Humans are terrible at passwords. Simply put, we suck at creating them, we can never remember them, and we share them way too freely. Indeed, the very thing that can ensure our online security has become our biggest obstacle to it. And if you think you have good reasons not to use a password manager, here is why you’re wrong.
The best password managers relieve you of the burden of two of these problems—having to create and then memorize unique, complex logins on your own. Sharing your passwords is on you. Plus, these applications protect your passwords by encrypting your login info in a virtual vault—either locally or in the cloud—only allowing access with a single master password. So, if you’re looking to step up your security game, a password manager is one of the best ways to do it. And sure, web browsers are starting to offer password management features, but they’re not yet good enough.
PROMOTION
RoboForm Premium: Just $0.99/Month!
Secure your passwords with RoboForm Premium—now only $0.99/month, a massive 60% off! Exclusive to PCWorld readers. Offer ends soon. Grab it today!
All of our top picks for password mangers support a variety of operating systems such as Windows, Mac OS, Android, and iOS, as well as the major browsers. And all will let you sync your data across multiple devices, though you may have to pay extra for that privilege. Once you’ve found the right password manager for your needs, head over to our guide on mastering your password manager to make sure you’re getting the most from your software.
Update June 14, 2024: Invested deeply in Apple’s ecosystem? Its password management is about to get a major upgrade, as per a recent announcement at WWDC. You can read more about the Passwords app on our sister site, Macworld.
Dashlane – Best password manager overall
Pros
- Analyzes and rates the strength of your passwords
- Supports auto-filling web forms with personal profiles
- VPN and Dark Web scanning available with paid plan
Cons
- Expensive premium tiers
- Free plan limited to one device
Dashlane has always been a close contender with LastPass, so after the latter’s big data breach, it’s great to know that users still have Dashlane. A full-service password manager, Dashlane offers easy access to your logins, secure notes, payment data, and other information, all through its elegantly designed web portal or via one of its browser extensions for Firefox, Chrome, Edge, Opera, or Safari. Most importantly, its password game is strong, making it easy to generate and store complex, unique passwords and safely keep sensitive payment and personal data at your fingertips. With autofill deployed, Dashlane doesn’t just ensure you use best password practices, but that doing so is practically effortless.
Dashlane is free for a single device, but if you want syncing across multiple devices you’ll need a paid plan: The Advanced plan costs $33 annually or $2.75 per month, and adds dark web monitoring, to alert you whether your personal data is being used nefariously. The Premium account subscription costs $59.88 per year or $4.99 per month and includes all the features of the previous tiers and adds a VPN. The Friends and Family plan extends Premium plans to up to 10 accounts for $89.88 per year or $7.49 per month. These prices are a little higher than some of the competitors (indeed, that was one of LastPass’s small advantages), but Dashlane offers a premium product and has provided a reliable service for years.
Keeper – Most security-minded
Pros
- Exceptionally strong security
- Seamless exprience across platforms
- Easy-to-use web interface
Cons
- Users may find some security features inconvenient
- Free version more limited than competitors’
It’s a consumer’s market when it comes to password managers. While we have our clear favorite above, Keeper is a very strong contender in its own right. It emphasizes security more so than many other password managers. For instance, it eschews an automatic password update feature as even this process would require temporary access to your credentials.
While Keeper’s security-above-all-else mindset makes it one of the best, in the past it has come at the expense of things some consumers prize such as ease-of-use and aesthetics. To its credit, Keeper seems to recognize this and has taken strides to continuously update its interface to be more modern and user-friendly. While security-minded users stand to get the most out of Keeper’s robust features set, even the everyday user will be safer for using it.
LogMeOnce – Best for alternate login methods
Pros
- No need to remember a complex master password
- Robust security features
- Easy-to-use web interface
Cons
- Paid plans required to share more than a few passwords and files
- Number of features can be overhwelming
While most password managers require a master password to access your password vault, LogMeOnce relieves you of having to remember even that. It uniquely offers the option of a PIN, biometric, or photo login to access your vault. This feature gives LogMeOnce a unique edge over other password managers.
