If you want to give a big boost to your online security, you’ll want to empower yourself with one of the best password managers available today. This won’t only strengthen your security, but also save you the time and trouble you would otherwise spend on thinking up and remembering long, complex passwords.
You could also choose the easy path and use a couple of catchy, simple-to-remember passwords for everything, but that’s truly a terrible idea in terms of security.
According to a cybersecurity study conducted by Verizon, a staggering 82% of hacking-related breaches involve an element of human error such as stolen or poor passwords. Using strong passwords plays a critical part of protecting your personal information from a series of cyber threats.
The best password managers will generate strong, complex passwords for you and they’ll do it in no time. Instead of remembering all of them, you can keep them safe and secure behind a single master password – and you’ll be the only person who knows it.
Also, most password managers can automatically fill in forms for you such as login credentials, credit card details, and other sensitive data. And all of it will be encrypted, backed by two-factor authentication (2FA) and “zero-knowledge” architecture. Plus, it’ll be securely stored on the company’s servers.
While a password manager is something you should invest in, there’s no one-size-fits-all sort of solution. If one password manager works best for most users, it doesn’t mean it will work wonders for you – and vice versa.
Top password managers
Before we go into more details, this list highlights our top picks for the best password managers:
- NordPass – Best all-around password manager. Audited, secure, clean track record, lots of extra features (coupon for 61% off)
- Bitwarden – Open source password manager with decent features
- 1Password – User-friendly password manager, great for families
- Dashlane – A fully-featured password manager, but expensive
- KeePassXC – An open source local password manager
Now let’s cover some basics before examining the best password managers from above in more detail.
What is a password manager?
In simplest terms, a password manager is a software that helps you generate strong passwords and lets you store them in a secure location. In addition to passwords, with most password managers you can also store credit card details, secure notes, and other types of sensitive information.
All this information is often locked behind a master password but some password managers also support biometric authentication. That is, using biometric data (such as fingerprints, facial patterns, or voice) to verify who you are and thus unlock your data.
While most popular password managers come as proprietary, close-sourced, software-as-a-service (SaaS) solutions, there are also a couple of free, open-source alternatives on the market.
How to choose the best password manager?
When picking out a password manager for yourself, your family, or your business, the first thing you should consider is the level of security it can offer.
So, look for end-to-end encryption (256-bit AES is a standard today), and up-to-date security features. Some of these security features could (and should) include 2FA, multi-factor authentication (MFA), biometric logins, a “zero-knowledge” policy, and a password recovery option.
In addition to all this, you should check what platforms it supports, where is vault storage located (is it stored locally, on your device, or in the cloud), whether it can be synced across all your devices, can you securely share your data, and can the software automatically save and fill forms.
On top of this, you want to make sure that the password manager provider offers some level of customer support. Plus, it’s always a good sign if the manager’s user interface (UI) is intuitive and simple to use.
In the end, you’ll want to check out what value for money the manager provides. If it’s somewhere on the pricier side, make sure it comes with a free edition, free trials, or a money-back guarantee.
Also, you could save yourself all this trouble and simply trust our choice for the best password manager.
How do we rank the best password managers?
All password managers we recommend in this guide must fulfill the following conditions:
- Support strong encryption and up-to-date security measures.
- Are provided by a well-known company with a good track record and background.
- Are compatible with all major operating systems (OS’) and browsers.
- Were newer hacked and if they ever were the user data was never compromised.
- Provide great value for money.
So, now that we know what password managers are and what to look for in them, let’s move on with the best password managers.
NordPass – Best password manager overall
Website | NordPass.com |
Platforms | Windows, macOS, Linux, Android, iOS |
Browser extensions | Chrome, Edge, Firefox, Opera, Safari |
Encryption | XChaCha20 |
Support | 24/7 live chat |
Price | From $1.15 |
Deal | 61% Off Coupon |
While NordPass is still practically a newcomer among more seasoned password managers in the industry, it managed to stand out in the crowd and come out on top of our list. It utilizes an intuitive, user-friendly interface, employs cutting-edge XChaCha20 encryption, and provides 24/7 live chat customer support.
Even if you haven’t heard about NordPass until now, you may have heard about NordVPN, one of the best VPNs on the market. Being developed under the NordSecurity flagship, NordPass has benefited from extensive experience from its creators.
One area where this can be seen is NordPass’s easy-to-use UI and exceptionally beginner-friendly approach. If you’ve ever used NordLocker, you’ll feel right at home with NordPass.
NordPass also utilizes “state-of-the-art” XChaCha20 encryption protocol to ensure no cybercriminal can steal your passwords by breaking the encryption. To strengthen the security of your data even further, NordPass provides these features:
- MFA
- Biometric login option
- Strong password generator
- Data breach monitoring tool
- Password health checker
- Secure password sharing tool
On top of all this, the company has undergone multiple independent security audits. You can check out the latest one here.
After putting NordPass to the test, we found NordPass was surprisingly simple to install, set up, and configure. Also, right from the start, it comes with clients for Windows, macOS, Linux, Android, and iOS and all major browsers including Google Chrome, Mozilla Firefox, and Microsoft Edge.
NordPass can help securely store several types of data including passwords, secure notes, credit card details, and personal information. Although adding the “personal information” category was a welcome addition, they could also consider adding passport information and online banking credentials.
If you are looking for business solutions, NordPass Business is a great option to consider. It comes with an array of features aimed at enhancing password security while simplifying password management processes across organizations. Not only does NordPass Business also provides convenient tools to streamline team collaboration and ensure secure access to all business accounts.
However, to be fair, even the free tier is more feature-rich than those of its competitors. It will get you unlimited password storage, automatic sync across devices, and the ability to protect your passwords with MFA.
Although it isn’t open-source software (unlike the next password manager on our list), NordPass is created by one of the most trusted companies in the cybersecurity space. The promising results from its most recent independent security audit only strengthen our trust in this password manager.
