Password managers aren’t difficult to understand, but despite the fact that they’re so simple to use, people still get their accounts hacked. Though they’re an easy tool to get a hold of, you can’t trust any password manager that pops up. The goal of our password manager reviews is to do the dirty work so you can find the best password manager for you.
Though not as obvious as, say, antivirus software, password managers are among the most effective tools for cybersecurity. By allowing you to store long, random and unique passwords for your accounts, password managers not only make the internet easier to use, but safer, as well.
We’re going to go over how we judge password managers for our reviews. Based on that criteria, we’ve also gathered our top five password managers, as well as a short list of frequently asked questions.
How We Rate
Password managers are simple beasts, so it would seem like writing a password manager review would be simple. There are sometimes subtle, annoying issues that build up over time, though, so we take an analytical approach to evaluating password managers. We gauge its performance in five rounds, combining the individual scores from each to reach a verdict.
Most web browsers have a built-in password manager, so it’s important that paid options offer something more than storing your passwords. Extras such as a security checkup or universal password changer are welcome, separating the paid options from the manager on your phone or browser.
Features for the sake of features isn’t a good thing, though. As you can see in our LogMeOnce review, unnecessary additions don’t make a password manager better. In this section, our focus is on features, but specifically on features that enhance the user experience.
Pricing is important when choosing a password manager. Though most options are no more than a few dollars per month, going any higher is difficult to justify. In this section, we look at the price of providers, but also how much value they bring. For example, Dashlane is one of the most expensive password managers, but it has enough features to justify it.
More so than with other services, a free plan is important here, too. Though we understand limiting the free plan in some way, the standard has been set by industry leaders such as LastPass (read our LastPass review). The free plan doesn’t need to be great, but it needs to be present.
Unlike other security tools, such as virtual private networks, password managers are something even technophobes can understand. Because they’re an essential security tool, password managers need to be accessible to everyone, not just those comfortable formatting a spreadsheet.
In this section, we go through the process from sign-up to password entry. We also note quality of life improvements, such as password import and easy filtration. Auto-fill is also important to this section, so we test the password manager on as many form types as we can to see if it’ll break under pressure.
Security is what usually separates the password manager in your browser from a paid option. Though it seems like a simple security tool, there’s a lot that goes on behind the scenes to ensure none of your passwords can be compromised. After all, your vault is literally the key to the world for a hacker.
Here, we look at how your passwords are stored and how the password manager grants you access. It’s important that the password manager has zero knowledge of the master password that unlocks your vault and adheres to the best in encryption. Because there can’t be too much security for your passwords, we also look for multi-factor authentication options.
Though it’s unlikely you’ll need support for a password manager, it’s important to have resources available in case something goes awry. In most cases, those resources can be found in a knowledgebase. We look through the self-help materials to judge how clearly they’re written and how helpful they are for common errors.
Most password managers stop there, so anything that goes beyond a knowledgebase sticks out. For example, Dashlane offers live chat during business hours and around-the-clock email support. Though we suspect the support reps are twiddling their thumbs most of the time, the fact that support is available when you need it shouldn’t be discredited.
The Best Password Managers
Based on the criteria above, we generate an overall rating for a password manager. That rating isn’t generated manually. It’s a result of the scores the provider received in each category. Because we approach our password manager reviews from that perspective, our top five password managers are truly the best.
Dashlane is expensive, but it’s worth it. Though the bells and whistles it comes with seem like the most attractive part, its uncompromising security is what sets it apart from the pack. With strict master password requirements, a zero-knowledge model and top-level encryption, it ensures your vault remains yours.
Though security is the star of the show, Dashlane’s features are nice to have, too. The most recent version includes dark web monitoring and identity theft protection, both of which can keep you more secure online. It also includes a VPN, which, though lackluster compared to our best VPN providers, is a nice inclusion.
You can see the full feature list in our Dashlane review or try it yourself with a free account.
On its face, Sticky Password doesn’t look like it should be anywhere near our top five. The interface is dated and it has an unattractive organizational method. That said, using Sticky Password is a joy. With a straightforward setup, excellent security and clear purpose, it isn’t pretty, but it gets the job done better than its more modern counterparts.
It’s cheap, too. It offers a free plan, which, unfortunately, doesn’t include multi-device sync, but you can purchase a lifetime subscription for only $150. Plus, it donates a portion of your subscription to the Save the Manatee Club, which is fitting considering the manatee is Sticky Password’s mascot.
