Password managers are the vegetables of the internet. We know they’re good for us, but most of us are happier snacking on the password equivalent of junk food. For seven years running that’s been “123456” and “password”—the two most commonly used passwords on the web. The problem is, most of us don’t know what makes a good password and aren’t able to remember hundreds of them anyway.
Keeper Password Manager (free, $36 per year for premium): Keeper offers a variety of security-related tools, including a password manager. Keeper works much like 1Password and others, storing only. 1Password: the password manager that's as beautiful and simple as it is secure. Simply add your passwords, and let 1Password do the rest. Try 1Password free for 30 days, then keep going with a 1Password.com subscription. Selected by Android Central as the Best Password Manager for Android: 'For those who want the absolute best password manager for their phone, tablet, and computers, 1Password.
If you can memorize strong passwords for every website you visit and every app you use, by all means do it. Assuming you’re using secure passwords—which is, first and foremost, shorthand for long passwords—this is the most secure, if slightly insane, way to store passwords. It might work for Memory Grand Master Ed Cooke, but most of us are not ready for such fantastic feats. We need to offload that work to password managers, which offer secure vaults that can stand in for our faulty, overworked memories.
A password manager offers convenience and, more importantly, helps you create better passwords, which makes your online existence less vulnerable to password-based attacks.
Updated February 2020: We’ve added a few new services, including NordPass, Enpass, and Keeper Security.
When you buy something using the links in our stories, we may earn a small affiliate commission. Here’s how it works. You can also support our reporting and reviewing by purchasing a 1-year print + digital WIRED subscription for $5 (Discount).
Why Not Use Your Browser?
Most web browsers offer at least a rudimentary password manager. (This is where your passwords are stored when Google Chrome or Mozilla Firefox ask if you’d like to save a password.) This is better than reusing the same password everywhere, but browser-based password managers are limited.
The reason security experts recommend you use a dedicated password manager comes down to focus. Web browsers have other priorities that haven’t left much time for improving their password manager. For instance, most of them won’t generate strong passwords for you, leaving you right back at “123456.” Dedicated password managers have a singular goal and have been adding helpful features for years now. Ideally, this leads to better security.
Best Overall
1Password began life as an Apple-centric password solution, but it has since broadened its offerings to include iOS, Android, Windows, and ChromeOS. There’s even a command-line tool that will work anywhere. There are plug-ins for your favorite web browser too, which makes it easy to generate and edit new passwords on the fly.
What sets 1Password apart is the number of extras it offers. In addition to managing passwords, it can act as an authentication app like Google Authenticator and, for added security, it creates a secret key to the encryption key it uses, meaning no one can decrypt your passwords without that key. (The downside is that if you lose this key, no one, not even 1Password, can decrypt your passwords.)
Another reason 1Password offers the best experience is its tight integration with other mobile apps. Rather than needing to copy and paste passwords from your password manager to other apps, 1Password is integrated with many apps and can autofill. This is more noticeable on iOS, where inter-app communication is more restricted.
The other reason I like 1Password is its Travel Mode, which allows you to delete any sensitive data from your devices before you travel and then restore it with a click after you’ve crossed a border. This prevents anyone, even law enforcement at international borders, from accessing your complete password vault. Cross platform todo list.
1Password has a 30-day free trial, so you can test it out before committing.
After signing up, download the app for Windows, MacOS, Android, iOS, ChromeOS, or Linux. There are also browser extensions for Firefox, Chrome, and Edge.
Best Free Option
Bitwarden has become a popular choice among open-source software advocates. After using it for a few months, I can see why. It’s free with no limits, and it’s every bit as polished and user-friendly as our top pick.
Did I mention it’s open source? That means the code that powers Bitwarden is freely available for anyone to inspect, seek out flaws, and fix. In theory, the more eyes on the code, the more airtight it becomes. Bitwarden has also been audited by a third party to ensure it’s secure. It can be installed on your own server for easy self-hosting if you prefer to run your own cloud.
There are apps for Android, iOS, Windows, MacOS, and Linux, as well as extensions for all major web browsers plus less-common options like Opera, Brave, and Vivaldi (which all support Chrome extensions).
