However, even if you don’t reuse passwords for your online accounts and don’t use the infamous “123456”, remembering a number of complex and long passwords (a frequent request from most services) often proves to be impossible. When this happens, you can find yourself writing the passwords down on a sticky note or a piece of paper. And writing down passwords puts you at risk of losing the paper, not being able to find it when you need it or even having it stolen.
As most of us don’t have the perfect memory for remembering passwords, and writing them down might be against your company’s policy, a reliable and secure password manager is the way to go.
Fortunately, you no longer need to struggle with thinking up, and remembering, long and complex passwords. Using a password manager will allow you to manage your login credentials across all accounts and devices and keep them secure. That’s why we’ve compiled a list of our top 5 favorite password managers to conveniently keep all of your accounts secure against crackers or anyone with the intent of breaking into them.
But first, let’s explore what password managers are, and why you need one.
What is a password manager?
A password manager is an encrypted software application that’s used to store and manage all of the passwords and login credentials you use to access websites, apps and other online services. Typically, all stored passwords are encrypted, either locally or in the cloud, and with a password manager, instead of having to remember numerous different passwords, you’re only required to create one—a master password that allows you access to the stored passwords.
Besides keeping your credentials stored, encrypted and secure, a password manager can provide you with the ability to generate unique, complex passwords that won’t be reused on all your devices and services. It will also alert you to any weak passwords you ought to change.
Once you start using a password manager and you want to log into a website or an app, instead of typing your usual credentials you’ll only need to input the master password in your password manager. A password manager usually comes with a convenient browser extension, and it will automatically fill out all of your appropriate login credentials, such as email address, password, name, etc. If you’re already logged into the password manager, it will automatically fill in the data for you, without you needing to input a thing.
But why not use your browser’s password manager?
Google Chrome, Mozilla Firefox and most other web browsers come with a basic password manager that asks you to save and store your password for easy access. While this is a better option than working with insecure passwords that are reused across all accounts, these browser-based password managers don’t provide the same level of security as dedicated password managers.
Browser-based password managers limit their capabilities to just that one browser, while dedicated password managers are designed to work across all browsers and devices. Third-party password managers are cross-platform and cross-browser. And built-in password managers only remember your existing passwords, without a feature to assist you in generating secure passwords, one of the key hallmarks of the dedicated variety.
It can seem daunting to choose one password manager as there are many out there, with different capabilities, some free and some paid, with the various OSs they support, etc. That’s why we’ve tested the industry’s finest and created this list to help you choose the one that’s right for you.
Stay in the loop with the best infosec news, tips and tools
Follow us on Twitter to receive updates!Follow @SecurityTrails
5 best password managers
Password managers come with different price tags, features and capabilities. We’ve spent some time testing each one and even went to Twitter to ask what password managers our followers use.
We ranked them on these criteria:
Level of security they provide and how well they protect your credentials
While there are password managers that will fit any budget, even a non-existent one, we were looking for those with the best value for the price
Capabilities and features they offer, such as ability to generate strong passwords, secure sharing of credentials, syncing across different devices and OSs, two-factor authentication availability for the master password, etc.
Overall performance and reliability
While compiling the list, we kept our own research in mind as well as the results from our Twitter poll.
Without further ado, let’s get to our top picks for the best password managers on the market.
Dashlane is our first choice. It’s the password manager we use at SecurityTrails, and we love it for its high level of security and straightforward use. It supports all major operating systems—Windows, macOS, Linux, Android, iOS, Chrome OS and watchOS and offers browser extensions for Chrome, Firefox, Safari, Internet Explorer, Edge and Opera.
Dashlane offers three plans: Free, Premium and Premium Plus. The Free plan is packed with advanced features such as Password Changer, an identity dashboard, storage of your passwords, payments and personal details under a master password and standard 2FA. And Password Changer is one of Dashlane’s unique features; all of your passwords are ranked by their security level, and it allows you to automatically change the unsafe passwords on more than 300 websites. But when it comes to the foundational stuff a password manager should have, the Free plan is lacking—you can only store up to 50 passwords, and only on one device.
The Premium plan is where Dashlane really shines. With it, you can sync unlimited passwords on an unlimited number of devices, and on top of all the advanced features offered by the free plan, Premium adds 1 GB secure file storage, dark web monitoring and a VPN for additional protection.
