The number of online accounts we have, whether for email, online shopping, or streaming, seems to grow constantly. For convenience, most users supply all of their accounts with the same login data. Fair enough: But this doesn't only make it easier for you to remember your password, it also gives hackers a sizable advantage in cracking your accounts. Worse still, if you use the same combination of email address and password for all of your accounts, once compromised, digital data thieves can try your figurative 'keys' in as many keyholes as they wish, potentially penetrating all of your accounts. But don't fear, password managers, which assign each account a unique password, storing and remembering them safely so you don't have to, are here to help.
To start, it's a good idea to check whether any of your accounts have been compromised in the past, and plenty of websites exist that offer up exactly this sort of information. Two of the more well-known platforms are Have I Been Pwned?, run by security expert Troy Hunt, and Identity Leak Checker, which is a service of the Hasso Plattner Institute. The former's database comprises 5.7 entries for hacked accounts, while the latter has slightly more, at 5.9 billion.
Has your account data been stolen? Find out by checking the "Have I Been Pwned" or "Identity Leak Checker" databases.
The two services differ slightly with "Have I been Pwned" letting you know in your browser whether your email address shows up in their database, whereas Identity Leak Checker sends its findings to your email.
Five Good Reasons Why You Should Get a Password Manager!
Right off the bat, we need to give a disclaimer of sorts. A password manager won't prevent your accounts from being cracked, however, it does lower the risk of your data being stolen. Employing one is an effective way to buttress your security online:
Every service/account is assigned a unique and highly secure password
Passwords can be changed regularly and without much effort
You only have to remember a single master password
Accounts and login data are stored centrally making them accessible to multiple devices
Login credentials are filled in automatically
Once configured, a password manager will unobtrusively go about most of its business without you noticing.
Our Password Manager Review
A wide selection of password managers is available to choose from, all of which are based on the same concept. With that said, there are differences between them, so, we've taken a look at 12 of the most popular options to let you know how they stack up against one another. Below, we'll tell you which was our top pick, as well as which service offers the best price-performance ratio.
Review Winner: Dashlane
Naming Dashlane as our top pick wasn't a very difficult decision. The premium password manager's paid version does everything a bit better than its competitors. The service is easy to install, its desktop app is quick and intuitive, and it comes loaded with features. We particularly liked Dashlane's convenient Password Changer that automatically swaps out weak passwords for stronger ones as well as its powerful browser extension. As an added bonus, premium subscribers even get a VPN!
Dashlane wasn't perfect so far as autofill is concerned, but then again, none of the applications we tested were. Generally speaking, the service was highly reliable.
Dashlane's premium price was slightly above average, but considering the number of features that it comes with, it's reasonable.
If on the hunt for a free password manager, look elsewhere, as Dashlane's 'free' version strictly limits how many passwords can be stored (50) and doesn't offer cross-device synchronization.
Still, all in all, Dashlane was our clear favorite!
Price-Performance Winner: Sticky Password
Visually, Sticky Password isn't anything to write home about, especially when compared to Dashlane. However, if you're not put off by an interface that looks a little bit old-fashioned, you can take advantage of a powerful password manager. The service lacks a password changer but does offer up a practical and convenient password generator, as well as highly reliable autofill functionality. Sticky Password's "portable version" was a nice surprise, since it makes it possible to transfer Sticky Password onto a flash drive, creating a handheld vault for your passwords.
We were less taken with Sticky Password's browser extension, since it forwards users to the desktop app for pretty much everything, including password generation, which should be something that a browser extension can handle on its own. With that said, Sticky Password supports more browsers than any other app, something users of Comodo Dragon and Yandex are sure to appreciate.
Sticky Password was far from perfect, but it does offer a solid array of user-friendly features at a relatively low price.
Our top performers excelled in most areas, nudging them above their competitors. However, this doesn't automatically make them the best applications for your individual needs. The table below provides an overview of how each password manager we reviewed fared:
How a Password Manager Works
At the core of every password manager is an encrypted database located either on the device where the service is installed or in the cloud. Access to that database, and all of its accompanying entries, is only possible with a master password.