+ Pros
- 2FA support
- 30-day money-back guarantee
- All data stored in the cloud and on devices
- Biometric authentication available
- Cutting-edge XChaCha20 encryption
- Cross-platform support
- Full-featured free edition
- Intuitive, user-friendly UI
– Cons
- Poor password filtering options
- The free plan works on one device only
NordPass Cyber Deal is live:
Get 55% Off NordPass with 2-year plans plus 4 months extra:
(Coupon is applied automatically; 30 day money-back guarantee)
Check out our full NordPass review here.
Bitwarden – The best open-source password manager
Website | Bitwarden.com |
Platforms | Windows, macOS, Linux, Android, iOS |
Browser extensions | Chrome, Firefox, Edge, Opera |
Free version | Yes |
Encryption | 256-bit AES |
Support | Forum; email |
Price | From $0.83/mo. |
If you’re looking for an open-source password manager that ranks high in terms of security, Bitwarden might be your best bet. Its source code is completely open and available for inspection, modification, and enhancement. It’s also been audited (which is a rare find for such software) and comes with top-notch security features such as 2FA and TOTP support, AES-CBC 256-bit encryption, and breached password detection.
Although Bitwarden has been a part of the password manager industry for just six years, it managed to build a reputation as a superbly secure and user-friendly solution. It’s also fit to serve individuals, families (up to six users), small teams, and big businesses alike.
Bitwarden stores all credentials securely in the cloud, but it can also be used offline in a read-only state. Thanks to this, all user passwords can be automatically synced across all devices and accessed by simply logging into the Bitwarden account.
All data is shielded by a strong AES-CBC 256-bit encryption and the encryption is exercised locally, on your device. If you don’t think your sensitive data is safe enough on Bitwarden servers, you have an alternative to host your own Bitwarden instance.
However, while Bitwarden self-hosting has been becoming pretty popular among the do-it-yourself (DIY) community, it requires some level of technical know-how.
Even if you go with a free edition, you can expect to get plenty of features and functionality – and you can always upgrade to a paid plan. Some of these include unlimited password storage, sync across any number of devices, data breach reports, secure sharing (with one user only, though), 2FA, a powerful username and password generator, and much more.
With premium plans, you’ll also get the following features:
- Security reports
- Emergency access
- Advanced authentication options
- Bitwarden’s own authenticator (TOTP)
- Encrypted file attachments (up to 1GB storage)
- Priority customer support (but still quite limited)
On the downside, Bitwarden’s scope of customer support is nothing to write home about. So, you’ll have to settle with an email address, community forum, and social media sites (no live chat support). This can leave you waiting around for help and wasting time if you’re in a crunch.
Also, since Bitwarden is based (and data stored) in the USA, it’s subject to US law which isn’t particular privacy-friendly (check out the Five Eyes alliance).
Ultimately, Bitwarden is a security-focused and full-featured password manager that will cost you much less than most of its competitors. If an open-source solution is what you’re looking for, Bitwarden is among the best password managers available.
+ Pros
- Ability to use self-hosted server
- A free, open-source solution
- Excellent free forever edition
- Provides apps for all popular platforms
- Pocket-friendly pricing
- Securely syncs passwords between all your devices
- Solid password generator
– Cons
- Based in the USA (privacy issues)
- Customer support needs improvement
To find out a bit more about this password manager, see our full Bitwarden review.
1Password – Best password manager for security-conscious businesses
Website | 1Password.com |
Platforms | Windows, macOS, Linux, Android, iOS |
Browser extensions | Chrome, Firefox, Safari, Brave, and Edge |
Free version | 14 day trial |
Encryption | AES 256-bit |
Support | Live chat |
Price | From $2.99/mo. |
1Password is not only a powerful password manager, but it’s pretty budget-friendly to boot. It’s also easy to use and comes with a full set of standard features with a few favorable twists. It will help you create, store, and share passwords with multiple users without ever compromising your security.
With 1Password you can create, store, and use strong passwords without a hitch. Also, logging into websites and filling out various forms is only a click away.
Whether you’re searching for a perfect plan for yourself, your family, or your business – 1Password’s got you covered. However, unlike its competitors, 1Password offers no free tier which means you’ll have to pay $2.99 per month at a minimum. It’s a pretty reasonable price, though, when you consider all the features.
Like the best among password managers, 1Password utilizes solid AES-256 encryption to keep all of your data on the safe side of the wild web. However, with a poor password, even the strongest encryption could fall flat. This is why 1Password comes with a unique username and password generator, and you can create either of them using up to 100 characters.
However, 1Password has yet another terrific twist up its sleeve. In addition to a standard master password that serves as the encryption key for your data, 1Password also provides a so-called “Secret Key”. This auto-generated and impossible-to-memorize key works together with your master password to create an uncrackable encryption key.
Locked behind this unbreakable lock, all your sensitive data will be stored in the cloud. Also, their encrypted copy will stay on your devices in case you lose your internet connection.
One of the features we are particularly pleased with is the travel mode, which lets you hide your passwords on your device with a couple of clicks, which can be quite useful when you travel outside your country. For instance, if you happen to meet an overly inquisitive border guard or if someone else gets hold of your device. As soon as you find yourself in a safe location, you can restore the “removed” passwords before you know it.
While 1Password is far from open-source software, it received good marks in the most recent independent security audits, as well as the company behind it.
+ Pros
- Advanced reports and analysis
- Alternative sync strategies are supported
- Simple to use
- Supports 2FA, MFA, and TOTP
- There’s a terrific travel mode
- The “Secret Key” feature
- Watchtower password strength checker
– Cons
- Based in Canada (privacy issues)
- No free tier
- No telephone or live chat support
Check out our in-depth 1Password review for more info.
KeePassXC – Best for password manager for tech-savvy users
Website | Keepassxc.org |
Platforms | Windows, macOS, and Linux |
Browser extensions | Chrome, Firefox, Opera |
Free version | Yes |
Encryption | SHA-256 |
Support | Community forum |
Price | Free |
While KeePassXC isn’t flashy nor user-friendly as other password managers on our list, once you overcome the initial challenges, you’ll find it to be highly useful. It’s a cost-free, open-source solution that will let you call all the shots about your passwords and other sensitive data. Also, it’s more secure than its cloud-based counterparts.
