password Premium on all your Windows, macOS, Android, and iOS devices, and it syncs data between all your devices automatically. If you can make do without cross-device syncing, you can use it for free, just as you can with Dashlane. There’s also a Lifetime edition for the product’s biggest fans, a one-time cost of $149.99 that gets you all the features of Premium indefinitely. With either plan, a portion of your payment goes to protect endangered manatees. Why manatees? Well, the company is Lamantine Software, and lamantine means manatee in French. The product’s mascot is a friendly, bespectacled manatee.
To sync your passwords between devices, Sticky Password stores an encrypted copy of your data in the cloud. Nobody can get at that copy without having both your online account password and your master password. For the super-paranoid, Sticky Password offers an even more secure option: Wi-Fi sync. In this mode, your devices sync directly with each other when they’re connected to the same Wi-Fi network. Your data never goes to the cloud.
The program’s blue-and-white main window features a simple menu down the left side giving you quick access to your accounts, identities, secure memos, and more. As you select items in the menu, the rest of the main window fills with a list of matching items. Double-clicking an item replaces the list with the item’s details, available for editing. Simple!
During the installation process, you create an online StickyAccount. Enter your email address and create a strong StickyPass—the password you’ll use each time you install Sticky Password on a new device. You also define a separate master password, required each time you log in.
During installation, Sticky Password can import stored passwords from supported browsers, and the list of supported browsers is huge. In addition to the usual suspects (Chrome, Firefox, Internet Explorer, Microsoft Edge, and Opera) it works with less common browsers, among them SeaMonkey, Yandex, and Comodo Dragon.
Getting started with a password manager can be daunting, especially if you’ve never used one before. Like LogMeOnce, Keeper, and RememBear Premium, Sticky Password offers a thorough set of onboarding tutorials. If you’re more visually oriented, you can click a link for video tutorials online.
If you’re switching to Sticky Password from LastPass, RoboForm, Dashlane, KeePass, 1Password, or Kaspersky Password Manager, you can import your existing passwords. You can also import passwords exported by another instance of Sticky Password, which can be handy if you’ve chosen the no-sync free edition.
As you visit secure websites, the browser plug-in captures your credentials and offers to save them. You can edit the entry’s name at capture time and assign it to a group, though you can’t create a new group at this stage, the way you can with LastPass Premium.
I found handling of multiple logins for the same site slightly awkward. When Sticky Password captured my Gmail account, I named it Gmail personal. Then when I added my work Gmail, Sticky Password added it as a login under the existing Gmail personal. To get the two logins named the way I wished, I had to edit the entry, select each login in turn, click the Add Description button, and type in the desired friendly name.
When you revisit a site, Sticky Password automatically fills in the stored credentials. If you’ve saved more than one account for the site, a popup window lets you select one. You can also click the product’s button in your browser and select from a menu of all your saved logins.
In testing, I found that Sticky Password had no trouble with the two-part login style used by Gmail, Amazon, EventBrite, and others. Oddly, it didn’t capture the more mundane login for TripAdvisor. But by opening the browser extension and clicking Add Web Account, I got Sticky Password to successfully capture the credentials I had entered.
Some login pages are just plain weird. Sticky Password handles such pages by letting you capture all data fields on the page, not just the ones that look like a username and password pair. As with the similar feature in AgileBits 1Password, you won’t find it without digging. Click the button to add a web account, enter the login URL, and check the Show advanced settings box. Several new options appear, including a Define Settings Manually button; click that one. Sticky Password loads the page internally and lists all data fields. You assign the necessary login values to the fields and save the result. It’s not quite as easy as with LastPass and RoboForm, which let you simply fill the form and capture all data fields, but it works.
You can also use Sticky Password to enter credentials for applications that require a password. To select the program, you either browse to the filename or drag a crosshairs icon onto the password-entry window. Enter your login credentials and you’re done. I found that it worked even with a password-protected program I coded myself. LastPass and Keeper Password Manager & Digital Vault are among the few competing products that handle application passwords.
Most of us set our email and instant messaging systems to remember the password, so they start up immediately. That’s convenient but not necessarily secure. Turning off password memory and using Sticky Password to log in is a more secure option.
Password Generation and Rating
When you click in the password field while setting up a new account, Sticky Password offers to generate a strong password. Choose a length from 4 to 99 characters, select the character sets you want (uppercase letters, lowercase letters, digits, and punctuation) and click Generate. Like LastPass, 1Password, and others, it lets you exclude too-similar characters, for example, capital O and the digit 0. However, that exclusion reduces the pool of available random passwords. Since you don’t have to remember the generated passwords, I suggest disabling this option.
The password generator flags password strength as Weak, Normal, or Strong. Using the default settings, you get 20-character passwords using all character sets. Those settings result in passwords in the Strong range.
To check the strength of your existing passwords, click Quick Access in the menu at left and then click the Security Dashboard tab. You get a list of all sites with passwords in the Weak range, as well as sites with duplicate passwords. I would prefer a full, actionable report on the strength of all your passwords, such as you get with LastPass and Dashlane.
Password rating has gotten a bit stricter since my last review. At that time, a six-character all-alphabetic password like “abCDef” could receive a Normal rating, meaning it wouldn’t show up in the warning list. That example now rates Weak, but “Password1” still gets the nod as Normal strength, which isn’t great.
Quite a few password managers let you access your stored data by logging in to your account. Intuitive Password and the free oneID work strictly online, with no client required. LastPass, Dashlane, RoboForm, and others offer online access as needed.