Depending on the software provider, browser extensions and mobile apps are also included that are useful for creating new accounts, updating data set entries, or automatically logging in to web services.
LastPass's browser extension links your password manager with the website you're visiting.
Below, we'll go into a bit more detail about some key terminology as well as the different features password managers offer up.
With password managers, your central database is protected by a single password. Cloud-based services typically utilize web interfaces for managing data entries. For this reason, it's particularly important to create a secure master password. The US Cybersecurity and Infrastructure Security Agency supplies several suggestions for creating a secure password, namely to:
- Use multi-factor authentication when available.
- Use different passwords on different systems and accounts.
- Don't use passwords that are based on personal information that can be easily accessed or guessed.
- Use the longest password or passphrase permissible by each password system.
- Don't use words that can be found in any dictionary of any language.
You can find additional information in our guide to secure passwords or put your passwords to the test with our Password Checker. By adhering to the guidelines above when creating a master password, you'll afford your database maximum protection.
Should you already be using a password manager, but not happy with its performance, you can easily import your data into most apps. LastPass offers users a convenient import function for transferring usernames and passwords in up to 40 different formats, making it easy to change password managers.
Most platforms include an import function that makes transferring passwords between services quick and easy .
Once you've imported your old login data, it's time to start using it in your new password manager. This is easily done with the help of a browser extension. The first time you open a login page, your password manager should ask whether you want to use the available entry for that page. After accepting, your login information will always be automatically filled in.
Password managers automatically identify the website you're visiting and enter login data if an entry is present in your database.
Many providers, such as LastPass, notice when you're creating a new account, or updating the password for an existing one. Should you do either, you'll be asked whether you want to update your database with the new information.
If your password manager doesn't automatically find the right data for a site that you're attempting to log in to, you'll still be able to search for it manually. Most apps let users search by entering the name of the website, its URL, or the username. Some password managers, like LastPass, will remember previous search queries and create shortcuts for the option you manually selected in the past.
Putting a password manager to work on your smartphone or tablet is at least as important as using it in your browser. Most providers offer apps for Android and iOS.
On Android devices, password manager apps constantly run in the background, displaying accounts as soon as you open an app. All you have to do is select the account in question and your password manager will automatically fill in your info.
Password managers assist in managing your login data on Android and iOS by filling in usernames and passwords for whichever apps you are using.
Using password managers on iOS has been more straightforward than on Android devices since iOS 12 was launched. Whenever an app prompts you for your credentials, you'll see your saved usernames and passwords above the keyboard. Simply select the right combination for the account in question and voila, you're in.
To take advantage of this functionality on iOS 12 devices, you'll need to go into your settings and activate your password manager. Then, go to "Passwords & Accounts" and select "Fill in automatically".
With iOS 12, Apple has vastly improved its support for password managers. Users can now determine which dataset login data is taken from.
At this point, you've hopefully gotten a password manager, and created a strong master password for it. However, should a hacker crack your password, you'll be back at square one and they'll have access to all of your accounts. For this reason, we recommend providing your database with an additional layer of security, namely, two-factor authentication (2FA). Don't worry, you won't have to remember anything!
Once enabled, simply log in as usual. However, instead of being taken to your database, you'll need to enter an additional code, generated either by an app such as Google Authenticator or sent to another device, such as a smartphone. This code is only valid for a limited time (usually 30 seconds).
Enabling 2FA and connecting your account with an authenticator app can be done in the settings of whatever platform you're using. To check whether a platform supports two-factor authentication, tick the "Two Factor Auth" box under "Security" in our comparison tool.
Protect your password manager with two-factor authentication.
Online registration forms always ask for the same information: your name, title, address, email address, phone number, and so on. Integrated assistants that automatically fill in the information provide a welcome relief from this monotony. All you have to do is sign in to an account once and save all the relevant data with your password manager.