Another thing I like is BitWarden’s semiautomated password fill-in tool. If you visit a site that you’ve saved credentials for, Bitwarden’s browser icon shows the number of saved credentials from that site. Click the icon and it will ask which account you want to use and then automatically fill in the login form. This makes it easy to switch between usernames and avoids the pitfalls of autofill we mention at the bottom of this guide. If you simply must have your fully automated form-filling, Bitwarden supports that as well.
Bitwarden offers a paid upgrade account. The cheapest of the bunch, Bitwarden Premium, is $10 per year. That gets you 1 GB of encrypted file storage, two-factor authentication with devices like YubiKey, FIDO U2F, Duo, and a password hygiene and vault health report. Paying also gets you priority customer support.
After signing up, download the app for Windows, MacOS, Android, iOS, or Linux. There are also browser extensions for Firefox, Chrome, Safari, Edge, Vivaldi, and Brave.
Best Full-Featured Manager
I first encountered Dashlane several years ago. Back then, it was the same as its competitors, with no standout attributes. But recent updates, especially Dashlane 6, have added several features not found elsewhere. One of the best is Site Breach Alerts. Dashlane actively monitors the darker corners of the web, looking for leaked or stolen personal data, and then alerts you if your information has been compromised.
The desktop client is easy to navigate, and the mobile apps make accessing your data everywhere a cinch, though there is no syncing between devices without buying the Premium version ($5 per month). Still, it’s simple to set up and uses a secret key to encrypt your passwords, much like 1Password’s set-up process.
We also like the option not to store any password data on Dashlane’s servers. If you use this feature, you are responsible for managing and syncing your password vault between devices. It’s less convenient, but your passwords stay with you. This isn’t possible with 1Password or LastPass. The Premium plan has other nice extras you won’t find with other services, like a free VPN.
Dashlane Premium costs $5 per month ($60 per year). There’s also Premium Plus, which costs $10 per month ($120 per year) and includes some identity-theft and recovery tools. Dashlane offers a 30-day free trial for either plan, so you can test it out before committing.
After signing up, grab the app for Windows, MacOS, Android, iOS, or Linux. There are also browser extensions for Firefox, Chrome, and Edge.
Best DIY Option (Self Hosted)
Want to retain more control over your data in the cloud? Try using a desktop application like KeePassXC. It stores encrypted versions of all your passwords into an encrypted digital vault that you secure with a master password, a key file, or both. The difference is that instead of a hosted service like 1Password syncing it for you, you sync that database file yourself using a file-syncing service like Dropbox or Edward Snowden’s recommended service: SpiderOak. Once your file is in the cloud you can access it on any device that has a KeePassXC client.
Why do it yourself? In a word: Transparency. Like Bitwarden, KeepassXC is open source, which means its code can be and has been inspected for critical flaws.
1password Manager Review
Download the desktop app for Windows, MacOS, or Linux and create your vault. There are also extensions for Firefox and Chrome, but not Edge. It does not have official apps for your phone. Instead, the project recommends KeePass2Android or Strongbox for iPhone.
The New Kid on the Block
NordPass:
NordPass is a brand-new password manager, but it comes from a company with significant pedigree. NordVPN is a well-known VPN provider, and the company brings to its password manager much of the ease of use and simplicity that made its VPN offering popular. The installation and setup process is a breeze. There are apps for every major platform (including Linux), browser, and device.
The free version of NordPass is limited to one device; there’s no syncing available. There is a seven-day free trial of the premium version, which lets you test device syncing. But to get that for good, you’ll have to upgrade to the $36-a-year plan (like its VPN service, NordPass accepts payment in cryptocurrencies).
Like our other favorites, NordPass uses a zero-knowledge setup in which all data is encrypted on your device before it’s uploaded to the company’s servers. Other nice features include support for two-factor authentication to sign in to your account and a built-in password generator (which has plenty of options to handle those poorly designed sites that put weird requirements on your password).
After signing up, grab the app for Windows, MacOS, Android, iOS, or Linux. There are also browser extensions for Firefox, Chrome, and Edge.
Honorary Mentions
Password managers are not a one-size-fits-all solution. While we think our top picks cover most use cases and are the best choice for most people, your needs may be different. Fortunately, there are plenty of very good password managers. Here are some more we’ve tested and liked.
