The German Steganos company has been around since 1997, and has offered a security suite with password management features for most of that period. It releases a new version almost every year, but its features have not kept up with other password managers. In this Steganos Password Manager review, we outline how it succeeds and where it falls short.
- Steganos has the core capabilities of a good password manager, but its autofill doesn’t always work and it lacks more advanced features.
- Accounts and keychains have to be created from the Windows application; keychains can’t be created with the apps or extensions.
- Auto synchronization requires you to pair your account with a cloud storage service.
- Steganos offers native apps on Windows, iOS and Android, as well as browser extensions for Chrome browsers, Microsoft Edge, and Mozilla Firefox.
At a minimum, password managers should manage your login data, encrypt your personal details in a secure vault and autofill your passwords for websites and apps. Services that stand apart provide extra features like biometric authentication, password sharing or a security dashboard.
Services that go above and beyond provide these features at a low cost or for free.
At a glance, the Steganos password manager provides the basics, while falling short in providing some of the extras. You can see how that stacks up against other services in our best password manager list. Otherwise, read on to get the details.
11/13/2022 Facts checked
Updated to include new backup and recovery feature, updated pricing is no longer one-time but now annual, added notes on current bugs and limitations.
Steganos has a decent password manager protected with highly secure encryption. Some modern features are missing, and the autofill functionality in the browser extensions is buggy.
All hardware and software has vulnerabilities or bugs that could be exploited due to faulty equipment or programming. However, Steganos Safe has no known vulnerabilities.
Steganos Safe is a software application that can store files in a virtual encrypted drive. The drive is encrypted with AES-XEX 384-bit encryption and can store up to 2TB.
Alternatives for Steganos Password Manager
Steganos Password Manager Review: Strengths & Weaknesses
- Free 30-day trial
- Portable version
- Multiple themes
- iOS & Android apps
- Two-factor authentication
- Desktop password widget
- No free version
- No security analysis
- Limited customer support
- No built-in multi-device sync
- No web-based user interface
- No macOS support
The Steganos service offers a secure password vault with a Windows-only desktop app, browser extensions and mobile devices on iOS or Android. Alternatively, passwords can be imported from another service or from a Steganos backup.
You’ll see the standard features of password autofill and login capture, and the service provides backup and restore functionality by default. Additional features include cloud storage synchronization, five basic data types, unlimited keychains and two anti-keylogging tools. You also get two-factor authentication and a portable USB version.
Syncing to the Cloud with Steganos Password Manager
Many other password managers have a built-in online storage feature. Your passwords are synchronized through this online account by a back end of servers hosted by the password management service.
The password manager must be trusted to encrypt and store your data in their online environment. They act as both the bank and the bank safe deposit box.
Instead, Steganos only acts as the safe deposit box. You have to choose a cloud storage service to pair with Steganos and store its encrypted containers. In fact, the Steganos Password Manager doesn’t store any data itself — online or otherwise. Your steganos-create-master-passwords are always separate files that Steganos never transfers to its own servers.
After creating a Steganos account, you use app menus to connect to a cloud storage service. Steganos supports Dropbox, Microsoft OneDrive, Google Drive or the Deutsche Telekom MagentaCLOUD. Once connected, all of your keychains are backed up into that cloud storage service. Backups automatically occur anytime a keychain is changed.
Securing Unlimited Keychains
Steganos offers as many keychains (databases) as needed. Each keychain can be thought of as its own bank safe deposit box. Each is protected by a separate key — a master password you choose on creation.
When created, each keychain is stored in a hidden folder within the user’s Windows profile. Those files can be saved manually elsewhere, or the desktop client can be used to export a backup for mobile or portable use. Your keychains will all upload to the cloud storage of your choice once you pair a service.
Data Types, Notes and Attachments
Steganos Password Manager supports five data types: passwords, bank accounts, credit cards, private favorites and identities. Each data type has its own fields, but they all include secure notes and file attachments. Passwords, bank accounts and credit cards are self-explanatory, though the bank account fields are formatted for European banks.
The “private favorites” data type is a nice feature that lets you save bookmarks in your secure vault. That’s a useful way to be browser-agnostic with your list of common websites. “Identities” is mostly self-explanatory, but Steganos also allows you to use custom row titles in that data type. It’s an addition that could make up for the lack of custom data types.
Secure notes and file attachments are one of the better features provided with Steganos Password Manager. Each of your data entries can have a large chunk of text in the notes field, and that will automatically synchronize whenever you have an internet connection. The same goes for file attachments — we were able to save a 12MB PDF without a problem.
Steganos Password Manager Extras
Steganos Password Manager offers three features that are uncommon among other password managers. You get a portable version of the password manager, a virtual keyboard and the Steganos PicPass password generator.
The portable password manager is the most straightforward: the app creates an install-free password manager that can be run from any location. Just note that it’s read-only and won’t synchronize with any changes after it’s created. It operates as a snapshot of a specific keychain that can be used on any Windows machine.
The virtual keyboard and PicPass are both used as methods for inputting or generating secure passwords when accessing your encrypted password list. In the event of a compromise, your computer could have keyloggers that record keyboard input. Using the virtual keyboard could prevent this by bypassing the methods hackers use to log keystrokes.
PicPass provides a similar function with images instead of the virtual keyboard. Opening PicPass allows you to click a sequence of 36 images that correspond to letters or numbers. After clicking through, the image-generated password is pasted into the field for your master password.
The next time you log in, just reuse the same image sequence. However, even Steganos recommends using other methods, as a strong password requires 8 or more images.
The Helpful Account Assistant
Like other password managers, Steganos will attempt to detect logins and account registration for unknown websites. When that happens, it will open a suggestion to create a new password entry for the page. If a detection fails, or if you want to start the processing manually, you can click the Steganos icon and select “start account assistant.”
The password manager will pop up and show a new dialog box with details related to the website. One particularly helpful aspect is the username dropdown, where Steganos provides a list of your previously used account names.
After selecting the right name or email, you just click create to continue. A randomized password is already generated for you.
Steganos’ Missing Features
There are dozens of password managers. That’s good for us: We get choices, and password manager companies innovate to compete for new users. However, Steganos suffers from even a rough comparison — it’s missing features that are the default for other password managers, including integrated file storage, a web interface, security dashboards and password sharing.
Steganos Password Manager Features Overview
|Backup and recovery|
|Mobile apps||Android, iOS|
It’s important to have good security practices, but staying secure shouldn’t break the bank. Fortunately, Steganos is cheaper than most alternatives despite being a solid password vault. Since last year, it changed from a one-time fee to a yearly cost of $24.99 for five PC licenses.
That average of $2 per month is especially compelling given that it can be shared by five users. Mobile apps don’t count against your license use. That secures all your passwords, includes a password generator and syncs to unlimited mobile devices.
There aren’t other service tiers, but there is a 30-day free trial. However, for $49.99 a year, you can get Steganos Privacy Suite. It combines the password manager with Steganos Data Safe. The extra cost allows for the creation of 2TB encrypted data vaults. Vaults are secured with AES-XES 384 encryption and show up as an additional drive on your computer.
Data vaults can be synced between devices with your own third-party cloud storage.
Terminating a subscription won’t remove access to your passwords or other data. Instead, Steganos puts keychains into a read-only mode that prevents further imports or changes. You could continue using Steganos as long as nothing changes, but cloud sync will stop working. Updating a login or credit card would require exporting the data or renewing your subscription.
Ease of Use
Steganos offers a basic password manager with a straightforward user interface. The apps, browser extensions and desktop interface all work mostly as expected. They are all usable if you’re familiar with similar software.
Starting off requires buying a license or initiating the 30-day trial. You input individual items into the password database manually or by capturing logins with apps and browser extensions. You can also import password lists from other password management software. Both app and in-browser login capture didn’t always work, so importing an existing list is the fastest method.
To get around the sporadic login capture, you have to use the Windows app’s “account assistant” feature to make sure it saves new account data. Unfortunately, account assistant isn’t available on the mobile apps.
For customization, it takes some clicking around to adjust non-standard settings. Changing the desktop software’s theme is straightforward, but enabling the cloud storage feature took trial and error. The Windows app requires a browser extension to be installed before you can link a cloud storage service, but that requirement isn’t mentioned in its documentation.
You’re out of luck if you want to use Steganos without Microsoft Windows. It’s not immediately apparent, but accounts have to be set up from the Windows UI first. Browser extensions won’t work unless the Windows UI is running. Mobile apps can only be used once you’ve exported your keychain or enabled cloud synchronization. There is no Linux, Safari or macOS support.
Additionally, Steganos doesn’t offer a native synchronization feature without your own cloud storage solution. You have to already have an account with Microsoft OneDrive, Google Drive or DropBox. For European users, you can use your Deutsche Telekom MagentaCLOUD storage service. That rules out using other services or self-hosted solutions.
The Steganos Password Manager Widget
On desktop, Steganos offers a password widget with a dropdown to select login credentials. The password widget is a floating toolbar that can move anywhere on screen. Credentials can be copied and pasted or dragged into different program fields. Note that using password categories is necessary when using the widget; otherwise, your dropdowns will get unusably long.
The widget can be useful if you don’t prefer browser extensions or when using unsupported browsers. At the time of writing, Steganos offers browser extensions for Chromium browsers, Mozilla Firefox and Microsoft Edge. The Steganos password widget makes it easier to manually copy passwords if you use Safari or other applications without a dedicated extension.
The password widget can also be used to control the main user interface. Unfortunately, Steganos can’t be minimized to the Windows system tray. Clicking the “X” icon will close your keychain and exit the program entirely. At best, you can use the widget’s up or down arrows to open or collapse the main interface.
Using the Mobile App Password Managers
Steganos offers mobile apps for iOS and Android, but both are bare bones and won’t work without the desktop version. After setting up the Windows app, you have to get cloud synchronization working before installing the mobile app. Then you only have to install the mobile app and connect to the same cloud storage service to continue.
Steganos offers an alternative to cloud storage with the “export for mobile apps” feature — just transfer your keychain files. Android devices require placing the keychain in a very specific location, and on iOS you have to go through file sharing menus to import the keychain. None of this was obvious, but Steganos offers online help that outlined these steps.
After your keychain gets imported, the Steganos mobile apps work well enough. The apps autofill user accounts for recognized websites, and you can select from your list of logins for unrecognized pages. However, new accounts aren’t captured by the mobile app, and the desktop’s account assistant isn’t included on mobile.
A password manager’s security is paramount — you’re trusting a program with the entirety of your digital life. Steganos meets that requirement. Its password manager uses strong encryption and has a promising security model. Historically, it’s proven to be a trustworthy company. So far, it hasn’t had any reported hacks or data breaches after 25 years of business.
Each keychain has its own master password and is only stored on your computer or cloud provider’s storage. Each keychain is encrypted using AES-256, so Steganos encrypts all data types to that same standard. For the password generator, it uses your mouse movement to increase uniqueness.
Secure Your Master Password
Optionally, two-factor authentication can be enabled per keychain using any compatible time-based authentication app (TOTP) like Google Authenticator. Each keychain makes a separate entry on your authenticator, or splits access between Authy, Microsoft Authenticator, or some other TOTP by scanning the right QR code.
Distressingly, keychains secured with two-factor authentication cannot be opened in a mobile app, making it a Windows-only feature.
Not Quite a Dashboard
Though it doesn’t have a security dashboard, the desktop version does include a password quality indicator. It’s almost hidden though; you have to click the sorting dropdown and select “password quality” to reveal the feature. It does give a nice overview of weak and strong passwords, but it’s odd how it isn’t the default setting.
Digging a little deeper, that same dropdown offers some additional features that are usually associated with a dashboard. You can sort passwords by age, see how often an entry gets used, or see when they were last modified.
Again, it’s an unusual setup that takes extra clicks to get useful information. It’s really too bad they haven’t consolidated those settings into a dashboard.
The Steganos built-in password generator creates strong passwords at 20 characters by default. It also includes a neat randomization feature to increase a password’s chance of being unique. After setting your password features, clicking the next button shows another pop-up. You have to move your mouse to add entropy, or randomness, since computers aren’t truly random.
Most password managers have at least a few avenues of customer support, but Steganos only offers an online ticketing feature. Granted, users can sift through the published manuals and software documentation, but even that can be sparse for unusual problems.
As a test, we searched the help files for details about account recovery features and the zero-knowledge character of the master password. We could not find any help documents or press releases that contain this information. We reached out with a support ticket with these questions, and after a week we have yet to receive a response.
Unlike other service providers, we couldn’t find any support forums, an online chat or a phone number to contact the company. That makes it hard to find help when troubleshooting issues like the faulty in-line password generator or intermittent autofill.
Overall, Steganos provides a decent service with basic password management functionality. It doesn’t match most modern password managers, but provides the basics at a low cost and with a strong record of security. Limitations like Windows-only two-factor authentication hamstring the service. Missing features like password sharing are almost baffling.
Still, the Steganos cloud storage integration works really well, and its data types provide plenty of fields for details and secure notes. The fact that file attachments sync with the keychain is another nice touch. It would be easy to recommend for those features alone, but more than one browser extension had faulty autofill and the minimal customer support is worrisome.
Wrapping up, there’s no harm in giving the Steganos Password Manager a try. Maybe the 30-day free trial will show you something we missed. If so, what else should we include when discussing the Steganos service or similar password managers? Would you trust Steganos with your personal passwords? Let us know in the comments, and thank you for reading.