If you’ve heard about KeePass, then you must be familiar with its most famous fork – KeePassXC.
It was created by its committed community of developers who weren’t too happy about KeePass’s security features and limitations of KeePassX (a port of KeePass for Windows). Also, if you’re using Linux or macOS, you’ll want to go with KeePassXC.
As you probably presume, KeePassXC is a free, open-source, and cross-platform password manager that doesn’t fall short on features. However, it lacks a feature that made the original password manager special, and that’s support from plug-ins.
For us, this is the main shortcoming of using KeePassXC as there are plenty of powerful plug-ins for KeePass out there.
Unlike most of its competitors, KeePassXC isn’t a cloud-based tool, which has its pros and cons. After using the industry-standard 256-bit AES encryption to shield your database, KeePassXC stores all your data locally and offline, without the need for an internet connection.
While storing data in the cloud is convenient and cost-efficient, it comes with a couple of security and privacy concerns. For instance, if the cloud storage gets leaked.
Also, unlike its competitors, KeePassXC won’t automatically sync all your data across devices. This means you’ll have to roll up your sleeves and sync everything on your own by utilizing one of the file-syncing services such as SpiderOak, OneDrive, and Dropbox.
While this is certainly one way to keep the complexity of the code low, it’s not very convenient as it can make the setup somewhat time-consuming.
Not surprisingly, KeePassXC isn’t particularly beginner-friendly. After all, it’s an open-source solution designed for professional and tech-savvy users overall.
This also becomes clear as soon as you check out KeePassXC’s customer support options. You can consult KeePassXC documentation and FAQ section, as well as its blog which gets updated now and then – and that’s it.
Nevertheless, with a bit of technical know-how (and patience) you’ll realize that KeePassXC is a pretty powerful password manager that can make you feel fully protected.
+ Pros
- A completely free and open-source solution
- Built-in 2FA support
- Built-in browser integration
- Several sync strategies
- Sturdy security settings
- Strong password generator
– Cons
- A steep learning curve at the start
- Doesn’t support plug-ins
- No standard customer support
To find out more about KeePass and KeePassXC, check out our KeePass review.
Dashlane – Best password manager for premium features
Website | Dashlane.com |
Platforms | Windows, macOS, Android, iOS |
Browser extensions | Chrome, Safari, Firefox, Opera, Edge |
Free version | Yes |
Encryption | 256-bit AES |
Support | Email; chat |
Price | From $4.99 |
If you’re prepared to pay for a feature-rich premium password manager that provides a first-rate experience for all its users, Dashlane might be right up your alley. In addition to everything you could wish from this sort of security solution, it also throws in a virtual private network (VPN) and dark web monitoring service – a sight for sore eyes indeed.
With an unbreakable 256-bit AES encryption and a wide variety of high-security features, it’s no surprise Dashlane caught our eye. In addition to everything one should expect from a premium password manager, Dashlane also provides its users with a VPN, real-time dark web monitoring service, and password health checker.
With a VPN for public WiFi protection, Dashlane exceeds expectations about an everyday password manager. Also, the built-in VPN is as swift as most stand-alone VPN solutions on the market.
Another noteworthy among Dashlane’s features is its password health checker, which goes through your password vault and checks whether any of your passwords are reused, compromised, or simply weak. While calculating the score, the app will give priority to critical passwords – like the one for your banking account.
Last but not least, we must mention dark web monitoring. The dark web is the space where most sensitive data gets stolen by scheming cybercriminals. To save the day, Dashlane’s dark web monitoring tool will check if any of your personal data has been compromised.
The only thing you need to do is enter your e-mail address (for instance, the one linked to your credit card), verify your decision via e-mail, and leave the rest to Dashlane. Your data should be monitored 24/7, and if any information about data theft has been found, you’ll be alerted at once.
By utilizing the sophisticated security practices we’ve covered above, Dashlane manages to stay one step ahead of its competitors in terms of security. However, if privacy is your top priority, you should know that Dashlane is based in the USA, one of the Five Eyes nations, which is never good news.
Also, there’s no information about security audit results beyond the point-blank statement that all its products are audited regularly and by different auditors – and that’s about it.
Being more expensive than other password managers on the list may appear like a stumbling block at first. However, the price is actually pretty reasonable considering you’ll be getting one of the finest, feature-rich products in the industry.
+ Pros
- Account recovery with business plans
- Built-in VPN with premium plans
- Dark web monitoring
- Intuitive, well-designed UI across all platforms
- Personalized security alerts
- Simple setup process
- There’s a free tier
- Tons of fine features
– Cons
- Based in the USA
- No information about audit results
- Premium plans are expensive
Also, check our Dashlane review for more details.
What are the overall best password managers for 2024?
According to our latest tests, NordPass holds the top spot on our list. It utilizes cutting-edge “zero knowledge” XChaCha20 encryption, MFA, biometric logins, a data breach scanner, and a password health tool. Despite that, NordPass has managed to stay a beginner-friendly and easy-to-use solution overall.
However, although NordPass takes the first place, if you’re looking for open-source software that will let you tweak the code to your taste, it won’t be the right solution for you. In that case, Bitwarden which takes the second place and might be just the thing you had in mind.
Why do you need a password manager anyway?
Now that you know what the best password managers are, you might still be wondering why you need one anyway.
Perhaps you’re one of the rare people who use something simple as the date of their birthday as their password and somehow managed to avoid falling victim to cybercriminals. If yes, consider yourself lucky beyond belief.
Unfortunately, while that worked for some of us once, it’s not good enough anymore. So, here are the top reasons why should pick out a password manager right now.
1. You’ll have to remember only one password
Since with a password manager you’ll get one password to rule them all (that is, your master password), there’s no need to rack your brains remembering tons of passwords that make no sense at all.
