Whether for email, online shopping, or streaming, the number of accounts the average person has seems to grow constantly. Most supply these with the same login data. Fair enough: But this doesn't only make it easier for you to remember your password, it also gives hackers a leg up. Should you use the same combination of email address and password for all of your accounts, once compromised, digital data thieves can try your figurative 'key' in as many 'locks' as they wish. Password managers, which assign each account a unique password, storing and remembering them safely so you don't have to, are here to help.
Password managers have stepped out of the shadows, and are no longer an obscure security tool used only by pros. Once you've gotten used to automatically creating and storing practically uncrackable passwords in your new secure digital vault, you'll never look at the Internet the same way.
Six Good Reasons Why You Should Get a Password Manager
Robust password managers are an absolute must-have for any computer, laptop, or even smartphone. Even if you aren't all that concerned about your security, they also offer a considerable degree of convenience, saving time and frustration on a daily basis.
Still not convinced? Below, we've listed six benefits of using a password manager:
Every service/account is assigned a unique and highly secure password
Passwords can be changed frequently without much effort
You only ever have to remember a single master password
Accounts and login data are stored centrally, making them accessible across multiple devices
Login credentials are filled in automatically
Other data sets, such as payment information or addresses can be stored and automatically input into form fields
Once configured, a password manager will unobtrusively go about most of its business. The browser extension recognizes new logins automatically, saving them to your password vault without you having to lift so much as a finger. Accordingly, the tool will rarely require your attention, so long as it does what it's supposed to. For that reason, selecting the right password manager is crucial.
It's a good idea to check whether any of your accounts have already been compromised. Two of the more well-known platforms that offer this sort of information are Have I Been Pwned? ⇱, run by security expert Troy Hunt, and Identity Leak Checker ⇱, which is a service of the Hasso Plattner Institute. The two services differ slightly with "Have I been Pwned" letting you know in your browser whether your email address shows up in their database, whereas Identity Leak Checker sends its findings to your email.
Password Manager Review
A wide selection of password managers is available, all of which are based on the same concept. With that said, there are differences between them, so, we've taken a look at 12 of the most popular options to let you know how they stack up against one another. Below, we'll introduce you to our Top 5.
Overall Winner: Dashlane
Naming Dashlane as our top pick wasn't a very difficult decision since the premium password manager's paid version does everything a bit better than its competitors. The service is easy to install, its web app is quick and intuitive, and it comes loaded with features. We particularly liked Dashlane's convenient password changer that automatically swaps out weak passwords for stronger ones. As an added bonus, premium subscribers can take advantage of an integrated VPN.
In terms of autofill, Dashlane was completely reliable in both our browser and on our smartphone. The powerful browser extension offers an excellent supplement to the service's main client.
Dashlane's web app is intuitive, even for those using a password manager for the first time.
Dashlane offers a free version, but this is really more of a trial, since you'll be limited to 50 data sets and not be able to sync across different devices. As something of a trade-off, the service's premium version is priced competitively.
A premium subscription to Dashlane offers the best overall package, easily making it our top pick.
With 1Password, we felt that our passwords were in extremely capable hands, not least owing to the high security score it achieved in our review. Developed by AgileBits, it offers additional security features such as the locally-created, 128-bit secret key, which you will need to log in from a new device, as well as Travel Mode, which allows you to temporarily make vaults unavailable when on the move.
You'll also find the traditional security center (Watchtower), which highlights unsafe passwords in your vault, as well as a powerful password generator, capable of creating passphrases. The service offers plenty of data set templates as well as the ability to customize these further by assigning user-defined fields to them.
1Password's desktop app is somewhat cramped, but we quickly got our bearings.
1Password was also reliable when it came to autofill. Even on websites that have multi-site or pop-up-based login processes, the browser extension supplied the correct information almost always. New registrations are also reliably saved.
With plenty of features, optimum security, and reliable autofill, 1Password is a solid choice. Unfortunately, no free version of the software is offered.
Whether in its desktop client, browser extension, or smartphone app, Keeper is another highly intuitive password manager. Data sets are assigned logically to folders which can be moved around by dragging and dropping them.
We particularly liked how much freedom Keeper offers when configuring data sets. For example, it's possible to create user-defined fields and assign quickly expiring one-time passwords to data sets or folders. On the downside, the service does offer fewer templates than 1Password.
Keeper might not have the most appealing interface on the market, but the service does what it's supposed to.
