At the moment I am evaluating two password managers on my iOS devices. One is of course the well-known 1Password and the other is Password Safe and Repository (
https://itunes.apple.com/de/app/password-safe-and-repository/id620289174?l=de&ls=1&mt=8&at=10l3Vy).
It is very difficult to be sure how secure the apps and their password storage are. Last week I was on a German it security congress about mobile device management. During that some white hat hackers (they found various security flaws in WhatsApp last year) showed how easy it was to evaluate and to change the behavior of apps on mobile devices. They tested also various password managers and showed that some don't use any encryption at all or that the have a standard pass phrase within the app with that the data was encrypted.
From the user perspective therefore it is very difficult to evaluate and rate different apps. Every developer says it's app is safe.
Yesterday I found in an German well-respected IT magazine an article about various password managers on iOS with Mac sync.
They discovered also that some password managers are feature rich, but not all are secure. Two tested apps even saved everything unencrypted on the device. In one case the developer told them that he is planning to implement encryption in a later version. In the App Store description was the encryption as feature described. The two most used (LastPass and 1Password) have both a kind of security concern with their browser plugins. Both plugins save in a disguised way the master pass phrase of the corresponding app. They do it that the user have a better user experience. But do I really want that first?
In the case of password managers security should be the main objective. And I think it wouldn't be too much to enter your master password after each start of your browser. The magazine staff also asked AgileBits and LastPass. Only AgileBits answered them and confirmed that the disguisedly are saving the master pass phrase within their plugin. Therefore I am not sure if I really
should buy the Windows application.
On my devices 1Password is really good and nice to use. I really like their powerful InApp browser. Although I can not understand why they removed the wifi sync and force the user to sync via a public cloud. Beside the strong AES256 encryption it is a possible and unnecessary vulnerability.
The other password app PSR is only windows based and the desktop application is already in the version 7. Their background is managing licenses and passwords for businesses. Therefore they have more features than 1Password such as sealed passwords, multiuser password access, configurable templates for passwords and also support of password fill in to regular desktop apps. The iOS version is pretty new and also good to use. I can only recommend it if you only need an iOS / Windows synching solution.