If you’ve been collecting tips and tricks about coming up with rock-solid passwords, you know that they should consist of 16 random characters (at a minimum) and contain letters, numbers, punctuation, as well as special characters.
For instance, this is an example of a password that meets that criteria and we just got it from Dashlane’s password generator tool – you can try it out right here.
While there might be a technique that would teach you how to memorize such a password (or dozens of them), getting a password manager is much easier.
The only password you’ll ever need to remember with a password manager is your master password. Plus, the best of them provide biometrics, so you won’t need anything besides yourself (your fingertips, eyes, or voice) to access your password.
2. You’ll boost your security with a strong password generator
With a strong password generator, you can create (as suggested) a strong password, and you’ll want to come up with a different one for each of your accounts.
Password cracking tools tend to guess the most frequently used passwords first. So, to avoid falling into their trap you can take advantage of a random password generator. This is because a randomly generated password will always be stronger than anything you come up with.
Also, with data breaches flooding the news across the world and hackers stealing all sorts of sensitive data from their unsuspecting victims, making sure your data is safe and sound has never been as critical. Most account passwords stolen aren’t stolen simply due to the negligence of their users but because of a data breach.
So, stay smart about security and use a strong password for your accounts. Thankfully, with one of the best password managers, this is a piece of cake.
3. You can be confident all your sensitive data is safely stored and completely encrypted
While keeping all your passwords in a plain text file on your computer might sound like a good idea at first, it’s far from the safest way to store them.
Pretty much anyone with access to your computer can open the file and see your passwords – and it takes almost no effort at all. And it goes from bad to catastrophic due to the fact that none of your data is encrypted.
On the other hand, with one of the best password managers, your data will be encrypted with strong encryption – AES 256-bit is the industry standard, so don’t settle for anything less than that. As its name suggests, it uses 256-bit key length to encrypt/decrypt data and keep it safe.
Also, a password manager will shield you from phishing attacks, one of the most widespread strategies for stealing login credentials. They come in the form of seemingly innocent e-mails, but these include fake login screens which are fabricated to capture and steal your login information.
Since a password manager won’t let you enter your password if a domain name isn’t correct, it makes you less susceptible to these sorts of cyberattacks.
4. It’s a quality-of-life upgrade for your day-to-day life
With a password manager, you can store more than just passwords – for instance, you can keep all your shopping profiles in one place.
Pair that with a convenient auto-fill feature, and you’ll manage to save yourself the time and trouble of tracking down your login information and tediously typing in everything by yourself.
Also, an ample amount of time is saved when you’re asked to remember a one-and-only password (your master password) instead of memorizing a unique password for each of your accounts.
In addition to saving time, a password manager is available on almost any device, which means you can take it with you wherever you go. All the best password managers will give you the ability to sync its app across all our devices, which makes it an excellent ease-of-use solution.
5. Most of the best password managers offer a free tier
If you’re trying to save some money for rainy days, you’ll be glad to hear that many password managers offer some of their services for free. There are exceptions to this, such as with 1Password. However, when you want premium features like we found in our 1Password vs NordPass comparison, you will be on a paid plan regardless.
However, most of these freemium editions come with some restrictions – mostly, they can be used on one device only.
While this may appear like an instant deal-breaker for those who wish to utilize a password manager for their whole family or a business, it’s also an excellent opportunity to try out the app before spending any money on it.
While paid services have their advantages, they’re not necessarily superior when it comes to security. So, if you’re searching for a superb password manager for yourself, it’s more important to look at the brand and its background than at the price itself.
Why you shouldn’t let your web browser save your passwords
All popular web browsers will offer to store your passwords for you – Google Chrome, Mozilla Firefox, Microsoft Edge, and Chromium-based Brave included. However, taking them up on their offer might not be the smartest idea.
If you’re wondering why here are the two main reasons:
- Browsers often don’t have particularly strong password security, even if you’re using one of the most secure browsers. More often than not, these passwords are stored in plaintext. Also, there are tons of tools available online that can give hackers access to your computer and enable them to steal passwords stored in the browser, whether physically or via remote access schemes.
- Browsers will record usernames and passwords you enter into a web page, and that’s it. They won’t help you generate secure passwords or let you know how strong your password is – namely if it is weak, reused, or compromised in another way. So, for instance, you might end up using the same password for dozens of different sites, which is a pretty poor security practice.
How password managers work
At a bare minimum, password managers take the form of browser plug-ins, extensions, or dedicated apps on your operating system.
Whenever you fill in a username and password, they offer to record that information, along with the page you entered them on. From then on, whenever you visit that webpage, the password manager will offer to fill in the username and password for you.
Any good password manager will store this information secured away in an encrypted archive, using strong encryption that isn’t vulnerable to the kinds of attacks that browsers suffer.
Apart from this, there is a whole variety of additional feats your password manager might perform for you. Here are the core features you should find in any respectable password manager.
Ease of use
If you’re struggling to use a password manager right at the start, then its days are numbered.
One of the first things to consider when choosing a password manager should be ease of use.
So, to cut to the chase, here are the crucial usability features you should look for in a password manager.
1. Auto capture
Auto capture is the ability of a password manager to record the login information you enter into a page.
Most password managers can do this since most login pages are designed with username and password fields that a manager can recognize.
But some pages use non-standard data entry fields or otherwise make it difficult for a password manager to record the data properly.
For instance, one of the banks you’re currently using could do something strange that results in the password manager failing to properly record your password. So, once a manager fills in the login form, you’ll need to manually edit the password field with the correct data.
Once the information is captured, the app should be able to autofill the information the next time you visit that page.
2. Autofill
Autofill is the ability to fill in the user information on a login screen or other security-type page.
If you use more than one account associated with the page, instead of auto-filling the page, the password manager should give you some way to choose which user account you want it to use when filling in the data.
3. Auto login
This is the ability to enter user information and log into a site automatically.
As with autofill, auto login should give you some way to select between user accounts when there is more than one associated with a particular page.