The VPN is another unique feature to come with a password manager and it’s a nifty bonus that encrypts your data while on public WiFi, preventing anyone from stealing your passwords.
Dark web monitoring is another interesting feature. Dashlane scans and monitors the dark web to find out if your personal data has ever been compromised. And for even more advanced security, the Premium plan has U2F with YubiKey support.
The Premium Plus plan is more oriented towards identity theft protection features, such as credit monitoring, identity restoration support and identity theft insurance with up to $1 million in coverage. This plan isn’t available in most countries and is best suited for an organization with the specific need for this type of service.
Dashlane can be on the pricier side, as the Free plan, while offering some really cool features, falls short in the stuff that really matters with password managers—the number of passwords and devices you can store and sync with. But once you go for the Premium, it’s definitely one of the best password managers out there. With its Password Changer, VPN and minimal and easy-to-use interface, Dashlane is our top pick, especially for business users.
LastPass was the definitive winner of the Twitter vote for best password manager, and it’s not hard to see why. LastPass has long been hailed for being the best free tier password manager due to the fact that, unlike other competitors, there is no limit to the number of passwords you can use with it or devices you can sync with—it allows for all of them.
This password manager supports Windows, macOS and Linux, and as a browser extension, it’s available for Chrome, Firefox, Edge and Opera. LastPass offers Personal and Business accounts, with Personal having the free, premium and family tier. Business is more oriented toward having multiple users under one account, and it offers the options for Teams, Enterprise, MFA and Identities.
Along with its amazing capability of storing unlimited passwords, Last Pass’s Free plan saves and auto fills your passwords, comes equipped with a strong password generator and includes MFA as well as the standard features password managers offer. It also has an interesting feature called “Security Challenge”, which, similarly to Dashlane’s “Password Changer”, is an audit of your accounts and how strong your credentials are, and it can suggest that you change them.
While the Free plan has everything you can ask for from a password manager, their Premium plan is worth a second thought. In addition to the Free tier features, the LastPass Premium plan allows sharing of your passwords with multiple people. Advanced MFA using YubiKey, Sesame and fingerprint authentication provides better security, and 1GB of encrypted storage leaves enough space for you to store 13 types of personal data such as ID cards, passports, driver’s licenses, and even database and server logins.
The Family plan offers additional features that are oriented towards having multiple users under one account, sharing among them and account management.
While its features aren’t that innovative, LastPass is one of the rare freemium password managers that gives you a solid, easy-to-use password manager with enough capabilities that you might not even want to go Premium. We highly recommend LastPass for individuals. As we consider its being first choice with our Twitter followers as well as the frequent data breaches it has seen, it gets a 4.5/5 and a number-two ranking on our list.
The second contender in our poll, 1Password, is a bit different from the two previous entries on this list as it doesn’t offer any kind of a free plan. From this we can already determine that this service is more geared towards family and business users.
1Password is also available for Windows, macOS, iOS, Android, Linux and Chrome OS and offers browser extensions for Chrome, Firefox, Internet Explorer, Safari and Edge. There are two pricing plan categories—Personal & Family, and Team & Business.
All 1Password plans have a few unique features that make this password manager a standout: travel mode, which removes sensitive data from your devices that can later be recovered, so that your devices are deemed safe for travel, and a 1-year history to restore your deleted passwords. Another highlighted 1Password feature is its 256-Bit Encryption to ensure security of your sensitive and private data.
As other password managers do offer an audit of your current passwords and suggest their security level, 1Password goes one step further with Watchtower. They have partnered with haveibeenpwned.com and alert you if your credentials have been compromised in a data breach.
In the Personal plan, 1Password allows for storing unlimited passwords and 1GB of storage, 2FA and the above-mentioned advanced features. The Families plan has all the features the Personal one has, plus data sharing with up to 5 guests, user management, and account recovery for locked-out users.
1Password’s Teams plan doesn’t offer anything more revolutionary than the Families plan, other than adding admin controls to manage permissions and integration for business-wide MFA, but the Business plan is what really caught our attention.
The Business plan offers storage expanded to 5GB per person, an activity log for any changes in the vaults, usage reporting, you can create groups for different teams, and some really interesting Advanced Protection features are ideal and specifically tailored for organizations. These features include the ability to create policies for the strength of the master passwords, 2FA, app updates, monitoring of attempted sign-ins, denial of sign-in attempts from certain locations, IPs and in general much more control over the account and its users.