Integrated form assistants make registering or signing in to an online service a matter of seconds.
After installing a password manager, the next time you sign up for a platform, all you'll have to do is select your profile. The form assistant takes care of the rest!
Most services make it possible to save multiple addresses, for business accounts, or for private ones. Should you create multiple profiles, when registering somewhere, the form assistant will ask you to select which profile to use.
Form assistants make it possible to create multiple profiles, for business or pleasure
Managing Sensitive Data
Usernames and passwords aren't the only sensitive data we store digitally. Thankfully, most password managers make it possible to sequester this information within the same high-security vault as your logins or personal information.
In addition to saving passwords, many providers let you save other sensitive information such as passport or social security numbers, credit card info, or even driver's licenses.
LastPass does this by allowing users to create secure notes, for which a number of templates are available.
Such information might not be filled in automatically but you can search through your notes to find what you need.
Whenever you change the password to one of your accounts, your password manager's browser extension should detect it. Typically, the extension will then ask you whether it should replace the old password with the new one. By confirming, the new password will be saved in your database; no copying and pasting needed!
Security – Encryption Algorithms
So, you've got a password manager with a strong master password and 2FA enabled. You've done your part for security, good job!
But there's another side to the security conundrum, namely, how secure the provider is. A good gauge for this is the encryption standard that they employ.
Usually, Advanced Encryption Standard (AES) 256-bit encyption is used, considered to be highly secure. The 256 refers to how long the security key can be. For comparison, AES-192 and AES-256 are both approved for government documents.
During the registration process, an individual key is generated from your email address and master password. That key is then used to encrypt and decrypt your password database. Depending on your settings, this occurs in combination with a single-use key from a 2FA app.
Paying attention to what encryption algorithm is used is important, but so is knowing where your data is encrypted.
Zero-Knowledge Principle – What Does Your Provider Know?
Zero-Knowledge sounds an awful lot like a bad thing, but it isn't when it comes to encryption!
Zero-Knowledge encryption means that your service provider doesn't have any access to your encryption key or master password, since it isn't stored on any of their servers, but only locally, on your computer or device.
By applying this technique, your provider guarantees that your data is protected and that they are too (i.e. government agencies cannot subpoena them for information that they don't have). This means that no one can decrypt your data, even if they have access to your provider's servers.
However, that knife cuts both ways. Since your provider doesn't have any idea of what your password is, they also can't help if you lose or forget it. Because of the human condition (basically, we occasionally make mistakes and do dumb things), most password manager developers have integrated contingencies: password hints, an address or phone number a password can be reset with, or emergency access for trustworthy people. Although we at EXPERTE see such 'second chances' as potential security vulnerabilities, they certainly have their uses.
You can check which password managers offer either of these options by ticking the "Zero-Knowledge Encryption" and "Emergency Contacts" boxes in our comparison tool.
Local or Cloud Storage
Despite pulling out all the figurative security stops, most of the general population remains critical of cloud services. At the end of the day, it remains necessary to surrender control and management of personal data, storing it on servers that are located, for the most part, in foreign jurisdictions.
For that reason, we recommend only using cloud services that utilize Zero-Knowledge encryption.
If a password manager supports Zero-Knowledge encryption, only you are capable of accessing your data with your master password.
Should you remain unconvinced about whether your information is in safe hands with a cloud-based service, you can view those password managers which allow users to manage and store databases locally by ticking the "Only Local Storage" box in our comparison tool.
Beware though: As a trade-off, locally stored databases aren't accessible by multiple devices since they're located on a single computer, tablet, or smartphone.
You can check which password managers offer local database storage, like RoboForm (pictured above), using our interactive comparison tool.
Sharing Passwords with Others
Storing your data on a cloud-based service makes it possible to use a variety of practical features, such as synchronizing data across all of your devices, sharing passwords with others, or even working with shared passwords within a team.
If you want to share passwords, simply create a folder and make it accessible for your colleagues. LastPass is one service that offers this functionality through its "Shared Folders" feature.