You can also set how the browser extension interacts with data sets. This makes it possible, for example, to control when autofill should engage with a form field, and when it shouldn't. While on that subject, autofill worked perfectly during our assessment, even for more intricate logins.
Like 1Password, Keeper also (unfortunately) doesn't have a free version. As something of a consolation, it's possible to test the full version for 30 days at absolutely no cost.
You might have noticed that our Top 3 either have extremely limited free versions or offer none at all. Our fourth pick, NordPass breaks this pattern. This fairly new software, designed by the creators of NordVPN, has taken over the position previously held by LastPass as our favorite free password manager. This is because NordPass puts few limits on what free users can do (unlimited data sets and unlimited cross-device syncs are included) making the software highly usable on both desktops and smartphones.
However, NordPass's developers do more than just offer up a great free password manager: In addition to its excellent user interface, importing data from other password managers or programs also functioned smoothly. Autofill was reliable most of the time, only letting us down here and there.
NordPass's user interface is fairly self-explanatory.
Still, NordPass isn't as developed as the other leading programs from our sample. While it offers access to the most important features, it does lacks the flexibility of our Top 3.
As one example, data set fields are fixed, and only a few options are provided for customizing these. Special features like the password changers offered by Dashlane or LastPass are also missing.
All the same, we're confident that many, like us, will accept these shortcomings in exchange for the software's high-performing free version.
Right on NordPass's figurative coattails is Bitwarden, another first-class, free password manager. Like NordPass, Bitwarden doesn't impose any data set or cross-syncing limits. Should you be willing to pay, the service's premium version is much less expensive than those of most of its competitors.
You'll be treated to a well-rounded and highly intuitive password manager, whether using its web vault, desktop client, browser extension, or smartphone app. All important features are on offer and you won't need long to work your way around the software. Unfortunately, some features, such as password sharing, which are included in other providers' premium subscriptions, need to be paid for, even if you're already a premium customer.
Bitwarden can be controlled either directly in your browser or through its desktop client.
During our assessment, autofill was reliable most of the time, with only a few misses (failing to appear) when using the smartphone app.
Bitwarden isn't perfect, but it offers a good package and has a great price-performance ratio.
Our top picks excelled in most areas, nudging them above the other seven password managers we looked at. However, this doesn't automatically make them the best or only solutions for your individual needs.
The table below provides an overview of how each password manager from our sample fared:
How a Password Manager Works
At the core of every password manager is an encrypted database located either on the system where the service is installed (locally) or in the cloud (remotely). Access to that database, and all of its accompanying entries, is only possible with a master password.
Since your master password provides access to your digital crown jewels, it should be as uncrackable as possible. The US Cybersecurity and Infrastructure Security Agency offers the following helpful suggestions ⇱ for creating a secure password:
- Use multi-factor authentication when available.
- Use different passwords on different systems and accounts.
- Don't use passwords that are based on personal information that can be easily accessed or guessed.
- Use the longest password or passphrase permissible by each password system.
- Don't use words that can be found in any dictionary of any language.
By adhering to the guidelines above when creating a master password, you'll afford your database maximum protection.
Most password managers offer an assortment of different user interfaces, with a dedicated desktop client or web dashboard serving as the primary control centers. A number of programs offer both.
Typically, password manager user interfaces are divided into two or three columns: To the left, you'll find a navigation menu, where you can alternate between data set categories and features. In the central column, your individual data sets, whether login credentials, notes, or payment methods, will be listed. Clicking on one of these will open a detailed view of that individual record to the right, where you can then edit them.
Most password manager user interfaces (here, LastPass) feature similar layouts.
In addition, nearly all password managers from our sample possess browser extensions and mobile apps, which come in handy for creating new accounts, updating existing data sets, or automatically logging in to websites and services.
Browser extensions are frequently mini-versions of the password vault, through which you can access all data sets, as well as a selection of features, such as the password generator. Login credentials can be added by copying and pasting data into the mobile vault as well (which will then be synced with your desktop client or web app).
Dashlane's browser extension displays available data sets for whatever website you're currently visiting.
Over the next few sections, we'll go into a bit more detail about some key terminology as well as the different features password managers offer up.
Should you already be using a password manager, but not happy with its performance, you can usually import your data into most apps with relative ease. LastPass makes this process especially convenient, allowing users to transfer data sets in a wide variety of formats, making it possible for them to easily be read and used by the software.
Most platforms include an import assistant that makes transferring passwords between services quick and easy .