- LastPass (Free, $36 per year for premium): LastPass is one of the most popular and well-known password managers. It works on nearly every platform and device available, though it recently dropped its macOS stand-alone app, citing changes in Apple’s developer tools. LastPass has had a number of high-profile, critical bugs and some data breaches. Overall though, LastPass remains a good choice for those on a tight budget.
- Myki: Myki uses a device to sync your data instead of a cloud-based server. Everything starts on your phone or tablet, and you can then sync your passwords to your desktop using Myki’s browser extensions. The sync happens through Myki’s relay servers, but no data is actually stored; it just passes through en route from your phone to the browser extension. Myki is free to use (with paid family/team plans).
- RememBear ($36 per year): RememBear does everything you’d expect of a password manager, and it has bears! Password managers are possibly the most boring software on your device, plus just the idea of them is stressful to some people. RememBear counters this by entertaining with bear puns and smoothing out anxiety with its friendly, lovable bear mascot. For beginners, RememBear has everything you need and a clever, approachable user interface. It’s missing some features that advanced users might want, like two-factor authentication (RememBear supports 2FA for logging in to sites, but not for the app itself), and a password strength checker. There’s a free trial that will let you test the app, but the free plan doesn’t sync. A premium account is $36 per year and includes syncing with end-to-end encryption, secure backups, and priority customer service. Sadly, you don’t get an actual bear.
- Enpass (Free, $12 per year, or one-time $60, for premium): Like KeePassXC, Enpass does not store any data on its servers. Syncing is handled through third-party services like Dropbox or NextCloud. Enpass doesn’t do the syncing, but it does offer apps on every platform. That means once you have syncing set up, it works just like any other service. And you don’t have to worry about Enpass being hacked, because your data isn’t on its servers. If you’re comfortable setting up the secure syncing yourself, Enpass makes a great password manager.
- Acorn 6 5 3rd. Keeper Password Manager (Free, $36 per year for premium): Keeper offers a variety of security-related tools, including a password manager. Keeper works much like 1Password and others, storing only your encrypted data, and offers two-factor authentication for logging in to your account. Like Dashlane, Keeper has a lot of extras, including dark-web monitoring, meaning Keeper will check publicly posted data to make sure yours isn’t available.
Password Manager Basics
A good password manager stores, generates, and updates passwords for you with the press of a button. If you’re willing to spend a few dollars a month, a password manager can sync your passwords across all your devices. Here’s how they work.
Only One Password to Remember: To access all your passwords, you only have to remember one password. When you type that into the password manager, it unlocks the vault containing all of your actual passwords. Only needing to remember one password is great, but it means there’s a lot riding on that one password. Make sure it’s a good one.
If you’re having trouble coming up with that one password to rule them all, check out our guide to better password security. You might also consider using the Diceware method for generating a strong master password.
Apps and Extensions: Most password managers are full systems rather than a single piece of software. They consist of apps or browser extensions for each of your devices (Windows, Mac, Android phones, iPhone, and tablets), which have tools to help you create secure passwords, safely store them, and evaluate the security of your existing passwords. All that information is then sent to a central server where your passwords are encrypted, stored, and shared between devices.
Fixing Compromised Passwords: While password managers can help you create more secure passwords and keep them safe from prying eyes, they can’t protect your password if the website itself is breached. That doesn’t mean they don’t help in this scenario though. All three of the cloud-based password managers we discuss offer tools to alert you to potentially compromised passwords. Password managers also make it easier to quickly change a compromised password and search through your passwords to ensure you didn’t reuse any compromised codes.
You Should Disable Auto Form Filling: Some password managers will automatically fill in and even submit web forms for you. This is super convenient, but for additional security, we suggest you disable this feature. Automatically filling forms in the browser has made password managers vulnerable to attack in the past. For this reason, our favorite password manager, 1Password, requires you to opt in to this feature. We suggest you do not.
Don’t Panic About Hacks: Software has bugs, even your password manager. The question is not what do you do if it becomes known that your password manager has a flaw, but what do you do when it becomes known that your password manager has a flaw. The answer is, first, don’t panic. Normally bugs are found, reported, and fixed before they’re exploited in the wild. Even if someone does manage to gain access to your password manager’s servers, you should still be fine. All of the services we list store only encrypted data, and none of them store your encryption key, meaning all an attacker gets from compromising their servers is encrypted data.
More Great WIRED Stories
- The bird “snarge” menacing air travel
- Chris Evans goes to Washington
- I thought my kids were dying. They just had croup
- How to buy used gear on eBay—the smart, safe way
- All the ways Facebook tracks you—and how to limit it
- ? The secret history of facial recognition. Plus, the latest news on AI
- ??♀️ Want the best tools to get healthy? Check out our Gear team’s picks for the best fitness trackers, running gear (including shoes and socks), and best headphones
Our independent reviews and recommendations are funded in part by affiliate commissions, at no extra cost to our readers. Click to Learn More
Password managers are a safe, secure way of logging into your various online accounts – in fact, they're vastly preferable to the alternatives of either trying to remember multiple unique passwords, or re-using the same password over and over.
Given that even industry-leader LastPass was once the victim of the hack, it's understandable that concerns remain over using password managers. Even so, we'd strongly recommend doing so.
Let’s be honest – passwords are a pain. Having to juggle multiple logins across multiple sites can be taxing, not to mention trying to remember which password is for which – especially with each password needing to be unique. Your passwords are unique, right? According to research, over half of us have up to 25 password protected accounts online. That’s a lot. The solution to your password woes is a password manager. These handy apps automatically store all your logins, meaning that you’ll never have to remember one ever again. Not only that, but they can generate secure passwords for you, and some will even alert you should your details be compromised.
Sounds great, but you’re probably wondering about the wisdom of storing all your passwords in one place. It’s a legitimate concern to have, but research has shown that using a password manager is far more secure than not using one. With cases of these services being hacked being extremely rare, there’s little reason not to use one.
As for which password manager you should choose? We've tested some of the best password managers around, and while they're all safe and secure, the best on test was 1Password. This stands out thanks to a simple interface, secure setup, and brilliant family sharing options. Plus, you can try 1Password for free to see if you like it.
On this page:
- Is it Safe to Use a Password Manager? – We explain why password managers can be trusted
- Most Secure Password Manager – We pick out the best rated password app
- Do Password Managers Get Hacked? – Should you really put all your eggs in one basket?
- Password Manager Safety FAQs – Can you trust a password manager?
Is it Safe to Use a Password Manager?
Yes – a good quality password manager is a safe, trustworthy and highly recommended security tool. Top password managers, such as 1Password, Dashlane or LastPass, can be trusted to protect your account logins thanks to secure encryption that keeps your passwords secret.
Here's how it works in practice. You create an account with a password manager, then create a single “master password” to log into it. To keep your password manager safe to use, it's essential that your master password isn't anything obvious. So that's no thank you to “12345”, “qwerty” or “passwd”. Instead, pick a longer phrase or mix and match cases and special characters – just ensure it's unique and memorable.
Then, the password manager can get to work automatically generating complex, unique passwords for every service you log into online – one for your Amazon account, email account, Facebook account and so on. You won't need to memorize these – whenever you login in, the password manager will automatically apply the password (and you enable the password manager via that single master password).
This entire process is far more secure than re-using the same password over and over on multiple sites – the single biggest risk you can take with your online security. It's also far easier than attempting to remember multiple unique passwords.
So, if it's all win, why are there any questions around password manager safety? Largely, these come down to an understandable concern over the security of handing over your logins to a third-party service. That's why we'd recommend only using a trustworthy, well-rated password manager. Which ones would we recommend? Read on…
Most Secure Password Manager
If you want a secure password manager, you should opt for a paid one. Free password managers tend to be restricted in some way, and are usually supported with adverts.
In our testing, we found 1Password to be the most secure password manager. For a few dollars a month, it could save you a lot of headaches, as well as time spent waiting for password reminder emails to drop into your inbox.
Test Score Our scoring is based on independent tests and assessments of features, ease of use and value. | Two-Factor Authentication | Password Generator Function A password manager can create secure, complex passwords for you. You won't need to remember them yourself. | Email Support | Phone Support | Cost per year | Click to Try |
---|---|---|---|---|---|---|
4.4/5 | 3.9/5 |
Want to know more? Check out our dedicated Best Password Managers guide.
Do Password Managers Get Hacked?
No online system is infallible. Password managers – just like any other online service you use, such as Amazon, Twitter or Facebook – run the risk of being hacked. In fact, some have been.
