how we test password managers

There are many password managers on the market to choose from. These products can appear similar in many ways, so it can be hard for consumers to know which provider to go with. We describe the methodology we use to test the most popular password managers.

The password manager market can feel complicated to navigate, especially if you’ve never purchased or used a password manager before. To assist you in making the right decision with your purchase, Comparitech password manager reviewers create thorough, up-to-date,  and insightful reviews of the most popular password managers on the market.

We base our reviews on first-hand experience and a range of tests, ensuring that you have useful information at your disposal, rather than just generic, marketing-based content. We don’t just regurgitate what other platforms are saying. Rather, we collect data and examine the trustworthiness, features, and overall effectiveness of each password manager we analyze.

We explore password managers from the point of view of the consumer, someone who:

  • Values their security
  • Wants to ensure they are using only super-strong passwords
  • Prioritizes functionality
  • Doesn’t want to waste time entering their password for every site requiring a login
  • Expects to be able to use a password manager without breaking the bank
  • Is looking for a variety and abundance of useful features
  • Values good customer service and support
  • Wants a password manager for their household or business

In this guide, we’ll describe how Comparitech password manager reviewers evaluate each of these aspects:

Security

Security means that your passwords should be free from unauthorized access. Any high-quality password manager should ensure that malicious hackers cannot find out your passwords and then use them to gain your personal information. A password manager can maintain security in a variety of ways, which we will now outline.

Encryption

First, we take a look at what sort of encryption algorithm the password manager uses to encrypt and decrypt your data. We want to make sure that the provider is using an uncrackable type of encryption algorithm that will prevent even the best hackers from accessing your information. Two types of encryption that we are looking for include:

  • AES-256 encryption: this type of encryption algorithm is virtually uncrackable. No amount of computing power can effectively deliver a brute-force attack that would crack a password protected by this kind of encryption. The US government uses AES-256 encryption to protect classified documents, so if a password manager uses this too, you can feel assured that your passwords will be safe.
  • XChaCha20 encryption: some of the biggest tech corporations, such as Google and Cloudflare, use this alternative to AES-256. This service is built on zero-knowledge architecture, which means that no one at the password manager company can see your passwords (including your master password), credit card information, or encrypted notes. So, even if a hacker breached the company’s systems, your information would be safe. The benefits of XChaCha20 over AES-256 include faster speeds, less susceptibility to human and technical errors, and no requirements for hardware support.
Illustration of zero-knowledge architecture.
Illustration of zero-knowledge architecture, from NordPass

Two-factor authentication

Two-factor authentication (2FA) adds an extra layer of security to your password manager account. With 2FA in place, whenever you log in to your password manager account, you will then need to take an extra step of verification. This involves using a one-time passcode (OTP) sent to you by text or generated by an authentication app.

We check if a password manager has these features (not all do) as having it helps to enhance overall security. 2FA means that your account is protected even if a hacker gains your master password. Without being able to complete the second verification step, they will be locked out.

Two-factor authentication.
Example of 2FA

Biometric authentication

Biometric authentication is another way to add an extra layer of security to your password manager account. Biometric authentication refers to security processes that verify your identity through unique biological traits, such as your retina, iris, voice, face, or fingerprint.

In our reviews, we see if the password manager includes biometric authentication as this can be a great additional feature for boosting security and convenience.

The NordPass mobile app settings.
NordPass’ biometric authentication option

Secure sharing

Another essential feature we look for in any decent password manager is the ability to share passwords and notes securely. Often, it’s necessary to let others know what your password is, but to do this you need this information to be strongly encrypted.

Strong passwords

Next, we pay close attention to a password manager’s ability to provide you with super-strong passwords. It’s important to only ever use strong passwords. Using a weak password makes it easier for a hacker to guess it, which can compromise your private information. To check if a password manager can provide you with strong passwords, we look for essential features such as:

  • Password generator: this will generate strong passwords for you, and sometimes create them based on setting preferences (e.g. length, and include special characters, numbers, capitalized letters, etc.)
  • Password strength checker: this analyzes your passwords to see how strong they are. If they are not super-strong, you can then follow recommendations to improve their strength or use the in-built password generator.
Generating a password.
Dashlane’s password generator

Functionality

One of the main aspects of a password manager that we test for is functionality. We want to be able to fully answer your question: how easy is this to use? We assess how easy it is to use password managers by going through the following steps:

  • Setting up an account
  • Creating a master password
  • Watching/reading instructional content
  • Encrypting files
  • Sharing files
  • Adding browser extensions
  • Installing mobile apps
  • Adding passwords (either through a browser extension or manually)
  • Importing and exporting passwords
  • Generating passwords
  • Checking password strength
  • Auto filling passwords
  • Configuring 2FA and/or biometric authentication
  • Using additional features

We test the functionality of the password manager through their various apps as well, as sometimes there can be noticeable differences between desktop and mobile versions of the app. When testing ease-of-use, we underscore aspects like:

  • How intuitive the platform is to use, on both desktop and mobile
  • Whether there are any glitches in the system or slowness when using the password manager
  • How easy it is to access your passwords
  • How many browsers and operating systems the password manager is compatible with
  • How simple it is to import passwords from other management systems
1Password interface
1Password’s interface

Autosave and autofill

You probably know how tedious it can be to have to use a unique, long, and complicated password for every site you need to sign into. Trying to remember all your passwords or retrieve them from somewhere (e.g. written down in a notepad or stored electronically) can take up a fair bit of time and can compromise your security.

Password managers can help you save on this time through its autosave and autofill functions. These functions mean that new logins will be automatically saved and your passwords will be automatically filled for login, payment, and other forms.

