Best Password Manager: 12 Tools Reviewed
Most people use the same username and password for every account they create. It's convenient and straightforward, and there's little risk that you'll forget your login details. There's just one problem though: When you reuse a password, you expose yourself to cybercriminals and data thieves. As soon as they hack just one of your accounts, they'll be able to unlock all the rest.
Password managers prevent this from happening by securing your accounts with unique and uncrackable passwords that you don't have to remember or write down. In this review series, we took a closer look at 12 of the leading password managers on the market.
Whether for email, online shopping, or streaming, most people have lots of password-protected accounts. Since there are so many of these, it's common to reuse passwords. Fair enough: But this doesn't only make it easier for you to remember your password, it also gives hackers a leg up.
Whenever you use the same email address/username and password combination for an account, your overall security is reduced by 50%. Once digital data thieves know that a certain 'key' works, they can try it in as many figurative 'locks' as they want. Password managers neutralize this threat by assigning each account a unique password, which they safely store so that you don't have to remember it.
Password managers are no longer an obscure security tool used only by pros. You'll never look at the Internet the same way after you start to automatically create and store unbeatable passwords in your new digital vault.
Six Reasons to Get a Password Manager
Password managers are a must for any computer, laptop, or smartphone. Even if you aren't worried about your security, they're extremely convenient and save their users both time and frustration.
Still not convinced? Here are six advantages of password managers:
Give each account a unique and highly secure password
Change passwords whenever you want
Only remember one master password
Central storage for account data: accessible across multiple devices
Autofill login credentials
Safely store and automatically input payment information or addresses
Once configured, a password manager quietly goes about its business. The browser extension automatically recognizes and saves new logins to your password vault. As a result, the program rarely requires your attention, so long as it does what it's supposed to. This makes choosing the right password manager all the more crucial.
It's a good idea to regularly check whether any of your accounts have been compromised. Two well-known platforms that do this include Have I Been Pwned?, run by security expert Troy Hunt, and Identity Leak Checker, which is a service of the Hasso Plattner Institute. "Have I been Pwned" lets you know whether your email address is in their database, while Identity Leak Checker sends its findings to your email.
Password Manager Review: What's the Best Solution?
There are plenty of password managers on the market and nearly all of them operate on the same principle. Since there are some important differences between them, we've taken a look at 12 of the most popular options to let you know how they stack up against one another. Below, we'll introduce you to our Top 5.
Overall Winner: Dashlane
Dashlane was our clear winner because its premium version does everything a bit better than all of its competitors. The program is easy to install, its web app is quick and intuitive, and it comes loaded with features. We particularly liked Dashlane's convenient password changer that automatically replaces your weak passwords. As an added bonus, paying subscribers even get a VPN. Autofill was reliable during both browser and smartphone testing.
Dashlane's web app is intuitive, even if you're new to password managers.
There is a free version of Dashlane, however, this is more like a trial. Free users are limited to 50 data sets and cannot sync entries across different devices. As something of a trade-off, the service's paid subscriptions are competitively priced.
A Premium Dashlane subscription offers the best overall package and is our top pick.
1Password
With 1Password, we felt that our passwords were in safe hands thanks to the software's excellent security score in our review. Developed by AgileBits, it offers additional security features such as locally-created 128-bit secret keys, which help you to log in from a new device. Also included is "Travel Mode" which you can use to temporarily make your vaults unavailable.
There's a traditional security center ("Watchtower"), which alerts you to unsafe passwords in your vault, as well as a powerful password generator that can create passphrases. The service offers plenty of data set templates and each can be customized to your heart's content.
1Password's desktop app is somewhat cramped, but we quickly found what we needed.
1Password also doesn't disappoint when it comes to autofill: Even on websites that have multi-site or pop-up-based login processes, its browser extension almost always supplies the correct information. New account information is also automatically and reliably stored.
With plenty of features, optimum security, and reliable autofill, 1Password is a solid choice. Our only complaint is that there isn't a free version.
Keeper
Whether in its desktop client, browser extension, or smartphone app, Keeper is a highly intuitive password manager. Data sets are logically assigned to folders which can be arranged by dragging and dropping them.
We particularly liked how much Keeper allows data sets to be customized. For example, users can add custom fields or even powerful, one-time passwords to individual entries or folders. On the downside, the service has fewer templates than 1Password.
Looks can be deceiving: Keeper won't win any beauty contests, but it's a powerful password manager.
Users can specify how the browser extension handles data sets. It's possible, for example, to specify when autofill should and shouldn't engage with a form field. Autofill worked perfectly during our assessment, even for complicated logins.
Like 1Password, there isn't a free version of Keeper. As something of a consolation, you can test the full version for 30 days at absolutely no cost.
NordPass
None of our Top 3 offer a full free version, and some are subscription-only: NordPass breaks this pattern. Designed by the creators of NordVPN, this fairly new software has taken over LastPass's previous position as our favorite free password manager. This is because NordPass doesn't restrict what free users can do (unlimited data sets and unlimited cross-device syncs are included) making it highly usable on both desktops and smartphones.
However, there's more to NordPass than a great free password manager: In addition to its excellent user interface, imports from other password managers or programs also functioned smoothly. Autofill was reliable most of the time, and we only had one or two technical difficulties.
NordPass's user interface is fairly self-explanatory.
Still, NordPass isn't as developed as the other leading programs from our sample. Even though users get the most important features, there's less flexibility than in any of our Top 3. For example, entry fields are fixed, and there are only a few customization options for them. You also shouldn't expect special features like the password changers found in Dashlane or LastPass.
All the same, we're confident that many users will accept these shortcomings in light of its powerful and generous free version.
Bitwarden
Bitwarden finished right behind NordPass and is also a first-class, free password manager. Like NordPass, Bitwarden doesn't impose any data set or device sync limits. If you're willing to pay for a subscription, its premium version costs less than most of its competitors.
Regardless of whether you use its "Web Vault", desktop client, browser extension, or smartphone app, you'll be treated to a well-rounded and highly intuitive password manager. All important features are included and it doesn't take long to work your way around the software. Unfortunately, some features need to be purchased separately, like password sharing. This is odd since sharing is free with most other password managers.
Use Bitwarden either in your browser or through its desktop client.
Autofill was reliable most of the time during testing, with only a few misses (failure to appear) in the mobile app.
Bitwarden isn't perfect, but it does offer a good package at a very reasonable price.
Overall Results
Our top picks excelled in most areas and surpassed the other seven password managers we reviewed. However, this doesn't make them the best or only solutions for your individual needs.
The table below provides an overview of how each password manager from our sample performed:
Guide: How a Password Manager Works
At the center of any password manager is an encrypted database located either on the system where the service is installed (locally) or in the cloud (remotely). That database and all of its entries are accessible only with the master password.
Since your master password unlocks your digital vault, it should be as tough to crack as possible. The US Cybersecurity and Infrastructure Security Agency offers these helpful guidelines for secure passwords:
Use multi-factor authentication when available.
Use different passwords on different systems and accounts.
Don't use passwords that are based on personal information that can be easily accessed or guessed.
Use the longest password or passphrase permissible by each password system.
Don't use words that can be found in any dictionary of any language.
Check our secure password guide for more information or put your passwords to the test with our Password Checker.
Follow the guidelines above to give your digital vault the strongest protection possible.
Most password managers have multiple user interfaces. The main control centers are usually dedicated desktop clients or web dashboards, however, many programs offer both.
Typically, password manager user interfaces are divided into two or three columns: Navigation is often on the left, and you'll be able to select between categories of data sets and features. In the center, you'll see individual entries, whether login credentials, notes, or payment methods. Click on one, and a detailed view will open to the right. There, you can edit it or make changes.
Password manager user interfaces (here, LastPass) usually look similar.
Almost all of the password managers from our sample have browser extensions and mobile apps. These come in handy when you want to create a new account, update an existing entry, or log in to websites and services online.
Browser extensions are frequently a miniature version of the software's password vault. You'll be able to access all data sets and make use of certain features, like a password generator. Copy and paste data into the mobile vault to add login credentials. These entries will then be synced with your desktop client and web app.
Dashlane's browser extension displays stored entries for websites that you visit.
Below, we'll explain some key terminology as well as the various features that password managers typically include.
Import Passwords
If you've used a password manager before, you can usually import any existing data sets to your new one with relative ease. With LastPass, this is particularly convenient, since users can transfer data sets in a wide variety of formats, that the software will accurately integrate into its own vault.
Most platforms have an import assistant to help transfer saved entries from other password managers.
Browser Extension
As soon as you've imported an existing data set into your new password manager, you can use it. To activate autofill for content and web forms, you'll need to install your password manager's browser extension. After this, sign-ins and logins are easy: The first time you open a page that you have a stored entry for, your password manager's browser extension should ask if you want to use it.
Most of the time, password managers do this with small icons that appear in the login form. With some software, you'll need to click on the browser extension to input the necessary data set.
Password managers automatically identify the website you're on and supply stored entries for it.
Many password managers, like LastPass, notice when you create a new account or update a stored password. You'll usually be asked whether you'd like to create a new entry or modify the one on file.
If your password manager can't find the proper entry for a site that you want to log in to, you can search for it manually. Most apps have manual search features: Simply input the name of the website, its URL, or your account's username. Some password managers, like LastPass, remember search queries and create shortcuts for entries that you manually selected in the past.
Mobile Usage
Password managers can also help you access your accounts on smartphones or tablets. Since they constantly run in the background, they'll immediately spring to action when you attempt to log in to a website or service. Then, just like on your PC or laptop, they'll display any stored entries for it. All you have to do is tap on the login button.
Nearly all password managers have Android and iOS mobile apps.
To ensure that autofill works in your smartphone browser as designed, you'll need to grant the app access rights to your phone. Most apps automatically walk you through this process after the software has been installed.
Two-Factor Authentication
At this point, you've downloaded a password manager and created a strong master password. However, in the unlikely event that a hacker cracked that password, you'd be back at square one, or worse. For this reason, we recommend that you give your account an extra layer of security: A second password. But don't worry, you won't need to remember it.
With two-factor authentication (2FA), you'll log in as usual with your username and password. However, instead of being taken to your password manager's vault, you'll need to enter an additional code. This is generated either by an app (like Google Authenticator) or sent elsewhere (to your smartphone or email address). Such codes are only valid for a short time (usually 30 seconds), so act quickly!
Protect your password vault with two-factor authentication. With this, you'll need to enter a one-time code each time you log in.
You'll activate 2FA and pair your account with an authenticator app in your password manager's settings menu. To check whether a particular platform supports two-factor authentication, select the "Two Factor Authentication" filter in our comparison tool.
Form Autofill
Whenever you register an online account, you'll be asked for the same information: Your name, address, email, and phone number. With a password manager, you won't ever have to type out this information again since they store it in a profile that you can input whenever needed.
Bank account and payment information can also be stored in your password vault, and automatically filled in as required.
Integrated form assistants (here, Sticky Password) make it easy to register or sign up for an online service.
After a profile has been saved, just select it the next time you sign up for a website or service. The form assistant takes care of the rest.
Most password managers store multiple addresses, such as those for your business or home. If you create several profiles, the form assistant will ask you to select which it should supply.
Manage Sensitive Data
Usernames and passwords aren't the only sensitive data we store digitally. Thankfully, most password managers protect this information within the same high-security vault as your logins or personal files. There are usually a variety of preset categories to organize these. 1Password, for example, provides "Identity", "Software License", "Wireless Router", and even "Outdoor License" templates.
1Password offers a nice selection of data set templates.
Most password managers allow users to create custom categories by adding fields to entries. However, some do not and only offer a handful of default categories.
Nearly all password managers include a category for notes, where you can save everything that doesn't fit anywhere else. Such information might not be autofilled but you can search through your notes to find what you need.
Create and Change Passwords
Once you have a password manager, whenever you need a new password, or to change an existing one, the software will handle this on its own. Most software includes password generators that automatically create highly secure passwords based on custom parameters. When you need a new password, an icon should appear above the field in your browser. Click on it and you'll be forwarded to your app's password generator.
Password generators allow users to automatically create secure passwords for any website or service.
When you change a password, your password manager's browser extension should detect it. Typically, the extension will then ask whether it should replace the old password with the new one. Confirm and the new password will be saved in your database.
Encryption Algorithms
The security of your stored data depends primarily on the encryption algorithm your password manager uses. In addition, how and where this encryption is applied is just as important.
With most password managers, this is Advanced Encryption Standard (AES) 256-bit encryption, which is considered to be highly secure. The '256' refers to the security key's length. For comparison, both AES-192 and AES-256 are approved for use in US government documents.
Whenever you register a new account, an individual key is generated from your email address and master password. That key is then used to encrypt and decrypt your password database. Depending on your settings, this can occur in combination with a one-time key from an authenticator app.
As mentioned, it's important to pay attention to what encryption algorithm is used as well as where your encrypted data is stored.
Zero-Knowledge Proof: What Does Your Provider Know?
Zero-knowledge encryption (or proof, or principle) means that your password manager's developer doesn't have your encryption key or master password. This is because it isn't stored on any of their servers, but only locally, on your computer or device.
In this way, password managers can guarantee the security of your data (for example, a government agency cannot subpoena them for information that they do not have). This means that no one can decrypt your data, even if they get onto your provider's servers.
Keeper uses the graphic above to explain zero-knowledge encryption.
However, this approach isn't perfect: Since your provider doesn't have your password, they can't help if you lose or forget it. Some password managers have contingencies like password hints, an address or phone number that a password can be reset with, or emergency access for trustworthy people.
You can see which password managers offer either of these options by ticking the "Zero-knowledge Encryption" and "Emergency Contacts" filters in our comparison tool.
Local or Cloud Storage
Even though they've done a lot to enhance their security, most people remain skeptical about cloud storage. At the end of the day, few are ready to hand over control and management of personal data to servers that they can't access or are based abroad.
For that reason, we recommend only using cloud services that adhere to the zero-knowledge proof.
If you're still not convinced about whether your information is in safe hands, you can see which password managers let users locally manage and store data by selecting the "Local Storage" filter in our comparison tool. Keep in mind that locally stored data cannot be accessed by multiple devices since it's located on a single computer, tablet, or smartphone. However, even with these services, it's usually possible to enable cloud syncing.
Enpass lets users configure cloud syncing of stored data.
Share Passwords With Others
Cloud-based data can be synced across your devices, shared with others, and used within a team. Many password managers allow individual data sets, entire folders, or even categories to be shared. For example, LastPass lets you monitor which entries you've shared in the "Sharing Center".
Many apps allow you to share data with others, like login credentials for streaming platforms.
This sort of functionality makes it very easy to manage shared accounts, on streaming or shopping platforms, for example.
Many providers offer business or team versions of their software. Most IT departments continue to manage passwords for servers, network switches, firewalls, and more with Excel spreadsheets. This is neither safe nor practical since access cannot be effectively regulated. With a team-based password manager, it's possible to strictly control access to data and password usage.
If this feature sounds interesting and important to you, select the "Teams" filter in our comparison tool.
Other factors to consider
Each provider we tested takes a somewhat different approach to usage licenses. Most can be installed and used on as many devices as desired, however, some limit this. When this is the case, we've noted it in the pricing section (select the "Sync Multiple Devices" filter).
Another factor you might want to take into consideration is the number of data sets a password manager lets you create and store. Most premium apps allow for unlimited passwords, however, free versions often limit this and can be unusable. To filter results based on how many passwords you can store select the, "at least 100", "at least 500", or "unlimited passwords" filters in our tool.
Conclusion
We think password managers are an important element of cybersecurity for the simple reason that even if a hacker manages to crack one of your accounts, the rest will remain unharmed.
Thanks to their ability to automatically generate tough passwords, anyone can use them to create unique and secure passwords for their accounts. Because you only have to remember a single master password, the complexity of all other passwords doesn’t matter. They can easily be 20 characters long and consist of random combinations of numbers, special characters, and upper and lowercase letters.
To find out which service suits you and your needs best, we recommend using our comparison tool and then reading our comprehensive reviews. Most apps offer a free trial period, so you don't have to buy a product outright. If you dislike one app, simply move on to the next one.
FAQs
Password managers store, manage, and encrypt passwords. You'll access all of your accounts with a single master password, which means that you'll never need to remember their login information. New passwords are generated automatically to give your accounts formidable protection. You'll also get security extras, and can easily save other sensitive data like credit card numbers, IDs, and certifications.
Yes! Password managers combine convenience and security. They keep your accounts safe with automatically generated and unique passwords. If there's ever a leak on one platform, the rest of your accounts won't be at risk. Moreover, you'll only ever have to remember your master password.
Passwords are usually stored and encrypted on the servers of the password manager you're using. Since most adhere to the zero-knowledge principle, your provider never knows your master password. This means that the encryption code is stored locally, on your computer. To guarantee this, some providers submit to independent security audits. Several password managers allow local password storage.
Password managers are considered highly secure and are much safer than reusing passwords. Your master password should be hard to guess since it provides access to all your accounts. For extra security, enable two-factor authentication. Once you submit data to a provider, you lose control over it. At the same time, compromises are rare and most reputable services are considered safe.
Many factors can play a role in this, like security, pricing, features, and interface. Most apps offer the same basics, even if these vary in quality. How well autofill works or how frequently the browser extension detects a password form also differs from app to app. Some programs stick to the basics while others include more sophisticated security features. Finally, there are significant differences in terms of price.