The best password managers, however, will take your security very seriously – after all, you’re paying for the service. If you lose trust in them, they lose your patronage, and with it, your payment.
When LastPass was hacked in 2015, users were right to be concerned – after all, if a hacker could get into the system, they could, in theory, have access to every password that LastPass users had stored there. However, even though its security was breached, hackers were unable to steal any information – all of the passwords were protected by the users’ Master Password, which is not stored on the LastPass servers. This meant that the encryption on the passwords stored by LastPass was unable to be cracked. And that is why you should pay for a password manager.
Password managers are also a common target for ‘ethical hackers’, those who like to test the security of online systems to flex their coding muscles. Password managers are their white whale – crack one of these open, and they’ll win the acclaim of the industry. This isn’t as scary as it sounds – in fact, ethical hackers are offering a great service, finding exploits in online systems before more nefarious people do. Once they’ve found a vulnerability, these hacklers will make contact with the service and let them know, allowing the provider to then fix the issue.
Password Manager Safety FAQs
Even if you opt to use a password manager, it doesn’t mean that you’re free to take your eye off the ball. There is still best practice to follow, such as ensuring that you don’t share your master password with anyone, not leaving your computer open in public, and enabling two-factor authentication when possible.
Then of course, there’s choosing which service to go for. We found that 1Password was the best rated in our testing, but there are plenty to choose from, most of which will offer you peace of mind and a less stressful online experience. But – and we can’t stress this enough – you get what you pay for.
Is LastPass Safe?
As we mentioned earlier, LastPass was hacked in 2015. The hackers weren’t able to get any of the secure password data, but they did have access to email addresses and password reminders. LastPass was quick to act, and resolved the issue swiftly.
With LastPass, to de-encrypt passwords that are saved server-side, one would need the Master Key. But this is held locally on your machine. This means that even in a worst case scenario, hackers can only access heavily encrypted data, with no way to unpick it all. It’s like being given all the materials to paint the Mona Lisa, without ever having seen what it looks like.
Is 1Password Safe?
Good news: 1Password has never been hacked. It’s something the company boasts about openly on its site – which seems like a challenge to hackers out there – meaning that its clearly very confident in its security measures.
As is the case with LastPass, 1Password requires a Master Key to unlock your passwords, which is stored locally on your machine. This means that unless a hacker has direct access to your laptop, tablet or mobile, your details are safe.
Check our full 1Password Review to learn why it's our top-rated app.
How Tech.co Tests Password Manager
Infogram
Infogram
Is iCloud KeyChain Safe?
iCloud KeyChain is Apple’s baked-in password manager, which syncs across iPhone, iPad, and Macs. As well as storing your passwords, it can also generate them for you, as well as alerting you to weak passwords.
While it gets the job done, it’s rather basic, and it can’t compete with the rich feature-set of a dedicated password manager. But is it safe? Although flaws have been found by ethical hackers (and since fixed), there have been no large scale breaches of the system.
Is Chrome Password Manager Safe?
If you’re a Chrome user, you already have a password manager at your disposal, thanks to the browser’s built-in feature. It’s nowhere near as advanced as a paid-for manager, though, and you’re missing out on a lot of features.
Is it safe? Well, that depends. It’s as safe as your Google account is, which means that if anyone gets hold of your login details, they could also in theory log into any of the sites and services that you have used in Chrome. However, Google does make this slightly harder by alerting its users when the details are used to sign into a new device.
Verdict – Should You Use a Password Manager?
We can't state this clearly enough – a password manager is a safe, recommended way to secure your online logins. The alternatives are far, far riskier – in particular, that old habit of re-using the same old password again and again across multiple websites (please, just don't).
1password 5 3 Secure Password Manager Chrome Extension
No system is guaranteed bullet-proof, and as the LastPass hack showed, even password managers can be vulnerable. However, as that very incident showed, there are serious protections in place, and these prevented the LastPass hack from being a disaster for any customers.
We'd strongly recommend getting up and running with a password manager for proper online peace of mind.
Tech.co is reader-supported. If you make a purchase through the links on our site, we may earn a commission from the retailers of the products we have reviewed. This helps Tech.co to provide free advice and reviews for our readers. It has no additional cost to you, and never affects the editorial independence of our reviews. Click to return to top of page