You can learn more in our Sticky Password review or try it yourself with a free plan.
Keeper has a slick user interface, but usability issues hold it back from being everything it can be. That said, it has upsides. With hardware two-factor authentication, family and business plans, a low price point and support for multiple entry types, it has a lot to offer, but there are a few annoyances during setup.
In particular, its password import system works poorly, if it works at all. It can accept files from multiple platforms, as well as .csv files, but we were unable to get it to work during our testing. Despite that, adding passwords isn’t too backbreaking, and Keeper’s strengths in security and pricing make it a great choice. You can learn more in our Keeper review.
If you’re looking to get a password manager for yourself, any of our other options will suit you better. Zoho Vault isn’t the best password manager for everyone, but it taps into a niche that’s only hinted at with other password managers. It’s a business solution that’s focused on giving IT departments the tools they need to effectively manage passwords across a company.
Zoho Vault’s biggest strength is its ability to create users and assign them roles in the database. There are multiple tiers of users, each with its own set of permissions. Unfortunately, that flexibility is unnecessary for an individual user. Though that normally wouldn’t be an issue, Zoho Vault offers a free personal plan that, oddly, still has many advanced features enabled.
As a business solution, though, it doesn’t get much better than Zoho Vault. You can learn more in our Zoho Vault review.
1Password could rival Dashlane if it wasn’t for its lack of a free plan and few support options. You can see how close they are in our Dashlane vs. 1Password comparison. That said, 1Password only has a few issues, and they’re easily dealt with. It’s an excellent option for usability and features.
One of our favorite features is travel mode, which allows you to wipe your mobile device of any personal data when you travel. 1Password will store everything in your vault and you can restore it with a tap once you arrive at your destination. Travel mode is our favorite feature, but it isn’t the only feature 1Password offers. You can see the full list in our 1Password review.
Password Manager Frequently Asked Questions
Though password managers are simple tools, there are some lingering questions as to what you should use one for. After all, you could just manage your own passwords, so we’re here to help you understand the difference between using a spreadsheet in Microsoft Excel and buying a subscription to one of our best password managers.
What Is a Password Manager?
A password manager is simple. As the name implies, it’s a tool that will help you manage your passwords. That said, it’s not just a tool for those who are absent-minded. Rather, it’s an essential security tool that allows you to tighten the seal on your online accounts.
Password managers allow you to lean in to the fact that it’s difficult to remember passwords. Around 60 percent of people use the same password across their online accounts, which makes sense given how difficult it is to remember multiple passwords, much less which accounts they go with.
That’s horrible for online security, though. By reusing passwords, you’re allowing a hacker who cracks one account to crack them all. For example, a hacker could break into a weak database to steal passwords, then apply those passwords to websites that are much more secure. That’s a workaround that’s enabled by redundant passwords across accounts.
With a password manager, that isn’t a problem. You can use unique passwords across your accounts, meaning your old Yahoo password won’t be a liability for the PayPal account you use today.
Outside of security, password managers help you organize your accounts, bank information and more. Modern password manager can store multiple entry types, so, for example, you can recall insurance information without having to carry your card. Most anything that can be written as text can be stored with a password manager, making it a hub for your personal information.
Most password managers sync across your devices, too. You can add entries on your desktop, sync with your other devices and access your personal information anywhere else. Like using cloud-based accounting software, using a password manager allows you to cut the paper and the risk of carrying personal information by storing it digitally.
Why Are Random Passwords Important?
The most important reason to purchase a password manager is to help your online security. That said, using different passwords across your accounts doesn’t necessarily mean that you’re more secure. The key is not only using unique passwords across your accounts, but also random ones.
Most password managers include a password generator — we have one, too — which will spit out a bundle of letters, numbers and special characters. Though most people have seen what a “strong” password looks like, it’s impossible to remember the random jumble of characters without serious mental training.
That said, random passwords are the single most important aspect of protecting your online accounts. Most online services don’t store your actual password. Rather, they store a hashed version of it. Hashing is basically scrambling whatever password you have. Based on the algorithm, a string of text will have a corresponding series of characters from the hash result.
Unlike encryption, hashing is a one-way street. You can’t decrypt a hashed piece of text. Websites with strong security will hash your password multiple times, using the result from the previous round to hash again.
That said, the hash result is always the same for the string of text entered. For example, “password123” hashed with the MD5 algorithm will always produce “482c811da5d5b4bc6d497ffa98491e38” as the result. Though you can’t input the result to get “password123,” you can use a computer to guess what a result might be.