That’s not the case with Sticky Password. Its online console exists to manage your license keys and trusted devices. In particular, if you’ve lost or replaced a device you can remove it from the trusted list, to lock out any possible access by a thief.
By default, Sticky Password will authorize any new device, requiring that you enter the StickyPass the first time. You can change that so authorizing a new device also requires a one-time PIN, sent to your registered email address. If you’ve finished setting up Sticky Password on all your devices, you can configure it to stop accepting any new devices.
Finally, from the console you can wipe out all of your personal data, or wipe out your account entirely. I don’t know how often the average user would do this, but I very much appreciate an easy way to delete my data when I’ve finished with a review.
By default, you must enter your master password every time you log in to Sticky Password. You can configure the product so that instead the presence of a particular USB drive or Bluetooth device authorizes your access. Note that this isn’t two-factor authentication, as the USB or Bluetooth authentication replaces the master password. You can also configure Sticky Password to use fingerprint authentication on iOS and Android devices that support it.
New since my last review, Sticky Password now supports actual two-factor authentication. To set it up, you scan a QR code with Google Authenticator, or a workalike such as Twilio Authy or Duo Mobile. Now login requires both your master password and a time-sensitive code generated by the authenticator.
A few password managers take the two-factor concept to another level, with Google Authenticator compatible time-based passwords built right in. Naturally this is for authenticating other logins, not for logging into the password manager itself. Among the products boasting this feature are Dashlane, 1Password, and Myki Password Manager & Authenticator.
While you can’t access your passwords online by logging into your StickyAccount, you can create a portable USB-based edition of the program, with all your current passwords included. This gives you a kind of two-factor authentication, as you must both possess the USB drive and know the master password.
You can use the USB-based tool to log in to your saved sites just as you would using the regular version of Sticky Password. As with the portable editions of RoboForm, KeePass, and others, any new logins you capture exist only on the USB drive, not auto-synced with other installations.
Web Form Filling
You can define any number of identities in Sticky Password. These are collections of personal information for filling Web forms. Elements include personal details, snail-mail address, online contact information, and business details, as well as a finance page that can store credit cards and bank accounts. A similar feature in RoboForm Everywhere lets you create multiple entries for any field. Sticky Password allows multiple credit cards and bank accounts, but all the other fields are singletons.
Like LastPass and Dashlane, Sticky Password can also capture data that you’ve already entered in a Web form. When it detects you’re submitting a form, it offers to add the fields it recognizes to an identity entry.
When Sticky Password recognizes that you’ve navigated to a Web form, it puts an icon in the fields it can fill, and offers a menu of available identities. As with most password managers, it won’t necessarily fill all the fields, so be sure to double-check any that don’t have that icon. In testing, it didn’t work properly on the Walmart and Target websites, and also didn’t fill RoboForm’s “All Fields Test” page. I notified the company, however, and the developers quickly fixed the problem.
Bookmarks and Secure Memos
Along with passwords, Sticky Password offers to import bookmarks from your browsers during installation. Those bookmarks become available on all your devices, which is handy, if not essential.
A secure memo is a formatted text document that Sticky Password stores and syncs, along with your passwords and identity data. Ten predefined templates list the likely fields you’d want to save for data types including drivers’ licenses, passports, and credit cards. You can edit the memo any way you like, or create a new one from scratch.
Secure memos don’t work for filling forms. They just store important information for you, and make it accessible on all your devices.
I checked out Sticky Password on an Apple iPhone SE and an Android phone. As expected, I had to enter my StickyPass to authorize each device for the first time. I verified that a fingerprint serves to authenticate on each device.
On the Motorola Moto G5 Plus Android phone, I found that Sticky Password offered to associate my saved passwords with the corresponding apps on the phone. That’s a nice touch. When I launched saved logins in the built-in browser, Sticky Password filled in the credentials. In Chrome, I tapped floating icons to copy the username and password to the clipboard. The same floating icons helped fill app passwords.
On the iPhone, you can launch saved logins with the product’s internal browser or in Safari through Sticky Password’s share box extension. However, it doesn’t fill in app passwords.
What’s Not Here
As noted, while Sticky Password identifies weak and duplicate passwords, it doesn’t offer a full report on the strength of all your passwords. LastPass, Dashlane, and LogMeOnce Password Management Suite Ultimate are among the few that offer such a report. In addition, all three automate password updates for selected sites. Keeper also offers a full security audit, but its designers deliberately avoided automated password updates due to their concerns about security.
RoboForm, Password Boss Premium, and several other competitors include the ability to securely share passwords with others. Some let you share the use of a password without making it visible to the recipient. Sticky Password doesn’t include secure sharing.
Password inheritance is a different kind of sharing. Keeper, Dashlane, and a few others let you define an heir for your account, typically with a waiting period for access, so a too-eager heir doesn’t jump the gun. That’s another feature I’d like to see in Sticky Password.
An Effective Choice
Sticky Password Premium is an effective password manager. Its ability to sync via Wi-Fi, without using the cloud, offers an extra degree of security, and it now includes two-factor authentication. I’d still like to see a password strength report that includes more than the very weakest ones, though, along with secure password sharing and some provision for password inheritance.
Sticky Password does have an approachable, easy-to-use interface. But so do Dashlane and Keeper Password Manager & Digital Vault, and they include advanced features that Sticky Password lacks. These two are our current Editors’ Choice products in the commercial password manager realm.