4. Random password generation
While the point of a password manager is to remember the strong passwords you create for online use, humans usually aren’t good at generating strong passwords. That means for the best security, you need some way to create really strong passwords.
There are tons of how-tos online that can help you do this, but your password generator can also help. In the image above, I’m using 1Password to generate a strong, unique password that includes symbols, numbers, and upper and lowercase letters. If you wish, you can try it out here.
Importing passwords from your browser
While storing passwords for sites in your browser seems better than nothing, it isn’t the best idea after all.
So, now that you are going to start using a password manager, you’ll need a way to move all those passwords from your browser into the manager. That would be a real headache if you had to do it manually.
It helps if you choose a password manager that can import passwords from your browser. You may need to do some cleanup work once you import the passwords, like deleting accounts you don’t use anymore or giving accounts stronger passwords.
Nevertheless, your data will be more secure if you import it from the browser to your password manager and then delete all the saved passwords from the browser.
Security and privacy with password managers
All things considered, picking up a password manager is definitely the way to go.
Of course, with all your passwords and other data stored in it, you had better be sure that your password manager is secure and private.
While it is impossible to guarantee any software is 100% secure and private, here are some characteristics to look for.
1. Secure access to the password manager
You’ll be required to log into your password manager before you can use it. That’s a given.
And considering that all your secrets (or at least your passwords) will be accessible to anyone who can log in to your password manager, you will want to use a rock-solid password manager with a full range of security features.
2. Two-factor authentication
Simply put, two-factor authentication (or 2FA for short) is an additional layer of security used to check if people trying to gain access to an online account are who they claim they are.
So, after a person enters their username and password, instead of getting into their account they’ll be asked to answer a question or two. It can be something as simple as a secret question (“What’s your mother’s maiden name?”), a verification code sent to your email address or the biometric pattern of your fingerprint.
As you can see, several methods can be used to provide the second factor. In general, the strongest second factors are physical devices like YubiKeys or FIDO U2F security keys. While having to connect a physical device to your smartphone or laptop to access your passwords is a hassle, it forces someone who wants to steal your data to physically get their hands on that security key to do so.
While this is more secure than using a phone number or email address as a second factor, it can create problems if you lose access to the physical device. For instance, if you break it, lose it, or forget to back it up properly.
3. Strong encryption
With time, your password manager will hold an ample amount of your important personal information in a database that resides on your device, in the cloud, or more likely, in both places. That’s why it must utilize secure, end-to-end encryption.
One of the password managers that meet this standard is Bitwarden, so we’ll take it as an example. As we’ve mentioned above, Bitwarden makes use of AES 256-bit encryption as well as PBKDF2 to secure your data.
If you’re wondering what AES and PBKDF2 are, here are the definitions:
“AES is a standard in cryptography and is used by the US government and other government agencies around the world for protecting top-secret data. With proper implementation and a strong encryption key (your master password), AES is considered unbreakable”
“PBKDF2 SHA-256 is used to derive the encryption key from your master password. This key is then salted and hashed. The default iteration count used with PBKDF2 is 100,001 iterations on the client (this client-side iteration count is configurable from your account settings), and then an additional 100,000 iterations when stored on our servers (for a total of 200,001 iterations by default).”
All in all, you should make sure your password manager is using solid encryption standards.
4. Open-source code
In short, open-source code is code that can be viewed, modified, and distributed by anyone.
The advantage of open-source code is that people can and do examine the code, looking for hidden backdoors or other problems that could compromise the security of the product (the password manager in this case).
While open source does not necessarily mean secure, it is considered to be more secure than proprietary software, where outsiders are prevented from seeing what’s going on behind the scenes.
5. Independent security audits
Seeing all the security and encryption that a software developer puts into their password manager is reassuring. But to truly know if a password manager is secure, you will want to see a security audit of that product.
A security audit entails an outside company doing things like trying to hack into a product, auditing the source code for problems, and analyzing how encryption protocols are used in the product.
If a company conducts regular security audits of its password manager, it will likely be more secure than a product that isn’t constantly being tested in this manner.
Fortunately, we are seeing more and more password managers getting independently audited, as we noted in the NordPass vs Bitwarden comparison.
6. History of security or privacy issues
Another thing you’ll want to check is whether a password manager has a history of security or privacy issues.
While virtually no piece of software is immune to attacks, you may want to consider previous issues. For example, a 2019 report found a vulnerability that affected several major password managers (1Password, Dashlane, KeePass, and LastPass), potentially leaving your master password exposed in clear text in computer memory.
While under certain circumstances, this kind of problem could give a hacker complete access to all the data stored in your password manager, using a password manager is still a safer approach than storing your passwords in your browser or using insecure passwords.
Supported platforms and browsers
A password manager is of little use if you can’t use it across all your devices (smartphones, desktops, tablets, and so forth). When looking for a password manager, make sure it supports all the devices, operating systems, and web browsers you use.
The best password managers generally offer:
- Native desktop applications for Windows, macOS, and Linux
- Mobile apps for Android and iOS
- Web browser extensions for the most popular browsers
Pricing (free vs pocket-friendly vs premium)
As with most things in life, price matters with password managers.
You’ll want to choose the one that is priced so that you can use it everywhere you need it but without going broke. Beyond that, you will probably want to choose one that offers a free tier or a free trial.
Since you will be interacting with your new password manager constantly, it makes sense to give it a test drive before you make a permanent commitment.
So, if possible, test a free or trial version of any password manager you are interested in before making any purchases. Fortunately, most password managers, including NordPass and LastPass, offer some kind of free/limited version.
There are also Black Friday and Cyber Monday password manager deals you can take advantage of. In particular, the NordPass Black Friday deal is also getting a lot of attention.
Additional features you may want with your password manager
Beyond their core features, password managers try to stand out from the crowd by adding some sweet additional features.
This is where you should keep your eyes open because some products offer free or low-priced versions with all the basic features and premium versions with good-looking features that you’ll never get to use.
