Using a password manager is one of the best steps you can take to protect your security online. A good password manager makes it easy to generate unique, strong passwords, and it will then safely store them so that they are available wherever you need them, whether it is on your phone, laptop, tablet or desktop computer. Basically, they take 90 percent of the work out of being safe online.
Hopefully everyone at this point knows why it’s important to use a unique password for all your online accounts. But the short version is that using one password everywhere means that if only one website you use is hacked, an attacker could potentially have the password that unlocks your entire online life. Breaks still matter if you use a password manager, but at that time it is a case of resetting just one password instead of dozens.
There are many good password processors available that charge a monthly fee, but for this guide we will focus on free services. Everyone has paid subscription levels, but for most, the free level offers the essential core features of a password manager.
Our choice for the best for most is Bitwarden.
The best for most people: Bitwarden
Bitwarden basically has everything you could want from a password manager. It is available across iOS and Android; it has native desktop applications on Windows, macOS and Linux; and it also integrates with all major browsers, including Chrome, Safari, Firefox and Edge.
BitWarden’s security has also been revised by a third-party security firm, and although it uses the cloud to synchronize your passwords between devices, it states that it stores them in an encrypted form that only you can unlock. You also have the option to protect your Bitwarden account with two-factor authentication to provide an extra layer of security.
It was easy to import our passwords, and Bitwarden has guides for many popular password processors on the support pages. It supports biometric security on iOS and Android, and all software is nicely designed and easy to use.
Bitwarden has paid levels, but we think most people will do without most of the features they offer. By paying, you get access to encrypted file attachments, several second-factor security options and reports on the general security of the passwords you use. But even at the free level, you can perform checks to see if individual passwords have been leaked in password breaches. Payment also gives you access to a built-in one-time code generator for two-factor authentication, but it is easy and without a doubt safer to use a separate app for this.
As part of our research, we also tried a number of other password administrators. Of these, Zoho Vault is another free suite of features, but the interface is not as good as Bitwarden.
Zoho Vault’s iOS and Android apps are nice enough, but the browser extension is a bit bulky and has useful features like the password generator behind one too many submenus. It is also unclear whether the software has undergone a third-party security audit; the company did not respond to our request in time for publication.
There were two other free password processors we felt were not in line with Bitwarden and Zoho Vault’s standards. Norton Password Manager has the benefit of coming from a reputable cybersecurity company. But we found the way it tries to simplify the setup process actually makes things more confusing, and Norton’s support pages did not do a good job of helping us figure out where we had gone wrong. Norton did not respond to our email and asked if the software had undergone a third-party security audit.
We also tried LogMeOnce, but we were not reassured by the presence of ads in the smartphone app. It also asked for many more permissions than the other password processors we tried. The company says this is necessary to activate the Mugshot feature, which tries to provide you with information about unauthorized attempts to access your account, which is an optional feature. The company says it regularly hires third-party security researchers to test the products.
Until recently, LastPass would have been included as a free password manager, but it makes some changes to the free level on March 16 which means it will be much less usable as a free password manager. After that date, free users will be able to view and manage passwords on only a single device category: mobile or computer. “Mobile” subscribers will have access to phones, tablets and smartwatches, while “Computer” subscribers will be able to use the service across PCs, Macs and browser extensions. Given how people switch between these two devices every day, we think this will limit how useful LastPass’ free level will be for most people.
Our focus on simplicity also means that we have excluded KeePass, a password manager that relies on third-party apps on non-Windows platforms. Additionally, to synchronize your passwords between devices, you must use a third-party storage service such as Dropbox or Google Drive.
In addition to the free options, there is a large selection of paid password managers out there. Some of these have free levels, but they are so restrictive that they can not be effectively used as a daily password processing. 1Password is perhaps the most well-known paid option, but others include NordPass, RememBear, Passwarden, Dashlane, RoboForm and Enpass, all of which limit their free versions in ways we believe make them unsuitable for long-term use.
Finally, most modern browsers offer built-in password management features, but we think it’s worth taking the time to store your passwords in a standalone service. It gives you more flexibility to change platform and browser in the future, and password administrators also have a general interface that is better suited to the task of storing passwords. To make things easier for yourself, you may want to turn off the built-in password manager in your browser once you have chosen a standalone version to use, so you do not risk having passwords stored in two places at once.