The amount of online accounts is constantly growing – email accounts, shopping platforms and, of course, streaming services. For convenience's sake, most users use the same login data for all of their account: the same email address and the same, easy-to-remember password. And this makes the lives of data thieves a whole lot easier: They only need to hack one single account to get access to the rest as well. A password manager prevents this by giving each account its own password.
It's easy to find out whether one of the services you use has been the target of one of these attacks. There are numerous websites with vast databases. Two of the more well-known platforms are "Have I Been Pwnded", run by security expert Troy Hunt, and Identity Leak Checker by the Hasso Plattner Institute. Both databases store 5.7 and 5.9 billion hacked accounts respectively.
Have your account data been stolen? Find out with "Have I Been Pwned" and "Identity Leak Checker".
"Have I been Pwned" shows you directly on the website whether your e-mail address shows up in their database. The HPI tells you in a message whether your info has been compromised.
Five Good Reasons Why You Should Get a Password Manager
Of course a password manager doesn't prevent services from being hacked, but it does lower the risk of your data being stolen. Using one effectively improves your security:
Every service gets its own secure password
Password can be changed regularly and without much effort
You have to remember one key password only
Accounts and login data are stored centrally and are available on all devices
Login credentials are filled in automatically
Once set up, a password manager will unobtrusively do most of its tasks without you noticing
Password Manager Test
There's a plethora of password managers you can choose from and even though the principle is always the same, the individual apps can differ quite a lot. To provide you with a more concise overview, we've looked at 14 providers. Read on to find out which password manager is the best of them all, which ones are our favorites and which app offers the best price-performance ratio.
Test Winner: Dashlane
Electing Dashlane as our test winner wasn't a very difficult decision. The premium password manager's paid version just does everything a little bit better than its competition. The installation process is simple, the desktop app is quick and intuitive, and the apps come with an abundance of features. Especially Dashlane's convenient Password Changer that automatically swaps weak passwords with stronger ones makes the app stand out from the rest. Even a VPN is included in the package.
In the autofill category, Dashlane wasn't perfect, but none of the applications we tested were. Still, Dashlane was mainly very reliable. There's also a great browser extension that wonderfully complements the main client.
Dashlane's premium price might be above average, yet it's reasonable if you consider the amount of features it comes with. There's a free version that really only is good for some testing as it limits the amount of passwords that can be created to 50 and doesn't have any synchronization abilities.
Dashlane's premium version offers the best overall package in the nicest looking packaging. And that makes Dashlane our top choice.
Value King: Sticky Password
Visually, Sticky Password doesn't look like much, especially when compared to our test winner, Dashlane. But if you're okay with an interface that' looks a little old-fashioned, there'll be quite a powerful password manager waiting for you. We didn't find a password changer, but a reliable autofill function and convenient password generator. Sticky Password's "portable version" took us quite by surprise. With it, you can transfer your Sticky Password onto a flash drive and turn it into a mini vault for your passwords.
We didn't quite love the browser extension. It just "hands" trickier commands over to the main client. That's not all too bad, but generating passwords is something an extension should be able to do; many other apps show it can be done in a user-friendly way. On the other hand, Sticky Password supports more browsers than any other app; something Comodo Dragon and Yandex fans might appreciate.
Sticky Password isn't perfect, but it brings a solid array of user-friendly features and comes at a relatively low price.
Our test winners excel in certain things stick out from the rest in their categories. But that doesn't automatically mean they're the best application for your individual needs. The following table provides an overview of the results of every password manager test we ever did
How a Password Manager Works
At its core, every password manager has a central encrypted database which is either located on the used device or in the cloud. You can access that database and all its entries with a master password.
Depending on the software provider, you can use browser extensions and mobile apps that create new accounts, update dataset entries and log into services for you.
The browser extension – this example shows LastPass's extension – connects your password manager with the website you're on
In the following paragraphs, we look at each function the different password manager apps have to offer.
Your central database is protected by one single password. Cloud-based services use a web-based user interface for managing data entries. That's why it's especially important you choose a secure password. The German Federal Office for Information Security (BSI) has issued a useful guide to creating a safe password. We've summarized the most important key points:
- It should be easy to remember.
- It should have at least eight characters. A general rule: the longer it is, the better.
- It should contain a combination of digits, lower and upper case letters, and symbols.
- Your password shouldn't be found in a dictionary.
- Avoid digits or symbols at the beginning or the end of a word.
- Important password should be changed regularly.
You can find more information in our guide "Secure Passwords". You can check your password's security with our Password Check. If you follow the guidelines to creating a strong master password, your database will be ideally protected.
