What are password managers, do I need one and which is best?
- Dashlane Best overall password manager. A safe choice if you want an easy to use password manager. Decent free option and Premium option has some nice extras such as automatic data backups and syncs to all devices.
- StickyPassword Good all-round password manager, very easy to use, secure and syncs across devices. Highly recommended
- LastPass A decent free service and for just $1 per month the Premium is great value and well worth the money.
- NordPass If you are looking for a low cost, easy-to-use password manager NordPass is a good option. Paid and free options available.
- RememBear A good alternative to free tools, but limited without the paid version
- KeePass A great, free, secure password manager but tougher to use than most and not for the non-technical.
- 1Password A paid-only password manager, targeted at businesses, teams, and families.
We chose these password managers based on the following criteria:
- Security and privacy
- Additional features
- Customer support
- Device compatibility
Best password managers of 2020
Here’s a more detailed breakdown of our favorite password managers:
Jul 2020 Dashlane is a feature-rich password manager with an easy-to-use interface. Both free and paid versions are available. The free version is limited to 50 passwords and lets you share up to five of them. The paid version adds password syncing, unlimited devices, and unlimited passwords. Two-factor authentication can be set up to further secure your account. You can add an emergency contact and set up personalize security alerts. It works across a wide range of devices including Windows, MacOS, iOS, Android, and browsers including Chrome, Safari, Firefox, and Edge. Everything can be managed from a security dashboard.
- Supports two-factor authentication
- Sync passwords across devices
- Securely share passwords
- Easy to set up and use
- Email support is a little slow
Read our full Dashlane review.
Sticky Password is a very secure password manager that lets you sync passwords across multiple devices. Additional features let you create encrypted memos and bookmark web pages from multiple browsers in one place.
Passwords can be imported from your browser or other password managers. A built-in password generator lets you specify password length and the type of characters to include or exclude in new passwords.
It can be used with Chrome, Firefox, Safari, Edge, Thunderbird, iOS, and Android. It works with biometric authentication on supported platforms, such as fingerprint scanners.
- Easy setup
- Syncs across devices
- Strong security
- Works with biometric authentication
- Importing data from other password managers could be easier
- Sync, password sharing, and cloud backup require paid version
Read our full Sticky Password review.
LastPass is a budget-minded password manager with a free version and a low-cost paid version. The master password is stored locally so that the company never keeps it on its servers. You can set up two-step verification to ensure that only you can get into your account. Verification methods include LastPass’s own authenticator app, Google Authenticator, and YubiKey, among several others. The apps can be customized to your liking. You can disallow logins from the Tor network, for example, or set other devices running LastPass to log off when you log into a new device. The premium version adds additional password sharing features, advanced multi-factor authentication options, and 1 GB of encrypted file storage.
- Generous free version
- Password sharing
- Multi-factor authentication
- Inexpensive paid version
- Lots of customization
- Lackluster design
Read our full LastPass review.
NordPass is a password manager from the same company that makes NordVPN, one of the best VPN services on the market. It comes with an online form filler and built-in password generator. You can also store encrypted notes and credit card information. The free version only allows one active device. The paid version ups that to six active devices and adds secure item sharing and trusted contacts for password sharing. Apps are available for Windows, Linux, Android, iOS and MacOS, with browser extensions Chrome, Firefox, Opera, and Edge.
- Free, with a low-cost paid version
- Supports lots of devices and browsers
- Strong security
- Light on features
RememBear is made by the same company as TunnelBear VPN, and carries much of the same quirky branding. It’s easy to set up and use and offers many advantages over Apple Keychain and browser-based password managers that come with Google and Firefox. You can import pre-existing passwords from those browsers as well as competing password managers. A locking features lets you quickly lock down the app to prevent other users on the same device from logging in with your RememBear account. Desktop devices will use the RememBear browser plugin for Firefox, Chrome and Safari. Mobile devices use the standalone iOS and Android apps. If you pay for the premium version, passwords can be synced across devices.
- Easy setup
- Quick locking feature
- Lets you import passwords from a browser or other password manager
- Light on features
- Sync only available for paid accounts
KeePass is a completely free and open source password manager. It’s not for the non-technical, though, and will require a bit more setup than others in this list. For example, you’ll need additional plugins to set up browser integration. The official version is only available for Windows, though there are unofficial ports available for Android, iOS, MacOS, Linux, and Chromebooks that the official website directly links to.
