Image: Rob Schultz / IDG
We are terrible at passwords. Simply put, we suck at creating them and share them way too freely. Indeed, the very thing that can ensure our online security has become our biggest obstacle to it. And if you think you have good reasons not to use a password manager, we can tell you why you’re wrong.
The best password managers relieve you of the burden of having to create and memorize unique, complex logins on your own. And they protect your passwords by encrypting your login info in a virtual vault—either locally or in the cloud—only allowing access with a single master password. If you’re looking to step up your security game, a password manager is a way to do it. Yes, web browsers are starting to offer password management features, but they’re not good enough.
All of our top picks for password mangers support Windows, Mac OS, Android, and iOS, as well as the major browsers. And all will let you sync your data across multiple devices, though you may have pay extra for that privilege. Once you’ve found the right password manager for your needs, head over to our guide on mastering your password manager.
Updated 3/7/23: Our recent reviews of Keeper and LogMeOnce find both of these password managers as strong as ever, each having a unique value proposition that sets its apart from our top pick. Read our summaries below to see why both are compelling options in their own right.
1. Dashlane – Best password manager overall
- Analyzes and rates the strength of your passwords
- Supports auto-filling web forms with personal profiles
- VPN and Dark Web scanning available with paid plan
- Expensive premium tiers
- Free plan limited to one device
Dashlane has always been a close contender with LastPass, so with the latter’s recent data-breach problem, it’s great to know that users still have Dashlane. A full-service password manager, Dashlane offers easy access to your logins, secure notes, payment data, and other information, all through its elegantly designed web portal or via one of its browser extensions for Firefox, Chrome, Edge, Opera, or Safari. Most importantly, its password game is strong, making it easy to generate and store complex, unique passwords and safely keep sensitive payment and personal data at your fingertips. With autofill deployed, Dashlane doesn’t just ensure you use best password practices, but that doing so is practically effortless.
Dashlane is free for a single device, but if you want syncing across multiple devices you’ll need a paid plan: The Advanced plan costs $33 annually or $2.75 per month, and adds dark web monitoring, to alert you whether your personal data is being used nefariously. The Premium account subscription costs $59.88 per year or $4.99 per month and includes all the features of the previous tiers and adds a VPN. The Friends and Family plan extends Premium plans to up to 10 accounts for $89.88 per year or $7.49 per month. These prices are a little higher than some of the competitors (indeed, that was one of LastPass’s small advantages), but Dashlane offers a premium product and has provided a reliable service for years, and would you want anything less in a password manager?
Read our full
2. Keeper – Most security-minded
- Exceptionally strong security
- Seamless exprience across platforms
- Easy-to-use web interface
- Users may find some security features inconvenient
- Free version more limited than competitors’
Price When Reviewed:
It’s a consumer’s market when it comes to password managers. While we have our clear favorite above, Keeper is a very strong contender in its own right. It emphasizes security more so than many other password managers. For instance, it eschews an automatic password update feature as even this process would require temporary access to your credentials.
While Keeper’s security-above-all-else mindset makes it one of the best, it comes at the expense of things some consumers prize such as ease-of-use and aesthetics. To its credit, Keeper seems to recognize this and has taken strides to update its interface to be more user-friendly. While security-minded users stand to get the most out of Keeper’s robust features set, even the everyday user will be safer for using it.
Read our full
3. LogMeOnce – Best for alternate login methods
- No need to remember a complex master password
- Robust security features
- Easy-to-use web interface
- Paid plans required to share more than a few passwords and files
- Number of features can be overhwelming
While most password managers require a master password to access your password vault, LogMeOnce relieves you of having to remember even that. It uniquely offers the option of a PIN, biometric, or photo login to access your vault. This feature gives LogMeOnce a unique edge over other password managers.
Other than this distinctive feature, LogMeOnce operates similarly to its peers. It allows you to store and sync passwords and credit cards across your devices with end-to-end encryption. It also includes other features such as dark-web and cyberthreat monitoring, but these will come at a bit of an additional cost. Its unique features make LogMeOnce one of the most convenient password managers we’ve tested.
Read our full
4. Bitwarden – Best free password manager
- Free plan offers unlimited vault entries and device syncing
- Paid plan is 70% cheaper (or more!) than rival services
- Supports two-factor authentication
- Send feature allows you to securely share notes and files with others
- Has occasional trouble capturing and filling credentials on websites
- Requires more manual setup than many paid password managers
Bitwarden continues to offer a generous free plan that makes it a great option for users on a budget. It doesn’t charge you a penny to save unlimited vault items or sync your vault across all of your devices. This is a refreshing change from other password managers that place heavy restrictions on free users.