If you're already using a password manager, but you're not happy with it, you can easily import your data into most apps. LastPass offers users a convenient import function you can import your usernames and passwords in up to 40 different formats with. This makes changing password managers quick and easy.
Most platforms offer an import function that makes importing passwords quick and easy
After you've imported your old login data, it's time to integrate your password manager. This is easily done with the help of a browser extension. As soon as you open a login page, your password manager will throw up a notification. It then automatically fills in the right login info.
Your password manager will automatically identify the website you're on and put in the right login data if available
Many providers, such as LastPass for example, will know when you create a new account or update the password of an existing one. In this case, you'll get a notification to automatically update your database with the new password.
If your password manager doesn't automatically find the right data, you still have the option to look for it manually. Most apps let you search for it by typing in the name of the website, the URL or the username. You'll then get a list of platforms – some password managers like LastPass will remember your search and create a shortcut for the manually selected platform.
Using a password manager on your smartphone or tablet is at least as important as using it in your browser. Most providers offer apps for Android and iOS.
On Android, password manager apps are permanently running in the background and will open and show your available accounts as soon as you open an app you want to log into. You then select the account in question and your password manager fills in your info. You only have to click the login button to log in.
Password managers help you with managing your login data on Android and iOS as well and fill in passwords into whatever app you want to use
Using password managers on iOS is a seamless process since iOS 12. As you as an app asks you to put in your credentials, you'll see your saved usernames and passwords above the keyboard. All you have to do is select the right info for the account in question. For this to work on iOS 12, you have to go into your settings and activate your password manager. Go to "Passwords & Accounts" and then "Fill in automatically" to do so.
With iOS 12, Apple has vastly improved the support of password managers. Users can now determine from which dataset login data is to be taken from.
Your password database is now protected by a – hopefully strong – password. If a hacker comes into possession of that password, they'll also have access to all the platforms you use. That's why we recommend protecting your datasets with a second password. But no worries, that's not a password you have to remember.
In the case of two-factor authentication (2FA), you just normally log in with your username and password. Then, you need an additional code. That code is generated by an app such as Google Authenticator and is valid for a limited time only – usually 30 seconds.
Activating 2FA and connecting your account with the app can be done in the settings of whatever platform you're using. To see whether a platform supports two-factor authentication, select the option 'two-factor authentication' in the selection box.
Protect your password manager with two-factor authentication. A second single-use code is then required for logging in
Filling in Forms Automatically
Registration forms on the internet always ask for the same information: your name, title, address, email address and so on. Integrated assistants that automatically fill in the information for you are a welcome relief. All you have to do is sign in to an account once and save all the relevant data with your password manager.
Integrated form assistants make registering up for or signing in to an online service a matter of mere seconds
Next time you sign up for a platform, you just have to select your profile and have the form assistant automatically fill in the data for you.
Most services let you save multiple addresses, for example one for private purposes and one for business stuff. If you create multiple profiles like that, the form assistant will then provide with your profiles from which you can choose the profile you want to sign up with.
You can use multiple profiles – ones for private purposes and one for business, for example.
Managing Other Data
In addition to storing passwords and automatically filling out forms, most password managers also offer options for storing other structured data.
In addition to saving passwords, many providers let you save other login credentials for databases or server
LastPass does this by storing secure notes, for example. There are various forms available, such as one for access data to databases, for servers or your passport data.
That information might not be filled in automatically but you can search each note.
If you change the password to one of your account, your password manager's browser plugin will detect it. After you set a new password, the password manager will ask you whether it should replace the old one. Confirm, and the new password is saved in your database.
Security – Encryption Algorithms
An important aspect with regard to the protection of your stored data is the encryption algorithm that's being used and the way the encryption is carried out.
Usually, AES 256-bit encryption is used. That's the maximum length a key can be and is considered to be very safe. In the US, AES-192 and AES-256 are approved encryption standards for state documents of the highest security level.
During the registration process, an individual key is generated from your email address and your master password. That key is then used to en- and decrypt your password database – depending on your settings, that's done in combination with a single-use key from a two-factor authenticator app.
It's important what encryption algorithm is used to protect your data. It's also important where your data is encrypted.
Zero-Knowledge Encryption – What Does Your Provider Know?
This takes place on your end device and by the use of your master password. This way, no one can look at your passwords besides you – that goes for the provider of your app as well.
To ensure this, your master password obviously can't be sent to your provider's servers.
By applying this technique, – also known as Zero Knowledge encryption – your provider can guarantee the protection of your data. This way, no one can decrypt your data, even if they have access to your provider's servers.
This also means, that you can't recover your data should your master password get lost. Most app developers, however, have come up with contingency plans: password hints, an address or phone number a password can be reset with, or emergency access for trustworthy people.
The features list of our big password manager comparison provides you with an overview of apps that support Zero Knowledge Encryption and emergency contacts.
Local or Cloud Storage
Despite all security efforts, many users are still very critical of cloud services. At the end of the day, they still have to give up control of their data and store it on<s servers that, for the most part, are located in foreign countries with foreign privacy laws.
We therefore recommend that you only use cloud services that guarantee the application of Zero Knowledge encryption.
If a password manager supports Zero Knowledge encryption, only you can access your data with your master password.
In case you're still not quite convinced your information is safe with a cloud-based service, we've put together a list of providers that let you manage and store your databases locally. Of course, your databases aren't accessible by multiple devices, because they're stored on a single computer, tablet, or smartphone.
Our list of providers also gives you an overview of services that store and encrypt your databases locally, such as RoboForm.
Sharing Passwords with Others
Storing your data with the help of a cloud-based service gives you access to other useful features. In addition to synchronizing data across all your devices, you can also share passwords with others or even work with shared passwords as a team.
If you want to share passwords, you simply create a folder and make it accessible for other people. LastPass lets you do this with its feature "Shared Folders". Simply create a folder, add passwords to it and share it.
Many apps let you share data with others, such as login credentials for streaming platforms
With this feature, you can manage the family account on the streaming platform you use or manage shared accounts on shopping platforms.
If you’re looking for such this particular feature, make sure you activate the option “Share passwords” in your search settings
For businesses, many providers offer their own business teams version. The IT departments of many companies still manage their passwords for servers, firewalls and more with spreadsheets. This is neither safe nor practical because you can't control access this way. Using a password manager as a team enables you to precisely control who has what kind of access right to which password. You can also use security protocols to control the use of those passwords.
If you’re looking for this feature, make sure you activate the option “Team feature” in your search.
Other Factors to Consider
Now you know the most important characteristics of a modern password manager. When it comes to licensing, different providers take different approaches. Many password managers can be installed and used on as many devices as you like. We’ve added a list of available features to each subscription model.
Another thing you might want to consider is how many passwords a password manager lets you create and manage. Most apps let you create an unlimited number of passwords. But especially free apps often come with a set of limitations. That’s why we’ve added a section in our features overview in which you can specify the number of passwords an app lets you manage.
We think a password manager is vital to the protection of your online accounts. Even if a hacker manages to seize one of your accounts, the rest of your accounts are still safe.
Thanks to automatically generated passwords it’s super easy to create a unique and secure password for each of your accounts.
Because you only have to remember your master password, the complexity of the other passwords doesn’t matter. They can easily be 20 characters long or more and have a flexibly adjustable combinations of lower- and upper-case letters and symbols.
To find out which services suits you and your needs best, simply use our comparison calculator. Most apps offer a free trial period, so you’re taking no risks. If you don’t like an app, simply try the next one.
What does a password manager do?
A password manager stores, manages and encrypts all your passwords. With one single master password, you have access to all the accounts you save. New passwords are generated automatically to protect your accounts as reliably as possible. Moreover, password managers often offer additional security features and enable you to save other data and information – from credit card info to identification documents and certifications.
Should I use a password manager?
We think you should definitely use a password manager. It combines convenience with security, and ensures that each of your accounts is protected by an automatically generated and unique password. If there's a password leak on one platform, there won't be any threat to the rest of your accounts. Moreover, you only have to remember your one master password.
Where are my passwords stored?
Usually, passwords are stored and encrypted on the servers of your provider. However, your provider doesn’t know your master password, since its encryption usually follows the “Zero Knowledge” principle, and the encryption code is stored locally. To guarantee this, providers are sometimes subject to independent audits. Some password managers let users store their passwords locally on their device.
How secure is my password manager?
Password managers are considered to be extraordinarily secure. They’re definitely more secure than using one and the same password for multiple online accounts. To minimize security threats, you should consider a few other things: Your master password is the key to all your accounts and should therefore be hard to guess. You should also activate two-factor authentication to protect your accounts in case someone gets a hold of your master password. However, the level of protection of your data after you hand it over to your provider is beyond your control. In general, however, compromises are rare and most providers are considered safe.
Which password manager is the best one?
When choosing a password manager, multiple factors come into play: security, pricing, features, interface, and many others. Most apps have the same basic features, but there are some stark differences in quality. How well the autofill feature works or how efficiently the browser extension detects a password input box can vary greatly from app to app. Some applications only offer the basics while others stick out from the rest with their more sophisticated security features. There are also big differences when it comes to pricing or how limited the free version of an app is.