Last Updated on9 min read
Password managers are the vegetables of the internet. We know they’re good for us, but most of us are happier snacking on the password equivalent of junk food. For seven years running that’s been “123456”, “password”, “qwerty”, and “*your full name*” — the two most commonly used passwords on the web.
The problem is, most of us don’t know what makes a good password and aren’t able to remember hundreds of them anyway.
If you can memorize strong passwords for every website you visit and every app you use, by all means do it. Assuming you’re using secure passwords—which is, first and foremost, shorthand for long passwords—this is the most secure, if slightly insane, way to store passwords. It might work for Memory Grandmaster Ed Cooke, but most of us are not ready for such fantastic feats. We need to offload that work to password managers, which offer secure vaults that can stand in for our faulty, overworked memories.
A password manager offers convenience and, more importantly, helps you create better passwords, which makes your online existence less vulnerable to password-based attacks.
Updated September 2019: We added a few new services to the list, including Bitwarden, Remembear, and Myki. We also added a section to help you keep calm and carry on should your password manager turn out to have a security flaw.
(Note: When you buy something using the retail links in our stories, we may earn a small affiliate commission. Read more about how this works.)
Most web browsers offer at least a rudimentary password manager. (This is where your passwords are stored when Chrome or Firefox ask if you’d like to save a password.) This is better than reusing the same password everywhere, but browser-based password managers are limited.
The reason security experts recommend you use a dedicated password manager comes down to focus. Web browsers have other priorities that haven’t left much time for improving their password manager. For instance, most of them won’t generate strong passwords for you, leaving you right back at “123456.” Dedicated password managers have a singular goal and have been adding helpful features for years now. Ideally, this leads to better security.
Best Password Manager
LastPass is a fantastic password manager, and it’s free so long as you don’t mind getting by without the full suite of premium features.
It then helps you to delete information from your computer to keep it secure, prompting you to do little more than remember your super-secure master password.
Other free LastPass features include two-factor authentication, free credit monitoring, multiple identities, and even an auto-fill feature designed to streamline your shopping.
LastPass also stores your encrypted information on its cloud servers, meaning you can use LastPass on computers other than your personal PC and easily share passwords with family members. It even comes outfitted with a password generator for creating unique passwords.
Opting for the premium suite opens up a host of additional authentication options, stellar tech support, and the ability to sync information between your desktop and mobile devices.
While LastPass is our favorite for its features and interface, we should remind you that it has experienced security vulnerabilities in the past. LastPass has shown due diligence in fixing them though, as well as releasing regular updates.
1Password began life as a Apple-centric password solution, but it has since broadened its offerings to include iOS, Android, Windows, and ChromeOS. There’s even a command line tool that will work anywhere. There are plugins for your favorite web browser too, which makes it easy to generate and edit new passwords on the fly.
What sets 1Password apart from the rest is the number of extras it offers. In addition to managing passwords, it can act as an authentication app like Google Authenticator and, for added security, it creates a secret key to the encryption key it uses, meaning no one can decrypt your passwords without that key. (The downside is that if you lose this key, no one, not even 1Password, can decrypt your passwords.)
Another reason 1Password offers the best experience is its tight integration with other mobile apps. Rather than needing to copy/paste passwords between your password manager and other apps, 1Password is integrated with many apps and can autofill. This is more noticeable on iOS, where inter-app communication is more restricted.
The other reason I like 1Password is “Travel Mode,” which allows you to delete any sensitive data from your devices before you travel and then restore it with a click after you’ve crossed the border. This prevents anyone, even law enforcement at international borders, from accessing your complete password vault.
There’s a 30-day free trial for either plan so you can test it out before committing.
Dashlane is intuitive and simple, bolstered by two-factor authentication and the ability to change a multitude of passwords spanning multiple sites with just a few clicks. The fact that Dashlane’s memory footprint gets smaller with every update is only a plus, as is its ability to securely store pivotal notes, and share encrypted passwords with emergency contacts in case you have trouble with your account.
The software also allows you to store your passwords locally within an encrypted vault, or automatically sync them across your devices. Its digital wallet grants you a convenient means for tracking and making purchases at various online retailers (even if you don’t have a previous account set up with them).
You can use the software to easily scour your receipts if need be or, if you’re unfortunate enough to have an account on a site that’s hacked, you can set the app to automatically reset your password without ever having to navigate away from the interface. Business versions require an annual fee.
Keeper Security offers a range of password solutions for enterprise, business, family, and personal levels, making it one of the most scalable password managers we’ve ever seen.
It uses two-factor authentication and secure file storage to keep your information protected.
Keeper also has a lot of practical features that personal users will greatly appreciate, including version history — which can restore previous versions of your records as needed in case something goes wrong — and emergency access for five different contacts that will be able to access your passwords.
Keeper also offers more flexibility than many password managers when it comes to what data you can store. Custom fields allow you to keep passport info, driver’s license numbers, and other important records in the app!
From the creators of AVG Antivirus, Sticky Password is a free password manager that includes a premium version with extra cloud features. It boasts strong password generation, AES-256 encryption, and very intuitive navigation, particularly for mobile devices.
Sticky supports a wide variety of browsers including outliers like Pale Moon, Yandex, and SeaMonkey on desktop (mobile is a bit more limited). You also have secure cloud-encrypted syncing options between devices that help protect sensitive data over a wireless connection. In addition to traditional sign-in options, Sticky supports both Face ID and Touch ID sign-ins for passwords. Sticky offers both simplicity and professional service, making it a strong choice for a new business.
Password Manager Basics
A good password manager stores, generates, and updates passwords for you with the press of a button. If you’re willing to spend a few dollars a month, a password manager can sync your passwords across all your devices. Here’s how they work.
Only One Password to Remember: To access all your passwords, you only have to remember one password. When you type that into the password manager, it unlocks the vault containing all of your actual passwords. Only needing to remember one password is great, but it means there’s a lot riding on that one password. Make sure it’s a good one.
If you’re having trouble coming up with that one password to rule them all, check out our guide to better password security. You might also consider using the Diceware method for generating a strong master password.
Apps and Extensions: Most password managers are full systems rather than a single piece of software. They consist of apps or browser extensions for each of your devices (Windows, Mac, Android phones, iPhone, and tablets), which have tools to help you create secure passwords, safely store them, and evaluate the security your existing passwords. All that information is then sent to a central server where your passwords are encrypted, stored, and shared between devices.
Fixing Compromised Passwords: While password managers can help you create more secure passwords and keep them safe from prying eyes, they can’t protect your password if the website itself is breached. That doesn’t mean they don’t help in this scenario though. All three of the cloud-based password managers we discuss offer tools to alert you to potentially compromised passwords. Password managers also make it easier to quickly change a compromised password and search through your passwords to ensure you didn’t reuse any compromised codes.
You Should Disable Auto Form Filling: Some password managers will automatically fill in and even submit web forms for you. This is super convenient, but for additional security we suggest you disable this feature. Automatically filling forms in the browser has made password managers vulnerable to attack in the past. For this reason our favorite password manager, 1Password, requires you to opt into this feature. We suggest you do not.
Don’t Panic About Hacks: Software has bugs, even your password manager. The question is not what do you do if it becomes known that your password manager has a flaw, but what do you do when it becomes known that your password manager has a flaw. The answer is, first, don’t panic. Normally bugs are found, reported, and fixed before they’re exploited in the wild. Even if someone does manage to gain access to your password manager’s servers, you should still be fine. All of the services we list only store encrypted data and none of them store your encryption key, meaning all an attacker gets from compromising their servers is encrypted data.