Once you've imported your existing data sets, it's time to start putting them to use in your new password manager. Autofill for content and web forms typically requires installation of the service's browser extension. After this is done, signing in or registering become child's play: The first time you open a page for which you have a stored entry, the browser extension should ask whether you want to use it.
Most of the time, password managers do this with small icons that appear in the login form's fields. With some software, you'll need to click on the browser extension to supply the necessary data set.
Password managers automatically identify the website you're visiting and supply login credentials if an entry for that site is present in your database.
Many providers, such as LastPass, recognize when you're creating a new account, or updating the password for an existing one. Should you do either, you'll be asked whether you want to create a new data set or update an existing entry.
If your password manager can't locate the proper data set for a site that you're attempting to log in to, you can search for it manually. Most apps let users search by entering the name of the website, its URL, or the username. Some password managers, like LastPass, will remember previous search queries and create shortcuts for the option you manually selected in the past.
Password managers are also capable of handling your accounts on mobile devices, such as smartphones or tablets. Since they constantly run in the background, they'll immediately notice when you attempt to log in to a site or service, and should, as on your PC or laptop, show the entries you have on file for it. All you'll have to do is tap on the login button.
Nearly all services offer mobile apps for Android and iOS.
To ensure that autofill works as it should in your smartphone browser, you'll need to grant the app access rights. Most apps automatically walk you through this process after the software has been installed.
At this point, you've hopefully gotten a password manager and created a strong master password for it. However, should a hacker crack your password, you'll be back at square one and they'll have access to all of your accounts. For this reason, we recommend supplying your database with an additional layer of security, a second password. But don't worry, you won't have to remember this one.
When activating two-factor authentication (2FA), simply log in as usual with your username and password. However, instead of being taken to your database, you'll need to enter an additional code, generated either by an app such as Google Authenticator or sent to another device, such as a smartphone or email address. This code is only valid for a limited time (usually 30 seconds), so act quickly!
Protect your password vault with two-factor authentication. With this, you'll need to enter a second one-time code each time you log in.
Enabling 2FA and linking your account with an authenticator app can be done through the settings of whatever platform you're using. To check whether a platform supports two-factor authentication, tick the "Two factor authentication" box under "Security" in our comparison tool.
Whenever you register somewhere online, you'll be asked for the same information: Your name, title, mailing address, email address, phone number, and so on. Through their integrated assistants, password managers also remove the need for you to do this. These will store all relevant data in a profile, supplying it when needed.
Banking and payment information can also be saved in your password vault, and automatically filled in when needed.
Integrated form assistants (here, Sticky Password) make registering or signing in to an online service hassle-free.
After installing a password manager, the next time you sign up on a site or for a service, all you'll have to do is select the profile you want to use and the form assistant will take care of the rest.
Most password managers allow multiple addresses to be stored, such as for your business or home. Should you create multiple profiles, the form assistant will ask you when registering to select which profile it should supply.
Managing Sensitive Data
Usernames and passwords aren't the only sensitive data we store digitally. Thankfully, most password managers make it possible to sequester this information within the same high-security vault as your logins or personal files. Most password managers offer a variety of preset categories for organizing these. As an example of how extensive these can be, 1Password provides ID, software license, WLAN router information, and even hunting permit templates.
1Password offers a nice selection of templates for data sets.
Most password managers also allow users to create their own categories for data sets by adding fields to the entries. However, a number of providers don't allow users such a free hand, offering only a handful of default categories to choose from.
Nearly all password managers include a category for notes, where you can save everything that doesn't fit anywhere else. Such information might not be filled in automatically but you can search through your notes to find what you need.
Creating and Changing Passwords
As soon as you have a password manager, whenever you need to create a new password, or change an existing one, the software will be able to handle this on its own. Most come with password generators that allow their operators to create highly secure passwords automatically, adjusting parameters as they see fit. When filling in a new password, an icon should appear above that field in your browser, with, which a click, will forward you directly to the service's password generator.
The integrated password generators that most password managers come with allow users to automatically create secure passwords for any site or service.
Should you change the password to one of your accounts, your password manager's browser extension should detect it. Typically, the extension will then ask you whether it should replace the old password with the new one. By confirming, the new password will be saved in your database.
Security – Encryption Algorithms
One key aspect of how secure your stored data is, is the encryption algorithm used by the software. Of course, just how and when encryption is used is also important.
Usually, Advanced Encryption Standard (AES) 256-bit encryption, which is considered to be highly secure, is employed. The 256 refers to how long the security key can be. For comparison, in the US, AES-192 and AES-256 are both approved for government documents.