While it may lack some of the advanced features offered by the paid services and its no-frills interface isn’t the most user friendly, you can’t argue against Bitwarden’s price—it allows you to upgrade your security for free after all. It also offers an ultra-affordable paid tier with more advance features, but its free tier includes so much that you might not need anything else.
Free password managers come in all sorts of different flavors. Check out our roundup of best free password managers for more information.
Read our full
What to look for in a password manager
At their most basic, password managers capture your username and password—usually via a browser plugin—when you log in to a website, and then automatically fill in your credentials when you return to that site. They store all your passwords in an encrypted database, often referred to as a “vault,” which you protect with a single master password.
Of course, most password managers do much more than this and many extend protection beyond your login credentials to other types of personal data. We narrowed it down to a few essential features that we looked for and you should too:
You’ve been reminded ad nauseam that the strongest passwords are long, random strings of characters, and that you should use a different one for each site you access. That’s a tall order. This is what makes password generation—the ability to create complex passwords out of letters, numbers, and special characters—an indispensable feature of any good password manager. The best password managers will also be able to analyze your existing passwords for weaknesses and upgrade them with a click.
Autofill and auto-login
Most password managers can autofill your login credentials whenever you visit a site and even log you in automatically. Thus, the master password is the only one you ever have to enter. This is controversial, though, as browser autofill has long been a security concern, so the best managers will also let you toggle off this feature if you feel the risk outweighs the convenience.
Sometimes you need to share a password with a family member or coworker. A password manager should let you do so without compromising your security.
To an enterprising cybercriminal, your password manager’s master password is as hackable as any other password. Increasingly, password managers support multi-factor authentication—using a second method such as a PIN, a fingerprint, or another “trusted device” for additional verification—to mitigate this risk. Choose one that does.
Protection for other personal data
Because of how frequently we use them online, credit card and bank account numbers, our addresses, and other personal data can be securely stored in many password managers and available to autofill into web forms when we’re shopping or registering an account.
No online security measure is 100 percent foolproof, but most security experts agree that password managers are still the safest way for people to manage their myriad logins, and we agree that the benefits far outweigh the risks. Just choose your password manager carefully after researching all the options starting with this guide.
Editor’s note: Because online services are often iterative, gaining new features and performance improvements over time, our reviews are subject to change in order to accurately reflect the current state of the services.
Are password managers safe?
While nothing can be said to be 100 percent safe and secure, password managers do a great job of providing enhanced security features that you wouldn’t otherwise have. Generally speaking, password managers encrypt all of the data you store with them. While cybercriminals might be able to somehow hack the password manager, it is highly unlikely they will be able to decrypt your data to see the contents.
Nevertheless, much of the security of your password manager comes down to the strength of your one master password. If you are concerned about the safety of this one password, then it would be worth it to choose a password manager that stores your master password on a different server from the rest of your encrypted passwords—adding an additional layer of security.
Is it worth paying for a password manager?
This will come down to what features you need in a password manager. Free services typically are limited to one device on which to save and sync your passwords. They will generate strong passwords for use, offer basic compromised-password alerts, and will store saved credit card and address information.
Premium password managers, which you have to pay to use, offer all of the same features as their free counterparts, but also allow you to sync and store passwords and data across multiple devices—or even between family members. They also have additional special features such as dark web scanning and emergency contact access, among others.
If you only have one device and don’t need any of the fancy additional features, then there really isn’t a need to pay for a premium service. However, premium password managers are only a few dollars per month so they won’t break the bank if you ever decide to switch.
What if the password manager gets hacked?
If you suspect that you have been hacked, it is important to first figure out if it’s just you or if your password manager’s database has been compromised. Reputable password managers should put out some form of public release if they have been hacked. You can figure this out with a simple Google search. If they are not claiming to have been hacked, then it may be that your own data has been compromised some other way.
If it turns out your password manager’s database has been hacked, it’s up to you whether to continue with that service. Thankfully, all your passwords will be encrypted so hackers won’t be able to see the contents even after they have been stolen.
Is using one master password for your password manager really safe?
It can seem a little disconcerting to entrust the security of all your passwords to one master password on a password manager. It’s true that the strength and safety of your master password can determine the security of your password manager itself. Therefore it is ideal to create a very strong master password.
The good news is that password managers typically store your master password and your other encrypted passwords and data on separate servers. This isn’t foolproof, but it does add an additional layer of security.
Author: Michael Ansaldo, Freelance contributor
Michael Ansaldo is veteran consumer and small-business technology journalist. He contributes regularly to TechHive and PCWorld.