Other than this distinctive feature, LogMeOnce operates similarly to its peers. It allows you to store and sync passwords and credit cards across your devices with end-to-end encryption. It also includes other features such as dark-web and cyberthreat monitoring, but these will come at a bit of an additional cost. Its unique features make LogMeOnce one of the most convenient password managers we’ve tested.
Bitwarden – Best free password manager
Pros
- Free plan offers unlimited vault entries and device syncing
- Paid plan is 70% cheaper (or more!) than rival services
- Supports two-factor authentication
- Send feature allows you to securely share notes and files with others
Cons
- Has occasional trouble capturing and filling credentials on websites
- Requires more manual setup than many paid password managers
Bitwarden continues to offer a generous free plan that makes it a great option for users on a budget. It doesn’t charge you a penny to save unlimited vault items or sync your vault across all of your devices. This is a refreshing change from other password managers that place heavy restrictions on free users.
While it may lack some of the advanced features offered by the paid services and its no-frills interface isn’t the most user friendly, you can’t argue against Bitwarden’s price—it allows you to upgrade your security for free after all. It also offers an ultra-affordable paid tier with more advance features, but its free tier includes so much that you might not need anything else.
Free password managers come in all sorts of different flavors. Check out our roundup of best free password managers for more information.
KeePass – Best password manager for total control
Pros
- Free to use
- Highly customizable
- Provides full user control of data
Cons
- Requires a higher degree of technical proficiency than modern password managers
- Dated interface
- Core program lacks auto capture and replay and other basic password management features
KeePass is the password manager for those who like to control and tweak everything. It’s an open-source program, and lacks the sort of polished, comprehensive UI other password managers offer, and thus may put off the average user. But tech-savvy tinkerers will love all of the customizable settings. It is functionally a very solid program on its own, but to truly realize its potential you will need to have some technical proficiency to take advantage of add-ons. Another big plus for the security-minded, is that KeePass doesn’t store your data on the cloud. Everything is stored locally, so you don’t have to worry about the security protocols of an online service (ahem, LastPass) to keep your personal data safe. A savvy user will make the file accessible to other devices by using a private cloud account. If you relish the idea of a highly customized, DIY password manager that is free and unconstrained by a third-party’s policies and practices this is the product for you—and if you end up finding it too overwhelming, a simpler alternative like KeePassXC may fit the bill just as nicely.
IronVest – Best for masking
Pros
- Manages login credentials
- Hides email addresses and credit card numbers
- Blocks trackers
Cons
- Requires paid subscription to unlock advanced features
- Some features still in beta
While most password managers focus solely on passwords, IronVest sets out to not only safely store your passwords, but make your entire online experience more secure. IronVest offers an intuitive and straightforward way to keep your passwords, identity, credit cards, email addresses, and other sensitive information protected while shopping online. Still a relatively new company, IronVest impressed with its ability to obfuscate personally identifiable information and block trackers in addition to just being solid password management software. It does this by masking your information when shopping. When you enter your email address, credit card, or other information on a site, IronVest creates and submits a masked version to the vendor so that they never see your actual information. It’s a neat feature that helps IronVest stand out from the competition.
Some features of the service are still in beta, so you can expect minor tweaks and changes before the full release. Even though the application is still in its infancy, the feature set is solid and trustworthy. Besides, it’s currently free to test out, so it costs nothing to give this unique and innovative service a try.
What to look for in a password manager
At their most basic, password managers capture your username and password—usually via a browser plugin—when you log in to a website, and then automatically fill in your credentials when you return to that site. They store all your passwords in an encrypted database, often referred to as a “vault,” which you protect with a single master password.
Of course, most password managers do much more than this and many extend protection beyond your login credentials to other types of personal data. We narrowed it down to a few essential features that we looked for and you should too:
Password generation
You’ve been reminded ad nauseam that the strongest passwords are long, random strings of characters, and that you should use a different one for each site you access. That’s a tall order. This is what makes password generation—the ability to create complex passwords out of letters, numbers, and special characters—an indispensable feature of any good password manager. The best password managers will also be able to analyze your existing passwords for weaknesses and upgrade them with a click.
