This article has been just updated: December 11, 2019
Security researchers estimate that weak passwords cause over 80 percent of data breaches. Why is it that most people don’t listen to basic password recommendations even though experts have been preaching them for years? Because passwords—especially those that are strong—are notoriously hard to remember unless you use a password manager.
Password managers are software tools whose purpose is to stop password reuse. They allow you to generate a strong, unique password for each online account you have, and they remember your login credentials for you. When you choose to log into an online account, your login credentials will be filled in automatically.
Because password managers store all your login credentials in one place, it’s important to choose one that you can trust. All the password managers recommended below rely on strong encryption and two-factor authentication via various methods to keep users’ content safe and protected.
Bitwarden is a relatively young password manager that is quickly gaining popularity because of its open-source nature, support for multiple platforms, and flawless security track record. The password manager stores your login names and passwords in the cloud and protects them with end-to-end AES 256-bit encryption, salted hashing, and PBKDF2 SHA-256. A third-party security auditing firm has thoroughly assessed the security of Bitwarden and found no noteworthy flaws in its design.
Bitwarden offers two types of user accounts: Free and Premium. Free users can access and install all Bitwarden apps, sync all of their devices with no limits, store unlimited items in their vaults, use two-factor authentication (2FA), generate strong passwords using Bitwarden’s password generator, and self-host Bitwarden on their own servers. Premium users can additionally enjoy 1 GB of encrypted file storage, two-step authentication with YubiKey, FIDO U2F, and Duo, TOTP authenticator key storage, and priority customer support.
Pros: Open source, free, and trustworthy. A well-designed user interface that makes it accessible even to non-techies. Available on all major platforms.
Cons: Based in Florida, which puts it under US legal jurisdiction. Stores data on Microsoft’s Azure servers.
Bitwarden is an excellent young password manager that offers far more than many big players do, but does so at a fraction of their price.
First released in 2008, LastPass is arguably the most popular online password manager today. LastPass plugins are available for most web browsers, and users can also access their login credentials via a web user interface. LastPass protects users’ content with AES-256 encryption with PBKDF2 SHA-256, salted hashes, and the ability to increase password iterations value. The password manager had several security issues in the past, but encrypted user vault data has never been affected.
While it’s possible to try and even use LastPass for free, most features become available only after paying $2 a month for Premium subscription. The features available only to paying customers include access on all devices, one-to-one sharing, a password generator, secure notes, security challenge, multi-factor authentication, emergency access, priority tech support, and 1 GB of encrypted file storage. LastPass also has subscription plans for families, teams, and enterprises.
Pros: Secure, easy to use, and works on all platforms.
Cons: LastPass isn’t open source, and users have to pay $2 a month for features that Bitwarden and other password managers offer for free.
Even though LastPass isn’t perfect, it remains one of the best online password managers a decade after its first release.
KeePassXC is a cross-platform community version of KeePass, a free and open-source password manager for Windows that stores usernames, passwords, and other fields, including free-form notes and file attachments, in an encrypted file. KeePassXC is available for Windows, macOS, and Linux, providing users with the same look and feel as KeePass.
Unlike Bitwarden and LastPass, KeePassXC works offline and requires no internet connection. You can still sync your login credentials across computers, but you need to use Cryptomator, Tresorit, Spideroak, Sync.com, or any other end-to-end encrypted service to do it safely.
Pros: Cross-platform, free, and open source. Because KeePassXC doesn’t store passwords in the cloud, it’s arguably the safest password manager on this list.
Cons: It takes a bit of work to synchronize passwords across computers, especially if you want to do it safely.
KeePassXC is an excellent password manager for slightly more advanced computer users who are not afraid to set up their own database synchronization.
With its attractive user interface, 1Password is one of the most user-friendly password managers around. It keeps all your passwords and other sensitive information protected behind your Master Password, allowing you to use a unique password for each website you visit while remembering just a single password. 1Password costs $2.99 a month when billed annually, but you can try it for 30 days without paying to see what it offers.
Pros: A beautiful user interface that makes it easy to stay organized. Support for many platforms.
Cons: Costs $2.99 a month.
It’s no wonder why 1Password is so popular among Apple users. Its well-polished, easy to use, and it can make you fall in love with password management.
Enpass is a cross-platform password manager that you can download for free and use without paying a subscription fee or dealing with hidden charges. It can store not just your passwords but also your credit cards, passports, bank account details, secure notes, and more. Thanks to its support for the Apple Watch and Android Wear devices, you can easily access your password or PINs right with a glance on your wrist.
Pros: Enpass doesn’t store your encrypted password database on their servers. Instead, it uses SQLCipher, an Open Source SQLite extension that provides transparent 256-bit AES full database encryption, to secure your data.
Cons: Enpass isn’t open source, so independent security researchers can’t readily verify how secure it is. It uses a proprietary format to store passwords, making it incompatible with other password managers.
Enpass is a likable password manager that doesn’t require a monthly subscription and has a totally free desktop version
Dashlane helps you manage your logins, passwords, payment information, and other sensitive personal data by protecting sensitive information with patented security architecture and real-time alerts and auto-filling forms and logins with your stored passwords and personal info. To enjoy this password manager, you must purchase the premium version because you can manage only up to 50 passwords for free.
Pros: Makes password management incredibly accessible and has a great security track-record.
Cons: The free version is limited to 50 passwords. Doesn’t sync your information across devices unless you subscribe to their premium service.
Dashlane is a great password manager for people who are willing to pay $3.33 a month for its premium subscription. However, many other password managers offer a lot more for free, which is why it’s near the bottom of our list.
RoboForm is one of the oldest password managers around, first released in 1999. Its developers have improved it considerably over the years, and it now uses AES 256-bit encryption with PBKDF2 SHA256 and local-only decryption. An extra layer of protection to your account is provided by TOTP-based authentication apps, including Google Authenticator, Authy, and Microsoft Authenticator.
Pros: An inexpensive password manager with many options. It has been around for a very long time, so its developers had plenty of time to polish it.
Cons: Read-only web interface.
The read-only nature of RoboForm’s web interface make its clear that it comes from a different era than Bitwarden, LastPass, or other popular password managers, but it still has a lot to offer to new and existing users alike.