So, here are several additional features you might want to look for.
1. Application password filling
While most password managers only fill in passwords and other user information on web pages, some of them can take it one step further.
These rare finds can enter your login data into an application running on your device. For example, while most password managers can enter your user data on the Gmail sign-in page, some can enter your credentials into desktop apps, like GoToMeeting, or your favorite game.
2. Authenticator app functionality
Here is a twist on 2FA.
Some password managers (once you are logged in to them) can function as the second factor in the 2FA of other products. However, we’re not sure how practical this would be in everyday use, particularly if you are already using a physical 2FA key on this device.
3. Digital legacy support
Hypothetically speaking, what if you happen to die all of a sudden and you have critical information stored in your password manager you wish to share with your heirs beyond the grave?
It turns out that many of the current-generation password managers have some sort of digital legacy features built into them to make it easier for your heirs to get access to your stuff.
4. Ease of switching from a different password manager
For one reason or another, you may want to switch password managers someday.
If this seems like a good possibility to you, you may want to investigate whether your password manager can export data in a form that other password managers can import.
So, look at the export option in your password manager. The more file formats it can use to export data, the better.
5. Encrypted file storage
Many password managers throw some form of encrypted file storage into their products.
This will allow you to store entire documents in the manager’s database, not just user credentials. In some cases, this feature is built into the product, while in others, it is an optional add-on.
6. Password strength analysis and updating
Being able to generate strong and secure passwords is great. But once you shift over to a new password manager, you will likely find that you have lots of not-so-strong, not-so-secure passwords mixed in with the solid ones.
Bitwarden offers a cool feature that will check your password against a database of exposed passwords from data breaches. You’ll be alerted if you are using one of these passwords:
Some products can analyze the strength of all the passwords in the database and automatically generate better passwords for them. And some will even help you with the update process.
7. Secure shared access
As a general rule, sharing your password manager with anyone is not a good idea.
However, there are situations where you may want to share access to part or all of your password databases, such as in a business or team setting.
Some password managers offer a structured capability to do this, instead of simply telling someone your master password.
With them, you can find everything from family plans with a limited number of users, to corporate-scale plans with lots of flexibility, and a sharing dashboard that allows you to control everyone’s access easily and efficiently.
8. Travel mode
If you’re an international traveler, you’ll probably find that managing all passwords on the devices while traveling tends to be tricky.
You might not want some border guard to have access to all your passwords. However, moving the passwords from your travel device and then moving them back on can be a real headache.
Some products come with a travel mode, which allows you to designate which passwords remain on your devices when you travel, and which should be automatically removed before the trip and restored after.
However, taking advantage of travel mode takes some setting up, but if you travel a lot, this could turn out to be a real time-saving and privacy-enhancing option.
9. Web form-filling
Many password managers go one step beyond filling in your username and password and allow you to fill out entire web forms. They may be able to automatically enter your mailing address, phone number, credit card number, and similar type of information into the proper field on a form.
While the most secure approach to entering this kind of information is to do so by hand whenever necessary, this can be slow and error-prone.
Many sites and services offer to store the data they require in their own database and pre-fill fields for you. That is surely the fastest and easiest way to go, right?
But when you look at the number of personal data records that get stolen, leaked or otherwise exposed every year (the cybersecurity statistics say that large-scale data breaches are becoming increasingly common), it becomes clear that this isn’t such a great idea.
So, the best balance of speed, accuracy, convenience, and security could be to feed all this data into your password manager and let it fill out the web forms for you.
Best Password Managers FAQ
The most important things to consider before choosing a password manager are what level of security the manager provides, whether is it compatible with your devices and browser and where are your passwords and other personal data stored. Also, look for a free tier or free trial so you can try out everything before committing.
While there are more than a few password managers that offer a fine autofill functionality (1Password, Bitwarden, and Keeper, to name a few), Dashlane is probably the best of the bunch. It’s simple and secure, and you can easily turn off autofill for certain sites if you want to.
Out of the most popular password managers, LastPass has been infamously hacked, and this year to boot – the information about this incident was shared on LastPass’ official blog on September 15, 2022. LastPass is now facing a class action lawsuit over the incident.
Conclusion
That’s it, we’ve finished our Best Password Manager for 2024 guide and covered everything you should know about password managers before deciding which one is the right for you.
Since all password managers on our list are equal in terms of essential functions but differ when it comes to extra features, there’s no wrong choice here.
It’s all about your needs and desires. So, take the time to check all our top password managers to get an idea of what are the most important features for you.
Also, while a password manager is one of the most critical privacy tools to use in the digital age, it’s not everything. Using a secure browser is as important, as well as a solid VPN service to conceal your IP address and location.
This guide on the best password managers was last updated on May 26, 2024.
Utsav Chopra
For European users Uniqkey is recommended. It has automatic 2FA as well.
Mike
Two more password manager available for iOS and Mac users:
1) Strongbox – https://strongboxsafe.com/
It can be used jointly with other password managers, such as KeypassXC, including on other OS’s too.
2) gopass – https://www.gopass.pw/
This password manager can also be used on Linux and Windows.
Nuke
Can you please review the Zoho Vault Password manager?
Sven Taylor
Yes we can add that to the list of reviews for 2024. Thanks for the feedback.
Brad Bradley
If you get the time could you please do a review on Proton Pass?
Thanks 🙂
Bill Dube
I am surprised that eWallet by iliumsoft.com did not make your list. I’ve been using for over 20 years and happy with more than just its ability to make and store passwords as there is more to storage of site information needed. The company has been in the game for over 26 years too.
bcup
I really like buttercup.pw
Alex750
The well-worn topic of password managers. Any third-party service can fall victim just like LastPass did. So, if we’re considering it for work, the best solution is to have full control over our database on our own resources. That way, there won’t be any leaks, and if it does happen, it’s our responsibility. In terms of usability, in our team, we find ServiceLockBox to be the most convenient, and there’s also a version of it on the Azure marketplace. We’ve implemented it and feel at ease.
Georgie
And it’s for this very reason: “any third-party service can fall victim”
It is precisely this reason that prompts companies and other entities to gaslight their employees and prohibit the use of password managers.
Instead, they prefer their staff to persist in the insecure practice of noting down passwords on sticky notes every few months and attempting to “hide” them.
Only when management decides to scrutinize, employees may face reprimands or even more severe consequences for choosing the sticky note method over memorization.
As long as companies possess ransomware insurance, their IT administrators are unlikely to prioritize resource allocation towards preventive measures. The cycle continues unabated!
quietme
Should Dashlane be de-listed from this page since they send recovery codes via the insecure medium that is SMS text?
Keeper seems a superior product for people who don’t mind paying for it (there’s no free Keeper license).
Take your pick between Bitwarden and NordPass as the best free password managers at the moment imho. Each has relative merits compared to the other. Logmeonce has a free product but the number of settings in the product is overwhelming to the average user. Zoho vault is another potentially interesting free product.
quietme
Why not ditch passwords and password managers in favour of http://www.passkeys.io ?
Milkey_Toes
Maybe because it’s a fairly new protocol that isn’t widely adopted yet. You only have to look at this page to see how limited it is at this time: https://www.passkeys.io/who-supports-passkeys
Scubababe
Where is Nordpass located?
RV
I’m becoming frustrated with Bitwarden.
They recently implemented captchas on their website and this is a major pain because they’re using the sometimes impossible to solve block captchas/images even when you know you got them right. I’ve read IPv6 and captchas don’t play well with each other.
Akash
Where is the passbolt? (https://www.passbolt.com/)
Mike
@Akash why do you like passbolt? Is it open source? Encrypted?
Luis Felipe
What about Proton Pass?
Mike
@Luis Felipe I use Proton Pass and, so far, I like it. The only drawback is a lack of a desktop client which I hope Proton Inc. makes soon. Otherwise, I use Bitwarden for a desktop client. Proton Pass is very recent and the guys behind it probably haven’t gotten around to reviewing it yet.
Paolo
Thank you for your articles. Really good. I would add Keeper in your list. I choosed Keeper after a long research on the different password managers. (I’m not related to Keeper and have no interest into the company.)
Mike
Please keep in mind password managers like Keeper, Last Pass, 1Password, and Dashlane are proprietary apps which means the companies behind them can change the terms and conditions without notice.
If you like Keeper, good for you. But I suggest you stay vigilant or consider switching to an open source and encrypted password manager like Bitwarden or Psono including buying a subscription.
https://psono.com/
jfg
I’ve been using Password Safe for years: https://pwsafe.org/
Open source and regularly updated.
Hans
Thanks for those articles. Following the guidance I have looked at NordPass, Bitwarden, 1Password. I was using LastPass for a while. In my view, what the article misses ist that NordPass lacks the ability to save TOTP/One-Time Passwords, which Bitwarden and 1Password to. For me it’s a big time saver, even if I am aware that the purpose of the two factor is, to have a second device.
Dan Cortese
NordPass does support TOTP, they just have to be added through the mobile app and via the particular websites QR code presentation.
Mike
“Bitwarden and other password managers are being targeted in Google ads phishing campaigns to steal users’ password vault credentials.”
https://www.bleepingcomputer.com/news/security/bitwarden-password-vaults-targeted-in-google-ads-phishing-attack/
Bronco
Nothing that good DNS firewall, properly configured, wouldn’t block. Because, usually, these types of attacks are executed on DNS level.
Josh
> Out of the most popular password managers,
> LastPass has been infamously hacked, and this year to boot – the information
> about this incident was shared on LastPass’ official blog on September 15, 2022.
> **Fortunately, no user information was ever compromised. **
This needs updated/corrected. User vault backups were exfiltrated. LastPass user vaults contain PII/metadata (usernames, URLs, IP addresses, addresses) that were not encrypted. Even if the passwords/secure notes/secure attachments were encrypted, a treasure trove of user data was compromised.
Sven Taylor
Yep, it’s fixed now Josh.
Bronco
https://www.nytimes.com/wirecutter/blog/what-are-passkeys-and-how-they-can-replace-passwords/
Achkar
I use Keepass and change file names to the password library and.key. I only trust my own computer. Don’t trust cloud, password managers in all their forms. You will find it very strange. Sometimes privacy and security are sacrificed for convenience. Sometimes convenience is sacrificed for privacy and security. Where is the balance?
I used to use Keepass XC, but I now think that its interface, operation, and software optimizations are deliberately done by developers to slow down users. I use its password generator to open the door. But I don’t like it now. The upper limit of password generation is only 999
KeePass password generation, through the numeric input can be more than 30,000, even 31 groups of passwords at a time. But the password library is limited to 2000 words or less. More than that will crash. The higher the password, the more secure it is. As long as there are no backdoors, surveillance, middlemen. What’s a problem that can’t be solved with a longer password? Reject any form of brute force. In a variety of web pages using 2FA, manually enter one at a time to restore the code using light. Don’t give the brute force breakers a chance
Mike
Psono is a free and open source password manager made in Germany that is similar to Bitwarden. It is available on iOS and Android and can also be used on MAC, Linux, and Windows desktops.
https://psono.com/
Mike
One password manager that looks very good for iOS is Strongbox. It is free and open source and can be used on mobile and desktop.
https://strongboxsafe.com/
Marc
One thing I learned the hard way is that before you purchase a new password manager, make sure the new one can successfully import your passwords in the format that your old one generates for export. Password format is very important for a smooth transition.
Some password managers do not generate .csv but .json or .txt files which have to be converted manually, and if you have many passwords this would be very time consuming, and cumbersome to do.
Mike
“Passkeys are here to (try to) kill the password.”
https://arstechnica.com/gadgets/2022/12/rip-passwords-passkey-support-rolls-out-to-chrome-stable/
Marc
Hi Sven,
Another popular Password Manager is StickyPassword but I see no review or comments about it. I would like to know your thoughts, and of other posters who use it. Thanks.