- Open source
- Strong security
- Requires some tech savvy to use
- Official version is Windows-only
1Password is a paid-only password manager targeted at businesses, teams, and families. It supports multi-factor authentication, admin controls to view and manage permissions, and unlimited password storage. You can set up guest accounts to share passwords with others. It comes with an automatic form filler. Passwords are synced across devices. The Watchtower feature keeps track of data breaches and alerts you when your password might have been compromised, as well as which sites are missing two-factor authentication and HTTPS. Apps are available for MacOS, iOS, Windows, Android, Linux, and Chrome.
- Multi-factor authentication
- Password sharing
- Automatic form filler
- Watchtower monitors for compromised passwords
- No free version
Read our full 1Password review.
Why use a password manager?
The average internet user has dozens or even hundreds of online accounts. To maximize security, all of the passwords for those accounts should be unique. Why? Because if cybercriminals manage to steal a password for one account, they’ll try to use the same password on many other accounts. They know that most people—two out of three, according to one study—reuse passwords across multiple accounts. This attack is called credential stuffing. It’s usually an automated attack that allows hackers to make hundreds or even thousands of login attempts in a very short period of time. Unique passwords for every account prevent credential stuffing, but memorizing 100 different passwords isn’t feasible for most of us. That’s where password managers come in. Because a password manager will only enter a password on the same website or app where that password was created, it offers a second form of security: it prevents you from entering your password on phishing sites. If you click a link to a fake website that’s trying to steal your password, the password manager won’t recognize it, and therefore you won’t be prompted to enter your master password.
How do password managers work?
Most password managers do three main things:
- Generate new passwords
- Store passwords safely
- Input passwords automatically
Password generation simply creates strong passwords of at least 12 characters with a combination of numbers, upper- and lower-case letters, and symbols. We have a password generator of our own on Comparitech. Once you’ve added an existing password or generated a new one, the password manager stores it. It uses your master password as a key to encrypt all of the other passwords so they can’t be deciphered if anyone manages to steal them. They can only be decrypted when you enter the master password. Passwords are stored in a database alongside the websites and apps where they are used to log in. When you arrive at a login page, the password manager will recognize it and prompt you to enter the master password. After doing so, it fetches the correct password for the app or website and fills it in for you.
How do I use a password manager?
Once you’ve signed up and downloaded a password manager app, you’ll probably start by entering your existing passwords into it. Password manager apps can either be browser extensions for web browsers like Chrome and Firefox, or native apps that run directly on Windows, MacOS, iOS, and Android. After the initial setup, most of them simply run in the background and only appear when you arrive at a login page. It’s usually possible to fetch passwords on demand as well so you can simply copy and paste them as needed.
How do I choose a password manager?
There are plenty of options out there, so which password manager should you choose? First of all, be sure to stick to reputable brands with a strong track record for security and privacy. All of the password managers we recommend meet our standards in this regard. Beyond that, it comes down to price, features, and compatibility.
Price: should I pay for a password manager? How much does a password manager cost?
Many password managers are free or at least have free versions. These are fine but might not have the full set of features offered by paid password managers. These days, password managers are often bundled with other security software such as antivirus and VPNs. NordPass, for example, is bundled with the NordVPN service at no extra cost. Paid password managers offer additional features that often cater to power users and businesses.
Many password managers come with additional features, many of which are limited to paid users. These might include:
- Password sharing with other users such as your family members or colleagues
- Syncing passwords between devices
- Live customer support
- Setting an emergency contact who can use your passwords if you are incapacitated
- Password strength auditing
- Web form autofill
- Duplicate password removal
- Two-step verification/two-factor authentication
- Bulk password adding
You may also want to consider the app design and user experience. Some password managers cater to complete novices while others are focused on more tech-savvy users.
Make sure the password manager you choose works with all of your devices and web browsers. There’s no point in signing up for a password manager that doesn’t work on your device.
But my browser already saves my passwords!
True, many web browsers like Chrome can safely store passwords and autofill them when you get to a login page. But the passwords stored by web browsers are only useful inside of that web browser and won’t work for other apps. Secondly, if you ever clear your web browser’s cache of data, which we all need to do from time to time, saved passwords can be wiped with no means of recovery. A password manager can be used with more apps and stores passwords safely until you say otherwise. Plus they usually come with a slew of other features as discussed above.
Are password managers safe?
While no software can ever guarantee 100 percent security at all times, password managers are, broadly speaking, quite safe. We recommend using a password manager that uses strong encryption and doesn’t store your master password on its servers. That way, if the company that makes the password manager is ever hacked, your passwords remain safe. All of the password managers we recommend meet these standards. Compared to reusing the same passwords across multiple accounts or writing them down in plain text somewhere, passwords are a huge improvement to privacy and security.