That usually goes like this: a hacker cracks a server and steals a database of hashed passwords. They then use a computer to generate candidate passwords based on commonly used words, names, etc. Those candidate passwords are then hashed using the algorithm the website uses and cross-referenced with the database.
Once that’s done, the hacker learns that “482c811da5d5b4bc6d497ffa98491e38” means “password123,” and has successfully cracked every user who’s using that as their password.
Using a random password, though, makes the likelihood of that low. It’s difficult for the hacker to generate a random bundle of letters, numbers and special characters as a candidate password, meaning it’s much less likely your password can be brute-force attacked.
That’s why password managers are security tools. If you use weak passwords across your accounts, a password manager can’t help you. That said, password managers enable you to use random, unique passwords, which is what makes them so powerful.
Free vs. Paid Password Managers
There are a lot of free password managers, and we’re not just talking about the choices in our best free password manager guide. Rather, we’re talking about the password managers included with web browsers, phones and tablets. Though a simple way to keep track of your logins, those bundled password managers usually suffer in security.
Outside of doing fewer rounds of hashing, bundled password managers don’t have many of the conveniences of paid options. Take Google Smart Lock for example. Though it’s easy to setup if you’re using Chrome, it has a lot of drawbacks. Most notably, it doesn’t have a real interface to organize your passwords and it isn’t optimized for other platforms.
If you use Chrome exclusively, it’s fine, but that’s not the case for most people. For example, LastPass offers application auto-fill on its paid plan, allowing you to use its excellent form recognition capabilities on your desktop.
Plus, you can store multiple entry types in other password managers. Google Smart Lock will store passwords that you’ve entered in Chrome but nothing else. One of the draws of a password manager is that it can store other personal information outside of logins.
Then, there’s the authentication issue. As mentioned, any decent password manager has zero knowledge of your master password (authentication method). Because it never stores that master password, a hacker can’t feasibly breach a password manager’s servers and access your vault. Only you know your master password.
When using Google Smart Lock, you just need to log in to your Chrome profile, which is associated with a Gmail account. Google stores the password for your Chrome profile, which means a hacker could breach Google’s servers and unlock the passwords you have stored.
Breaching online accounts never seems like it’s a big deal until it happens to you. While free options seem attractive, you’ll wish you spent the few dollars for extra security if your accounts are hacked. Password managers are among the cheapest ways to protect yourself online, and a few bucks a month is worth it for the upsides they offer.
Can I Use a Password Manager on My Phone?
Until recently, password managers were exclusively an Android option. Though you could install an app on iOS devices, conveniences such as auto-fill weren’t supported (go figure, Apple would maintain a closed system). That said, with the update to iOS 12, Apple devices can now harness a password manager.
You can read our best password manager for iOS guide to see which options we think are the best, but the good news is that you can use a password manager on most mobile devices. Outside of Windows phones, password managers such as Dashlane and 1Password have apps on almost every device, with the ability to sync passwords between them.
How Do I Use a Password Manager?
Using a password manager is simple. Dashlane is a solid baseline, so we’ll walk you through how it works. After signing up for an account, you’ll be asked to download an application. The application will usually walk you through the setup process and direct you to import your passwords.
It’s a good idea to check Chrome or Firefox to see if you have any passwords stored. Oftentimes, your browser will store passwords without you noticing, so it’s a good idea to transfer those accounts to your password manager.
After importing, you can add any information you want by creating or editing an entry. Every provider has a different process for adding entries, which is something we always cover in our password manager reviews. If you have questions about a certain provider, make sure to read our review on it above.
Finally, you’re off to the races. As you create new accounts or log in to ones that you haven’t stored, the password manager will prompt you to save that information. That usually requires a browser extension, so if the password manager you choose has one, make sure to install it.
Everything else is automated. Your accounts should automatically sync across your devices, and the password manager should offer auto-fill when it’s available. The only setup is adding your passwords, which isn’t too hard considering how helpful a password manager can be.
Password managers are an essential security tool, and, thankfully, they’re not difficult to acquire. Though there are still remnants of an outdated form of password management, most of the providers above incorporate modern conveniences, making it easier than ever to store your passwords online.
If you have questions or thoughts about a particular provider, we invite you to read the corresponding review above and leave a comment. If you’ve had experience with a certain provider, we invite you to share it in the comments, too.