Mike
@Marc I wouldn’t bother with StickyPassword since it isn’t open source. Being proprietary means the people behind StickyPassword can change the terms and conditions any time. In my view, the best password manager is Bitwarden.
Authority
Hello. Will there be a review ExpressVPN Keys?
Sven Taylor
Yes in the next few months, but no firm timeline at this point.
Elemir
Hi Swen,
have you already tested Enpass password manager? What’s your opinion on it.
Sven Taylor
Hi Elemir, no we have not tested that one. You can find all of our password manager reviews here.
Elemir
Thanx. Do you plan to test it in the near future?
SodiumLit
Not exactly a manager and certainly not a solution for all demands, but I was missing at least some hint at vaultless, on-the-fly generators in the vein of LastPass. It’s been years since I last used any of those clumsy and often weighty “traditional” managers with some sort of retention, safe or “vault”, it never felt quite right anyway. Especially at the point when you’d need a whole database, you’re probably doing something wrong more generally and would be better served with dedicated hardware/devices/cards. With very few exceptions for technical or practical reasons however I use LastPass for everything now, and before that already some similar, non-commercial though inferior realization implemented in Go. You may find others, although hardly as feature complete as LP. Don’t get confused, LastPass is partly commercial and there is a web interface but the relevant code’s on GitHub and can be used as is, or if you prefer only locally: I use the website only for mobile logins. Other than that it’s a foundation, no out-of-the-box solution like what is dealt with above, but with only a little scripting I was able to easily answer most of my needs and my setup is probably more comfortable, certainly more individual than anything the ready-mades could deliver. It won’t get more platform independent than that. It’s more elegant to compute your passwords than to statically stuff them somewhere like it’s some sort of treasure when a password should be throw-away. Is it also efficient? Intuitive? YMMV.
Ayumu Uehara
Another open-source password manager here. Padloc, which passed security audit.
https://padloc.app/blog/security-audit-ncc/
Advantages of Padloc:
– You can set the master password right from the Padloc app and not via your browser. This will avoid phishing attacks.
– With Bitwarden, you need to login to Bitwarden Vault via your browser and not from the app to change the master password.
– More beginner friendly as they encourage beginners to use passphrase instead of password.
– For review, you can search for Padloc review on ITSFoss.
– Data is hosted in Germay and not in the US according to their FAQs.
https://docs.padloc.app/questions/#why-should-i-trust-you%3F
J.M.
Here is a question after several weeks of searching, and I will post here and on the browser page.
With all this talk about a third party password managers. There are indeed positives but also some negatives to this.
However, on KeePass, the passwords are not on the cloud server.
This brings me to the question about browser passwords. Normally no.
But Brave is open source. They do not store passwords in the cloud, and then any sync is done with client side encryption with encrypted pass phrase.
https://community.brave.com/t/is-brave-built-in-password-manager-safe/261968
This keeps the passwords encrypted on my end and then shared between my own devices.
Would you all consider this secure to use?
Chrome_user
Absolutely not. I just found a third party freeware utility pack that can read Chromium passwords. Saving passwords on the cloud is not without its risks, but it certainly seems safer than storing it locally using the built-in Chromium password features.
UncleTodd
Personally, I found that if you’re using Bitwarden on an iPhone/iPad or a PC it’s really good. However, with Android the developers don’t care much.
The Android version is painfully slow to retrieve your cloud log-ins and passwords. In contrast, with iOS, regardless of how old your device is, it’s almost instantaneous. Autofill rarely works on Android devices.
I think this is another example where Android was once ‘king’ in terms of developers preferring it over iOS, but that’s no longer the case it seems. Even many banking apps lack biometric features on Android but are the norm with iOS.
S
Hi SJ,
“i’m no expert and this doesn’t *fully* answer your question, but – 1password has a built-in TOTP qr code reader (compatible with just inputting the secret code as well), i don’t have an authenticator app downloaded and just use 1password’s feature.”
I’m currently a paid user of Bitwarden. As well as the password manager, the paid version of Bitwarden contains totp 2FA. However, I’m in agreement with those who recommend not using a combined password manager & 2FA feature in the same app. That is since if a hacker manages to breach the defences of that product, it is catastrophic that they can steal passwords and totp info. Having 2FA in a separate product from the password manager provides an additional level of defence.
Mike
I think your point has some truth to it but keep in mind Bitwarden has AES-256 encryption making it extremely difficult for hackers to penetrate. There is the possibility of monitoring keystrokes through viruses, but using an open source keyboard app can make this difficult too.
To the best of my knowledge and up until recently, iOS did not have open source 2FA apps. Thankfully, now they do such as Raivo OTP & Tofu Authenticator. So the “all-in-one” solution was the best choice given the circumstances at the time.
SJ
i’m no expert and this doesn’t *fully* answer your question, but – 1password has a built-in TOTP qr code reader (compatible with just inputting the secret code as well), i don’t have an authenticator app downloaded and just use 1password’s feature.
Among Us
Review Myki
Henri
They have been bought .. sadly … it was the best ( easy and functional) and more secure option even if it was not open source. I wish BitWarden get something from them. The non-cloud solution is great if you have devises spread in different locations . I feel the interface was quite convenient
roboform fan
how about Roboform I have used it for years, have tried others but always come back to roboform, am trying bitwarden now but I think roboform is easier
Mike
RoboForm doesn’t look like it’s open source so, in my view, is a reason not to use it. If you like it great! More power to you. But please be aware proprietary software enables the company that owns RoboForm to change the terms at any time and without notice. Meaning at some point you could become their product.
anon
It will be a great add on a review of Myki pass manager
George
Great article as always Sven!
Do you know of any password managers that incorporate SSO (SAML) along with a traditional password vault for sites that do not support SSO? Would be nice to login once and then simply pass the auth tokens to sites instead of username / pass combo. Makes it easier to rotate passwords since its all tied to the SSO identity.