We’ve been testing many password managers over the years and there’s one question that continually comes up: What is the best password manager?
The answer to this is a bit tricky, since there is no one-size-fits-all solution, and the best password manager varies depending on your needs and uses.
Best password managers
So let’s cut to the chase.
Here are the best password managers that we’ve tested:
Bitwarden – Free, open-source password manager
Bitwarden has been around since 2016 and it is currently my top pick for the best password manager. It is completely open source, has been audited, and offers some great apps and browser extensions.
Bitwarden stores credentials securely in the cloud, but can also be used offline in a read-only state. This functionality offers great cross-platform compatibility, allowing your passwords to be synced and accessed by simply logging in to your account. Encryption is carried out locally, with data stored securely on Bitwarden servers. And if you don’t want to store anything on Bitwarden servers (cloud), you can host your own Bitwarden instance.
The free version should provide ample features and functionality for most users, but you can also upgrade to different paid plans. While we love Bitwarden, 1Password might be a better choice for enterprise clients.
Whichever plan you choose, it is easy to make the move to Bitwarden. That’s because Bitwarden knows how to import your passwords from over 40 password managers, as well as from most web browsers.
https://bitwarden.com/
See our Bitwarden review for more details.
NordPass – Best newcomer to the password manager scene
You might consider NordPass to be the younger brother of NordVPN, one of the best VPN services we’ve tested. NordPass seems to benefit from the years of experience gained by the Nord team. It is easy to use and backed up by the full resources of Nord. NordPass uses the advanced XChaCha20 encryption protocol to ensure that no one can hack your passwords by breaking the encryption. We found NordPass easy to install and configure, and it comes right out of the gate with clients for Windows, mac OS, Linux, iOS, Android, and all the major web browsers.
We’re happy to report that Nord’s engineers addressed the one glaring problem we had with the initial release of NordPass–the lack of a category for personal information. NordPass 2 fixed that problem and has numerous minor changes that make the password manager even easier to use than before. The NordPass user interface is not only easier to use and more logical than before, it is very similar to that of NordLocker, another new member of the Nord family of security products.
While NordPass isn’t open source, the fact that it comes from one of the most trusted companies in the internet security space, and the fact that the product got good marks in its recent independent security audit make us comfortable recommending you take advantage of the NordPass free trial before choosing your next password manager.
https://nordpass.com
See our NordPass review for more info.
1Password – Extra-secure password manager
All the best password managers use strong encryption to keep your data secure. But even the strongest encryption is vulnerable if you choose a weak master password. That’s because your master password is used as the encryption key for your data. And easy to remember master passwords are usually weak master passwords. 1Password solves this problem with an auto-generated Secret Key. The Secret Key is combined with your master password to create an uncrackable encryption key, one much stronger than you could possibly memorize.
1Password securely stores your credentials in the cloud, while maintaining an encrypted copy on your devices for those times when you don’t have an internet connection. Their innovative Travel Mode lets you remove credentials from your device with just a few clicks. This protects your privacy from overly inquisitive border guards or anyone else who might get their hands on your device. It only takes moments to restore the removed credentials once you are somewhere safe.
1Password is not open source, but both the company and the software have gotten good marks in recent independent security audits. 1Password plans has plans for every audience, from individual users to large enterprises.
See our 1Password review for more details.
KeePassXC – Locally-hosted password manager
Unlike Bitwarden, which stores passwords securely in the cloud, KeePassXC stores passwords locally and requires no internet connection. Here’s a brief explanation of KeePassXC from their website:
KeePassXC is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal to extend and improve it with new features and bug fixes to provide a feature-rich, fully cross-platform and modern open-source password manager.
KeePassXC is very powerful and flexible, but it is more geared to engineers, computer professionals, and other technically-inclined people than our other favorites.
The KeePassXC project is open source with regular updates and improvements, which you can follow on their blog.
Our KeePass review has more info on both KeePass and KeePassXC.
We will continue to update this guide with new info and any other changes to our recommendations.
Feel free to leave your feedback below.
What’s the opinion of Brave browser’s native Autofill/Pass feature? Running on Mint 20.2 desktop only. Safe?
Hi Sven!
Just wondering if it worth to mention Unix Pass? [https://www.passwordstore.org/]
The passwords are encrypted with the users own GPG key, they can be stored in any git repository (Github, Gitlab, Bitbucket, own server, whatever), therefore can synced between computers/phones. There are many ways to use it beside the command line: browser plugins, Alfred workflows, cross-platform clients.
Am I right if I say, the best privacy is if I don´t have to agree any terms and conditions to a 3rd party provider?
Oh too bad! Mozilla is ending its support for Firefox Lockwise effective mid-December. As an alternative, I suggest Bitwarden which is on both iOS and Android.
https://www.zdnet.com/article/mozilla-ends-support-for-firefox-lockwise-password-management-app-strands-ios-users/
Hi Sven,
I see Sticky Password is not included in your list, although it is one of the popular password managers.