Although 1Password doesn’t offer a free plan, it comes packed with features that you just can’t find in competitors: travel mode, Advanced Protection, Watchtower and others that make 1Password a go-to choice for businesses and larger organizations.
Bitwarden didn’t get the chance to be included in our poll as Twitter limits its polls to only 4 options, but we got a couple of comments supporting it as their top pick for the best password manager around. Being a free and open-source password manager option, we had to include Bitwarden in the list.
This password manager supports Windows, macOS, Linux, Android, iOS, command line and all major browsers. While Bitwarden is a free product at its core, you can still opt to pay a premium for a Families account or two options for business use—Teams and Enterprise.
Bitwarden is a straightforward password manager with a clean interface that gets the job done and with no hassle. Free users get a lot with their accounts: unlimited passwords and devices, 2FA, e2ee encryption of passwords, unlimited sharing between 2 users, a secure password generator and the option of hosting it yourself on the platform of your choice.
The Premium plan might be worth the upgrade as it offers additional 1GB encrypted file storage, improved 2FA using YubiKey, FIDO U2F and Duo, Vault health reports and TOTP Authenticator Key storage and code generator.
Business accounts are, as always, packed with more interesting and advanced features. With Bitwarden’s business accounts, you get on-premises hosting without using any external cloud services, password and access control policies across your organization, the ability to sync users from Active Directory, Azure, G Suite and Okta, and even API which allows you to integrate your organization with other tools and systems.
Overall, Bitwarden does have some features that are geared towards the more technical crowd and allows for easy integration and control. One great benefit of Bitwarden being an open-source password manager is that new features are always being rolled out, and with so many great offerings in the higher-tier plans (which are still very affordable), it’s certain that the service will continue to improve.
This password manager is something we would recommend to more tech-savvy users, and when it comes to business users, smaller teams would find much greater use for Bitwarden’s capabilities.
Another open-source password manager has made it onto this list (and kicked Keeper off of it). We always want to support open-source software so it’s no wonder that our final choice came down to this one.
Now, KeePassXC doesn’t boast a super modern interface—once you start using it you’ll know it’s been around for quite some time—but when something’s been around for that long, it must be good, right?
KeePassXC is a community fork of KeePassX, which is actually a cross-platform implementation of the KeePass original password manager. It works on Windows, macOS and Linux and as every feature works cross-platform, it’s been tested on multiple systems to provide users with the same experience on each supported platform.
In contrast to Bitwarden, KeePassXC is fully, and always, free. In addition to securing your credentials behind a master password, this password manager provides you with 2FA which considers having a copy of the keyfile on your device. It also allows using YubiKey for more protection, which while not present on the original KeePass, can be obtained via a plugin.
How do you use it? Well, you start by creating .kbdx files—encrypted password containers which can be safely stored anywhere, even on Google Drive—allowing you to easily sync all of your passwords across many devices and platforms. Every feature of KeePassXC is designed to be quite straightforward and easy to use, not getting too fancy with its features, but providing you with just what you need: a secure password manager that is under active development, and which ensures no backdoors are left open.
If you’re a fan of open-source software and would prefer for your password manager to be just that, there’s no need to look further than KeePassXC. While the UI might not be the most sophisticated out there, it gets the job done with a few clicks and allows you to be a part of a booming community. If you are or were a fan of KeePass, this is it, but even better!
Having a weak password makes you an easy target for cyber criminals, and at both the individual and organizational levels, good password hygiene is important. So why would you stress over trying to decide whether to actually create a complex, secure password that you can’t remember and a commonly used one that’s always in the back of your head? Using a password manager, especially with so many around that offer free plans covering all your needs, will go far in creating that first layer of security for all your accounts.
Which one is your favorite? Have you tried a couple of the password managers on this list?
Every account you have is a potential attack vector, and when we count all of the digital assets your organization might possess, we get a large attack surface that isn’t resilient to threats if left unmonitored. That’s why Attack Surface Reduction is here—to help you contain, log and track your assets. It also provides the tools needed to figure out weaknesses on your attack surface.
Catch any threat before it becomes an attack! Schedule a call with our sales team to find out more.