Many apps allow you to share data, such as login credentials for streaming platforms, with others.
With this feature, managing shared accounts, such as on streaming or shopping platforms is made much easier.
Should you want a password manager that provides this functionality, check the "Share Passwords" box under "Features" in our comparison tool.
Many providers offer business or team versions of their platforms. Most IT departments continue to manage passwords for servers, firewalls, and more with spreadsheets, which is neither safe nor practical since access cannot be regulated effectively. Switching to a team-based password manager makes it possible to strictly control who has access to what sort of access rights, as well as to control the usage of passwords.
In the event that this feature piques your fancy, tick the box next to "Support for Teams" in our comparison tool.
Other Factors To Consider
Now you're familiar with the most important characteristics of a password manager, but there are still a few more details we want to share with you.
Each provider we assessed takes a somewhat different approach when it comes to usage licenses. Most can be installed and used on as many devices as desired, however, to be on the safe side, we've included an option in our comparison tool to help you make sure. If you want to see which services offer unlimited synchronizations between devices, tick the box next to "Sync Multiple Devices".
Another factor you might want to take into consideration is how many passwords a password manager lets you create and manage. Most paid apps allow for unlimited passwords, however, free apps often come with limitations, some of which can make them downright unusable. To filter results based on how many passwords you able to store, we've provided three options in our comparison tool, namely, "At least 100 Passwords", "At least 500 Passwords", and "Unlimited Passwords".
We think password managers are vital in protecting online accounts, for the simple reason that even if a hacker manages to crack one of your accounts, the rest will remain unharmed.
Thanks to the ability to automatically generate tough passwords anyone can create a unique and secure password for each account they have, made even easier by automatic password changers, such as that offered by Dashlane.
Because you only have to remember a single master password, the complexity of all of your other passwords doesn’t matter. They can easily be 20 characters long and comprised of random combinations of numbers, special characters, and upper and lowercase letters.
To find out which service suits you and your needs best, we recommend using our comparison tool. Most apps offer a free trial period, so you won't have to worry about paying for something that you will later come to dislike. If an app doesn't suit you, simply move on to the next one.
What does a password manager do?
A password manager stores, manages, and encrypts all of your passwords. With a single master password, you'll be able to access all of your accounts without having to remember any of their login information. New passwords are generated automatically to protect your accounts to the greatest extent possible. Moreover, password managers often including additional security features, making it easy to save other sensitive data and information – from credit card numbers to IDs, and certifications.
Should I use a password manager?
Yes! Password managers combine convenience and security, ensuring that your accounts are protected by automatically generated and unique passwords. If there's a password leak on one platform, the threat is contained, meaning that the rest of your accounts aren't at risk. Moreover, you'll only ever have to remember your master password.
Where are my passwords stored?
Typically, your passwords are stored and encrypted on the servers of your provider. However, your provider doesn’t know your master password, since most adhere to Zero-Knowledge encryption, meaning that the encryption code is stored locally, on your computer. To ensure that this is the case, providers sometimes submit to voluntary independent security audits. Some password managers allow users to store their passwords locally on their own devices.
How secure is my password manager?
Password managers are considered to be highly secure. They’re definitely safer than using the same password for multiple online accounts. To minimize security threats, you should consider a few other things: Your master password is the key to all your accounts and should therefore be difficult to guess. You should also activate two-factor authentication to protect your accounts in case someone cracks your master password. However, the level of protection afforded your data after you submit it to your provider is beyond your control. In general, however, compromises are rare and most providers are considered safe.
Which password manager is the best?
When choosing a password manager, multiple factors come into play: security, pricing, features, interface, and so on. Most apps have the same basic features, but there are some variations in terms of quality. How well the autofill feature works or how frequently the browser extension detects a password form can differ considerably from app to app. Some applications only offer the basics while others provide more sophisticated security features. There are also big differences when it comes to pricing or how limited the free version of an app is.