Could we get a review on it too?
@Jimmy please scroll down. Someone also raised the issue of Sticky Password a short time ago and I replied outlining why I thought it was not a good password manager.
Have you tested or investigated Abine Blur Password manager? There is a cost/premium but was checking to see what your thoughts were on this product. thanks
Hi Thomas, no, we have not gotten to that one.
Any one know any good 2fa authenticator, wont spy on you itself by the app,? Thanks
Mozilla is working on incorporating their password manager, Lockwise, into Firefox mobile browser that can be utilized with other apps.
https://www.androidpolice.com/2021/09/08/mozilla-wants-to-make-its-password-manager-obsolete-with-firefox-93-beta-apk-download/
Any thoughts on Firefox Lockwise?
It’s pretty good, but I’d still recommend one of the dedicated password managers discussed in the article.
This was a good move on Google’s part since NFC keys tend to be more secure than others who are not.
https://www.bleepingcomputer.com/news/security/google-drops-bluetooth-titan-security-keys-in-favor-of-nfc-versions/
Hi, what do you think about Remembear?
It doesn’t look like Remembear is open source. If not, I would not use it. I suggest Bitwarden as an alternative since it has much of the same features as Remembear but is cheaper. Remembear costs $6US a month while Bitwarden is $10US a year and you can buy more data if you need to.
https://bitwarden.com/
McAfee TrueKey?
Are you asking if it is any good? Please clarify. Otherwise, I do not think it is because McAfee TrueKey is not open source and is strictly browser-based. Not a good idea for a password manager. I suggest Bitwarden instead.
FIDO Keys won’t entirely replace passwords so don’t delete your password manager yet.
https://arstechnica.com/information-technology/2021/07/why-the-password-isnt-dead-quite-yet/
Regarding password managers, how good is, say an Apple computer factory installed password manager? Apple produces very strong passwords. Are there vulnerabilities we should be aware of?
“an Apple computer factory installed password manager”
Do you mean how Apple stores passwords in the keychain? This is actually pretty secure.
What about a review of Sticky Password which is also well known?
Sticky Password looks like it is a good product. I like that it is competitively priced and has a lot of options for its customers. I also like the fact that it comes with zero-knowledge encryption too. My only reluctance to use it would be that it isn’t open source.
Any proprietary software can be changed by the company that made the product without notice to users and there is little a customer can do to prevent it. This as opposed to Bitwarden that is open source, encrypted and comes with a cloud that can sync with other devices. I believe KeyPassXC is similar in this regard.
The people behind this website may be too busy to conduct a review of Sticky Password. But Cloudwards (who is privacy-friendly) posted a review the password manager and you can read it here if you are interested:
https://www.cloudwards.net/sticky-password-review/
At first I got Dashlane and then it was too expensive for me.
After I had passwordbox but it was bought by Intel then replaced by Truekey.
I have Sticky password since february 2017. 1 offer with my vpn. -84% on the premium lifetime.
My regret was that by paying once, I was not going to help the manatees more.
I only use the password manager.
@gular
If you regret the purchase, then you can cut your losses if after reading the information on this website you realized made a mistake. It is up to you but if you like Sticky Password and your VPN, then good for you!
Otherwise, Bitwarden is only $10US a year, is better than most password managers available, and there might be even better VPN’s listed on this website than the one you are using now. Good luck!
Kaspersky. The reason I went to them was they admitted how they got hacked by an Israeli outfit courtesy of POTUS Trump trumpeting their dodginess so that no US govt. dept. used them. Sure enough vulnerabilities were promptly discovered. They set to work. Took a few years and then admitted the intrusion. Which allowed them to up-grade their security protocols. Since then silence from the ‘other’ side. It is a busy market place with many offers which your work is appreciated thereof.
En passant Google Mail has locked me out. They notified me of an attempted password breach when I was offline. So I deleted it but Google wont let me reset it. They -the algo’s- claim these things-entities cannot verify my presence as genuine! Ask me to remember my forgot passord password. Talk about oxymorons. I shall be sending them some paperwork to show their rather curious methods of operating email accounts. Cheers.
LessPass is a free and open source password manager that creates special passwords for things like websites or email accounts based on a master password or information the user might know. While syncing is not needed, LessPass uses PBKDF2 cryptography and SHA-256 encryption but its suggested to use the browser extensions for more security.
https://lesspass.com/
whats wrong with using brave browser to remember passwords?
There are better solutions available, and storing passwords in the browser can put your passwords at risk if there are browser vulnerabilities. It’s better to compartmentalize your security. That said, you can get a good dedicated password app on your desktop, which has an extension for Brave/Chrome.