During the registration process, an individual key is generated from your email address and master password. That key is then used to encrypt and decrypt your password database. Depending on your settings, this occurs in combination with a single-use key from a 2FA app.
Paying attention to what encryption algorithm is used is important, but so is knowing where your data is encrypted.
Zero-Knowledge Proof – What Does Your Provider Know?
Zero-knowledge encryption (or proof, or principle) means that your service provider doesn't have any access to your encryption key or master password. This is because it isn't stored on any of their servers, but only locally, on your computer or device.
By adhering to this principle, your provider guarantees that both they and your data are protected (i.e. government agencies cannot subpoena them for information that they don't have). This means that no one can decrypt your data, even if they gain access to your provider's servers.
Keeper explains zero-knowledge encryption to its users with the above graphic.
However, that knife cuts both ways. Since your provider doesn't have any idea of what your password is, they also can't help if you lose or forget it. Some password managers have integrated contingencies for such scenarios: password hints, an address or phone number a password can be reset with, or emergency access for trustworthy people.
You can check which password managers offer either of these options by ticking the "Zero-knowledge encryption" and "Emergency contacts" boxes in our comparison tool.
Local or Cloud Storage
Despite pulling out all the figurative security stops, most of the general population remains critical of cloud services. At the end of the day, people still dislike surrendering control and management of personal data, storing it on servers that are located, for the most part, in foreign jurisdictions.
For that reason, we recommend only using cloud services that adhere to the zero-knowledge proof.
Should you remain unconvinced about whether your information is in safe hands with a cloud-based service, you can view those password managers which allow users to manage and store databases locally by ticking the "Local Storage" box in our comparison tool. Beware though: As a trade-off, locally stored databases aren't accessible by multiple devices since they're located on a single computer, tablet, or smartphone. However, even with these services, cloud syncing can usually be enabled.
Enpass is one of the services from our sample the allows users to configure cloud syncing of their stored data.
Sharing Passwords with Others
If storing your data in the cloud, a variety of practical things, such as synchronizing data across all of your devices, sharing passwords with others, or even working with shared passwords within a team, are possible.
You can share individual data sets, entire folders, or even categories with others. For example, with LastPass, it's possible to keep tabs on what data you've shared in the Sharing Center.
Many apps allow you to share data, such as login credentials for streaming platforms, with others.
With this feature, managing shared accounts, such as on streaming or shopping platforms, becomes much easier.
Many providers offer business or team versions of their software. Most IT departments continue to manage passwords for servers, switch, firewalls, and more with Excel spreadsheets, which is neither safe nor practical since access cannot be regulated effectively. Switching to a team-based password manager makes it possible to strictly control who has access to what sort of data, as well as to control the usage of passwords.
In the event that this feature piques your fancy, tick the box next to "Teams" in our comparison tool.
Other Factors To Consider
Each provider we assessed takes a somewhat different approach when it comes to usage licenses. Most can be installed and used on as many devices as desired, however, some limit this number. We've made this clear in the pricing sections for each platform (select 'Unlimited' under Devices).
Another factor you might want to take into consideration is the number of data sets a password manager lets you create and store. Most paid apps allow for unlimited passwords, however, free apps often come with limitations, some of which can make them downright unusable. To filter results based on how many passwords you'll be able to store, we've provided three filter options in our comparison tool, namely, "At least 100 Passwords", "At least 500 Passwords", and "Unlimited Passwords".
We think password managers are vital in protecting online accounts for the simple reason that even if a hacker manages to crack one of your accounts, the rest will remain unharmed.
Thanks to the ability to automatically generate tough passwords, anyone can create a unique and secure password for each account they have. Because you only have to remember a single master password, the complexity of all of your other passwords doesn’t matter. They can easily be 20 characters long and comprised of random combinations of numbers, special characters, and upper and lowercase letters, making your accounts virtually uncrackable.
To find out which service suits you and your needs best, we recommend using our comparison tool and then reading our comprehensive reviews for those services. Most apps offer a free trial period, so you won't have to worry about paying for something that you might later come to dislike. If an app doesn't suit you, simply move on to the next one.
A password manager stores, manages, and encrypts all of your passwords. With a single master password, you'll be able to access all of your accounts without having to remember any of their login information. New passwords are generated automatically to protect your accounts to the greatest extent possible. Moreover, password managers often include additional security features, making it easy to save other sensitive data and information – from credit card numbers to IDs, and certifications.