Autofill and auto-login
Most password managers can autofill your login credentials whenever you visit a site and even log you in automatically. Thus, the master password is the only one you ever have to enter. This is controversial, though, as browser autofill has long been a security concern, so the best managers will also let you toggle off this feature if you feel the risk outweighs the convenience.
Secure sharing
Sometimes you need to share a password with a family member or coworker. A password manager should let you do so without compromising your security.
Two-factor authentication
To an enterprising cybercriminal, your password manager’s master password is as hackable as any other password. Increasingly, password managers support multi-factor authentication—using a second method such as a PIN, a fingerprint, or another “trusted device” for additional verification—to mitigate this risk. Choose one that does.
Protection for other personal data
Because of how frequently we use them online, credit card and bank account numbers, our addresses, and other personal data can be securely stored in many password managers and available to autofill into web forms when we’re shopping or registering an account.
No online security measure is 100 percent foolproof, but most security experts agree that password managers are still the safest way for people to manage their myriad logins, and we agree that the benefits far outweigh the risks. Just choose your password manager carefully after researching all the options starting with this guide.
Editor’s note: Because online services are often iterative, gaining new features and performance improvements over time, our reviews are subject to change in order to accurately reflect the current state of the services.
FAQ
Are password managers safe?
While nothing can be said to be 100 percent safe and secure, password managers do a great job of providing enhanced security features that you wouldn’t otherwise have. Generally speaking, password managers encrypt all of the data you store with them. While cybercriminals might be able to somehow hack the password manager, it is highly unlikely they will be able to decrypt your data to see the contents.
Nevertheless, much of the security of your password manager comes down to the strength of your one master password. If you are concerned about the safety of this one password, then it would be worth it to choose a password manager that stores your master password on a different server from the rest of your encrypted passwords—adding an additional layer of security.
Is it worth paying for a password manager?
This will come down to what features you need in a password manager. Free services typically are limited to one device on which to save and sync your passwords. They will generate strong passwords for use, offer basic compromised-password alerts, and will store saved credit card and address information.
Premium password managers, which you have to pay to use, offer all of the same features as their free counterparts, but also allow you to sync and store passwords and data across multiple devices—or even between family members. They also have additional special features such as dark web scanning and emergency contact access, among others.
If you only have one device and don’t need any of the fancy additional features, then there really isn’t a need to pay for a premium service. However, premium password managers are only a few dollars per month so they won’t break the bank if you ever decide to switch.
What if the password manager gets hacked?
If you suspect that you have been hacked, it is important to first figure out if it’s just you or if your password manager’s database has been compromised. Reputable password managers should put out some form of public release if they have been hacked. You can figure this out with a simple Google search. If they are not claiming to have been hacked, then it may be that your own data has been compromised some other way.
If it turns out your password manager’s database has been hacked, it’s up to you whether to continue with that service. Thankfully, all your passwords will be encrypted so hackers won’t be able to see the contents even after they have been stolen.
Is using one master password for your password manager really safe?
It can seem a little disconcerting to entrust the security of all your passwords to one master password on a password manager. It’s true that the strength and safety of your master password can determine the security of your password manager itself. Therefore it is ideal to create a very strong master password.
The good news is that password managers typically store your master password and your other encrypted passwords and data on separate servers. This isn’t foolproof, but it does add an additional layer of security.
What are passkeys? Do I need a password manager if I use passkeys?
Passkeys are a new form of account authentication. It’s a system that uses a set of encrypted keys, with a private one that you keep and a public one given to a website. To log in, you have to approve the attempt to see if the keys pair. Major tech companies like Google, Apple, and Microsoft are pushing to see passkeys widely adopted across the web, as they’re simpler and more secure than passwords.
While most mentions of passkeys talk about storing them on a smartphone, you can store them in other ways, too, like on a hardware key or (as you might have guessed) a password manager. Multiple password managers have added support for passkeys, with Dashlane, NordPass, and 1Password just a few of the services that can now store them. And while passkeys seem to be the future of online security, passwords likely will stick around for a while. Using a service to keep track of both kinds of authentication will be very useful.