Unfortunately, since the COVID-19 pandemic, hackers are ramping up phishing efforts to steal people’s passwords. Since technology has developed so rapidly, even wrongdoers have more sophisticated options to steal people’s personal data, including their sign-in information.
https://www.techradar.com/news/huge-rise-in-phishing-domains-since-covid-vaccines-began
There is, however, a promising solution: FIDO Technology. This website gives a more detailed explanation of what is involved:
https://fidoalliance.org/how-fido-works/
While similar to Yubikeys, instead of passwords, users utilize passkeys that will automatically perform 2 step verification when someone uses their computers, certain websites, or mobile devices. Google sells Titan Security keys that were made available for its customers to use to log in to their Google accounts and computerized devices sometime ago and are based on FIDO technology.
I have found two makers of FIDO keys that are open source and independently audited:
1) NitroKey based in Europe (specifically Germany): https://www.nitrokey.com/
2) SoloKeys based in the United States: https://solokeys.com/
Even the most privacy or security conscious among us can fall victim to fishing attacks. FIDO technology reduces that risk and is looking like it will make passwords obsolete.
I have found another open source FIDO key: OnlyKey made by CryptoTrust also based in the United States.
https://onlykey.io/
YubiKeys used to be open source but Yubico went proprietary a short time ago. Also, FIDO keys may not entirely replace passwords and they can be used in unison with security keys.
I found a fascinating password manager that certainly deserves recognition. Master Password is a password manager based on an inventive password-generator formula that guarantees your passwords will not ever be lost. While passwords aren’t stored, they’re generated as needed from your name, the website, and your master password. Syncing, backups, and even internet access are not necessary.
https://masterpassword.app/
Cool, thanks Mike.
You’re welcome, Sven! I am very intrigued by this product and the concept behind it.
KeepassXC can also be used as a 2FA app. This guide teaches you how to do it https://blog.paranoidpenguin.net/2020/05/how-to-back-up-your-2fa-secret-keys-with-keepassxc/
Admin, I also think that you should write a guide about 2FA since more websites are using it these days.
This site does have one.
https://restoreprivacy.com/two-factor-authentication-2fa/
Thanks. I didn’t find that post before.
Would you advise which country each is located? I am worried about all the eyes countries.
Thanks,
Yep, we’ll add more details to this guide with the next update.
Okay, I am a retired engineer so I may be biased, but I really don’t see any problem getting started with KeepassXC. And as Gnung suggested above, the only storage you KNOW is secure is local storage.
It’s all well and good that you have the education and knowledge of an engineer to figure out and use KeypassXC. However, most people do not. I find the same kind of mentality among developers too and it’s very frustrating. It’s almost like they’re saying: “Here is my product, now learn how to use it. If you can’t, too bad.”
For example, in order to use browsers, like UnGoogled Chromium and Librewolf, a user has to go to their source code pages and figure out which links to click in order to download the browser or follow instructions on which code to use in order to build them. If they’re lucky, they can find a video on the topic in order to find out how. Give me a break!
Most people want to do the right thing and use products to help them get control of their privacy and security. However, if you want people to use your products and services make it as simple as possible since the learning curve is what discourages the average user from being able to do so. In short, keep it simple and make it convenient too. Hence my preference for Bitwarden over KeypassXC.
Interesting that your reviews of the majors doesn’t really labour on the fact they use cloud storage for the password manager products. Personally that feature qualifies for instant scratching from my list.
Myki does was Keepass tries to do – no cloud, but makes it mighty simple. No engineering involved.
MyKi looks very comprehensive, however, I wouldn’t use it for one reason: It’s not open source. KeypassXC and Bitwarden are open source but Bitwarden comes with AES-256-bit end-to-end encryption and I believe KeypassXC does too. If someone is going to entrust their passwords and 2FA to an application, the company or people behind it should be transparent in this regard. Unfortunately, MyKi is not.
In my view, KeyPassXC involves way too much of a learning curve. Most users want to do the right thing with their data and take control of it. But if it takes too much detail or time to learn, then people can quickly become discouraged and dump the idea altogether. In short, if your providing a product or service, keep it simple.
This is why I think Bitwarden is the best password manager. Not only is Bitwarden free and open source but also it has a huge advantage: A user can get just about the same features (including encryption) with Bitwarden as they could with LastPass, Keeper, or Dashlane. A yearly Bitwarden subscription is also a fraction of the cost of the aforementioned password managers too.
I also think Firefox Lockwise is also a good choice too, but it is limited to mobile devices. Unfortunately, there isn’t a desktop client for people to use Lockwise if they prefer to keep it separate from their browser. Hopefully, Mozilla will resolve these caveats soon.
I have found another open source FIDO key provider: CryptoTrust that is also based in the U.S..
https://crp.to/
FIDO keys can also be used along side password managers and I would suggest buying more than one in case you lose a key.
Hi, your opinion on MYKI?
Your opinion on Keeper.
Will you Review Firefox LockWise?
This is an awesome site. In regard to password managers, have you tested Roboform?
Hi Chris, not yet.
Thanks!
Love this site! Amazing work and really needed at this time. Just wondering what your thoughts are on LastPass? Thanks!
Hi Jimmy, here’s our LastPass review.