In our battery of tests, we highlight whether a password manager includes these time-saving features and what it is like to use them. We also let you know if there are any necessary steps (e.g. installing a browser extension) that you need to take to use these functions.

lastpass autofill
LastPass’ autofill option

Pricing

As a consumer, one of the most important aspects of a password manager will be its pricing. We’ve got this covered. In our reviews, we provide the most accurate and comprehensive information about free plans and all the available pricing tiers. There are several essential questions we ask when rating password managers based on pricing structure and transparency:

  • Does this provider have a first-year discount?
  • If there is a first-year discount, does the provider clearly state its price increase after the first year?
  • How many devices can you use with each license?
  • How many licensing options does the password manager offer?
  • Are there any limited-time offers at the time of writing?
  • What does the free version include?
  • Does the free version include premium features for a limited time?
  • Is there a money-back guarantee?

We ask all of these questions when researching licensing options and transparency because they matter to consumers. For example, some password manager providers offer new customers a first-year discount, but not all clarify that the price will increase after the first year, or they don’t clearly show the renewal price.

It’s also worth noting that password managers don’t exist in a bubble. Whenever we give ratings for pricing structure and transparency, we take into account how a particular provider compares with others, as well as how these differences in price are reflected in the services’ performance. For instance, if a password manager has a high price tag yet doesn’t perform well, then this could substantially impact its potential score.

Examples of payment structures and transparency:

Providers in this market usually utilize one of two pricing methods:

  • Annual – You buy a license to use the software for 12 months and you are billed on an annual basis. Sometimes you can use the password manager for longer as some providers offer 2 or 3 years to a license. There will be an option for you to automatically or manually renew your license when it’s up.
  • Monthly – This plan enables you to use the password manager on a month-to-month basis, similar to a streaming service subscription model (like Netflix)

When you get the annual plan rather than the monthly one, you will get a discount. As part of our methodology in carrying out our reviews, we underline what these discounts are at the time of writing. There may also be discounts for multi-year licenses or multi-device packages, so we will draw attention to these potentials for savings as well.

Normally, a yearly or multi-year plan is worthwhile if you like the service of a particular password manager, as this can offer you substantial savings. In our reviews, we analyze whether this increased affordability makes choosing one password manager preferable to another.

In our methodology for testing, whenever we look at a company’s pricing structure, there are four things we think are positive:

  1. The password manager identifies the number of devices covered, showing how many devices you can use with each licensing plan
  2. Being able to clearly see the cost of the annual license. Usually, if you see two prices, with the top one marked with a strikethrough and one beneath it, without the strikethrough. The bottom one is the first-year discount. When the year is up, you’ll then pay whatever the crossed-out price is
  3. The company highlights the discounted price for the first year
  4. Different licensing types are shown together and you can see how switching between them affects the price
Dashlane pricing
Example of pricing tiers from Dashlane

Additional features

Our research methodology also leads us to consider additional features that come with a password manager. Often, these extra features help to better protect your security, as well as improve usability, and we aim to point out how tiered packages differ in the features they offer. Examples of these useful additional features include:

  • VPN (while not essential to using a password manager, it can still help you browse the internet more privately)
  • Data backups
  • Account recovery backup kit
  • Dark web monitoring and alerts
  • Passwords stored in the cloud
  • Option to add an emergency contact
  • Offline access

The free versions tend to have quite limited features, missing things like the ability to sync or use multiple devices. We analyze the various paid versions of password managers so you know which one will precisely match your needs.

In our testing methodology, we don’t place a heavy emphasis on additional or advanced features, but we do certainly take them into account when we review password managers.

The main priority in our research is to see whether a provider offers essential features. If they lock these crucial features behind a higher-priced paywall, then we consider this a reason to lower our score for the provider. For example, some free versions of a password manager don’t let you sync your password login information between different devices. We would consider that a poor policy.

We also rate providers highly that allow you to connect many devices at a time under a single plan, especially if this is offered in the free version. Some password managers also let you use an unlimited number of devices, which would, of course, help to raise the score of that provider even more.

We would consider the option to use multiple devices a fairly essential feature, given that most consumers will need to log in to websites on more than one device. However, having the option to use an unlimited number of devices, while welcome, is rarely necessary.

remembear pricing
Some of the additional features offered by RememBear

Customer support

A password manager, like any other piece of software that you can buy, may require support from the provider. You may need help with the following issues:

  • Knowing the ins and outs of how to use the password manager
  • Experiencing glitches or technical errors
  • Being locked out of your account
  • Questions about the details of a free or paid plan

To figure out how good a provider’s customer support is, we will put them to the test. We note down results such as:

  • Time to respond
  • Office hours availability
  • Subjective judgments about knowledge and helpfulness

We tend to prefer password managers that use both live chat systems and ticket submissions systems as the former is quick while the latter has the advantage of being more private. In our research, we also make sure to note billing practices. For example, in our reviews, we disapprove of schemes like default auto-renewal and complicated cancellation processes.

In addition, we prefer password managers that offer money-back guarantees if a customer isn’t happy with their service.

Multiple people need to use the password manager

Whether you live in a family household, a houseshare, or own a business, you may need to use a password manager for multiple people. For this reason, when we conduct research into any password manager, we check if they offer family and/or business plans. Having one of these plans in place will allow multiple people to securely use the same login passwords, as well as share notes.

We make sure to highlight important details of these plans such as limits on the number of people who can use the account and how cost-effective it is to opt for a family/business plan over an individual premium plan.

If you are looking to buy a license for a password manager, we recommend checking out our reviews of the best password managers on the market, including: