Consumer Advocacy
What you need to know
Password Manager

  • Complex encryption makes for stronger passwords and enhances your overall online security by adding layers of complexity to your information. This renders stolen encrypted data unusable.
  • Automatic or single-click login allow you fast and secure access to all of your accounts and saves you time by automatically filling logins and forms.
  • AES-256 encryption and two-factor authenticators are current industry standards.
  • Dark web surveillance cross-checks your personal information against known leaks and reports breaches so you can take immediate action to secure your accounts.
Our Approach

How we analyzed the best Password Managers

Features
We’ve reviewed only password managers that meet current industry standards: single click or auto-login, unlimited password storage, cross-platform device synchronization, and strong built in password generator tools.
User Experience
We looked for systems that facilitate quick account set-up. Overall ease of use of your password manager data interface is essential.
Price
Many password managers offer free options that include basic features for a single device. We considered security-specific features not available for free that can offer real added protection, not only to your password health, but to your overall browsing experience.
Security
We examined each provider’s security history as well as how they’ve managed any past breaches, how quick they’ve been to correct security issues, or what they do to actively seek and repair security flaws.
Support
As with many software applications, some troubleshooting might be necessary to adjust the program to your browser or operating system. This is especially true during the initial set up or when importing data from previous accounts. We’ve looked for services with up-to-date community blogs, easy-to-use FAQ sections, and prompt response time in answering concerns voiced through reviews or help requests.
135 People found this helpful.
We receive compensation from these partners, which impacts the order they appear on the page. That said, the analyses and opinions on our site are our own and we believe in editorial integrity.

Our Top Picks: Password Manager Reviews

Password managers are a growing necessity of our digital lives. We struggle to keep track of the vast amount of login information we manage daily. However, there are many legitimate questions about their practicality. Is it really a good idea to store all your passwords in one place? Are password managers safe? Can’t I just keep a note with all my logins somewhere? In short, yes, you can. But there are also significant advantages to password managers that can greatly enhance your account’s privacy.

There’s a great variety of password management options and no two password manager services offer the same array of features and services. While most have a good track record at keeping your information safe, it's important to choose one that will actually fit your everyday needs and not further complicate your personal data management. 

We’ve arranged our recommendations based on features best suited for specific audiences. For those who use their phone as a web browsing tool, biometric authentication can be the quickest and easiest way to access password and wallet information, given the limited screen size and on-the-go nature of the devices. 

Folder sharing tools can be of great help for families, particularly if various family members regularly have access to your accounts. You can organize the services you use into different folders and grant access to designated users. You might want to share shopping or financial login information with your spouse only. Similarly, you can create password folders specific for streaming services that will allow your children access to particular services, but not to others. Some password managers will even allow you to remotely logoff or restrict a device from a specific website.

Another valuable feature for families is the ability to set up an emergency or legacy contact. This allows you to designate people who can access your accounts if something happens to you. This feature can also serve as a master password retrieval tool in case you or your family members lose their account access.

Business features are all about integrating teams while ensuring appropriate levels of data access are granted to specific members of your organization. The best password managers for business offer customizable safety policies and detailed data activity reports. Secure shared access to folders can be tailored to specific work teams and keep a tight lid on sensitive information.

Lastly we took into consideration two specialized features: open source and security token enabled password managers. Open source is a preferred option for those with script writing capabilities who want to customize or self-host their password management. Security tokens offer a tangible two-factor authentication solution. This can be of great service to senior administrative officers in charge of gatekeeping access to large amounts of valuable data. These users are specifically targeted by hackers in hopes of accessing larger corporate databases. Such tailored hacks are known as whaling attacks, so called for the large bounty of their targets. 

RoboForm review

Best for Business

Out of all the password manager features tailored for businesses, Roboform stands out by offering value, solid administrative and integration features, and dedicated support. Password manager service starts at 39.95 for each user per year with discount rates for bigger groups and for three-year and five-year subscriptions. Training webinars and materials are included with the service deal for employee onboarding purposes.

Screenshot of https://www.roboform.com/ 11/4/2019

Roboform allows administrators to create single or multiple accounts by importing comma-separated value source files (CVS) and document histories. Accounts can be given one of three role-based permission levels that allow specific files to be shared securely among individuals or whole groups. Admins can also enact centralized password requirement changes at any time. 

Business-Minded Applications

Roboform gives administrators the power to enact password hygiene policies and to tailor complexity and intervals for individual master password changes. Shared encrypted data is only accessible to employees when logged in with their password. This allows the admin to trace data activity back to the specific user. Administrators can generate individual and group data access reports, giving them total control of data access and usage history. Master passwords can also be integrated into a directory program to set up a Single Sign-On (SSO) option. 

Dedicated Support

Roboform for Business is one of just a handful of services to offer assistance by way of a dedicated support team. Users can speak directly with a phone representative or use chat or email features to submit requests for assistance.

Dashlane review

Best for Individuals

Dashlane offers a comprehensive set of features in a very user-friendly dashboard. At $3.33 a month (billed as $39.96 for the whole year), you will have not only all the password manager basics covered, but also additional features that offer serious added value such as a VPN and dark web monitoring services. Both are incredibly valuable to all kinds of users, but especially for those who regularly travel abroad or need to access the web via public WiFi.

Seamless Multiple Device Integration

On a single day, most people will access three to four different devices without much thought. Account synchronization across multiple devices is a necessity of our everyday lives. Dashlane manages your passwords on all your devices across multiple platforms and integrates your password security features so you can go from your phone to your laptop without remembering and reentering credentials. Furthermore, if your device is left unattended, gets lost, or is stolen, you can remotely access your accounts and log out of them before anyone gets access to them. 

Screenshot of https://www.dashlane.com/ 11/4/2019

Comprehensive Safety Features

Dark web monitoring examines your data against known breaches and unauthorized activity. It also provides you with personalized alerts that give you the tools to rapidly address security breaches and minimize the possibility of your passwords being compromised. Regularly monitoring your data works even better with the included VPN feature, which allows you to privately navigate the web without exposing your browsing history or IP address. A VPN also masks your actual server location, which can grant you access to content restricted in your home country.

NordPass review

Best for Privacy and Security

NordPass goes above and beyond to ensure that its users data remains secure at all times. It uses XChaCha20 encryption and two-factor authentication to ensure that hackers cannot gain access to your data. The company also employs a zero-knowledge architecture, which ensures that even NordPass cannot access your passwords because they're encrypted before they enter the cloud. The company provides a Password Health feature which helps users identify passwords that need changing because they are weak,, old, or re-used—three things that makes passwords more vulnerable. In addition, NordPass offers an optional Data Breach Scanner feature which scans the web for data breaches that may have affected users outside the realm of passwords the app protects. Paid plans for individuals start at $2.49 per month. There's also a free plan available if you only need to protect one active device at a time and a business user plan for enterprise needs.

Intuitive Interface

NordPass's interface is clean and easy to navigate and search. You can store passwords and important notes in different folders to make them even easier to track down later. The software uses OCR technology so you can save important passwords, notes and credit card numbers without typing them all into NordPass. Just use the app to scan and save information and you'll be able to access it later from any assigned device.

Time-Saving Design

Those who already use a password manager can quickly import their data into NordPass without going through the time-consuming process of entering them by hand. While your information is well-encrypted, a single master password (or bioauthentication for mobile apps) enables you to access your passwords quickly and easily and the built-in Trusted Contacts feature lets you quickly share your passwords with family members or friends you trust. All of your information is regularly backed up and synched to the cloud so you can move seamlessly from one device to the next without running into any issues.

Sticky Password review

Best Free Option

Sticky Password’s free option covers all the basics: autologin and automatic form-filling, a strong password generator, secure digital wallet, secure notes and two-factor authentication. The only major downside is that, as with most free services, it won’t sync your login information across multiple devices. If you regularly need to change devices, you might want to consider their premium service. At $29.99 per year, Sticky Password is also one of the best budget options available.  

Great Security Features at No Cost

How much can you really get from a free service? Surprisingly, a lot. Sticky Password offers great features not available in other free options, such as biometric authentication, which can integrate with devices equipped with fingerprint ID. It also offers a Windows-supported USB portable version which can be very useful for people working on multiple computers or those who need to work from offline locations. 

Screenshot of https://www.stickypassword.com 11/4/2019

Biometric Authentication

Sticky Password stands above other password manager services by including biometric authentication on phones equipped with fingerprint recognition. Combining something you know (your password) with something uniquely yours (your thumbprint) makes it much harder for unauthorized people to access your account. This additional security layer offers your device a better chance at surviving a breach or attack.

Password Boss review

Best for Families

We chose Password Boss based not only on its features, but on overall value and convenience for families. At $4 a month, it provides you with up to five individual accounts which can share an unlimited number of documents and passwords among them. The only downside to Password Boss’s family plan is that it doesn’t accommodate additional accounts for larger families. If you need more than five accounts, you would need to buy another family license. 

Screenshot of https://www.passwordboss.com/ 11/4/2019

If your family requires more than five accounts you might want to consider 1Password, which charges $4.99 a month for the same number of users and allows customers to include additional family members for $1 each. Aside from this, Password Boss accommodates all the password manager basics and includes some useful extras. 

Manage All Your Family Subscriptions and Records

Password Boss allows you not only to store but to share specific information with friends and family. You can designate different access roles to different members of your family. For example, you might want your children to be able to access streaming services, but not your digital wallet. Password Boss allows you to set up specific password access to each of your online accounts, and if needed, to revoke or delete device access remotely. 

Emergency Contact

Safely storing your records, accounts and other essential data is of no value to you if you lose access and can’t retrieve your encrypted data. Password Boss allows you to designate as many emergency contacts as needed from among those that share into the same group account. When you designate an emergency contact, an encrypted copy of the items that you want to share, which can include a copy of your Master Password, will be stored by Password Boss and will be provided to the designee upon request. You may set up a waiting period for the information to be released or grant immediate access to be provided once the approved contact requests it. This allows the feature to work both as a legacy tool and a contingency in case you forget your key.

Bitwarden review

Best Open Source Password Manager

If you are looking to self-host, Bitwarden offers great features on a wide array of desktop, web browser and mobile platforms. It includes a command-line interface (CLI) tool to access and code repositories. This feature allows you to write and execute your own script to customize vault features to fit your specific security needs. 

In-Site Hosting and Integration Features

You can choose to host Bitwarden on your computer with no dependency on external cloud services, which allows you to access your information without an online connection. Additionally, Bitwarden has RESTful API access and directory sync capabilities that allow integration via Active Directory, Azure, G Suite, and Okta.  

Screenshot of https://bitwarden.com/ 11/4/2019

User-Friendly Interface

Bitwarden offers a user-friendly interface that allows you to store and retrieve information efficiently. You can sync all your devices and store unlimited items including logins, notes and credit cards. With the premium option, you can opt to receive password health reports or to set up a two-step login with either a YubiKey, Duo, or Fido U2F. 

Other Open Source Options

As part of our research we spoke with Professor Humberto Ortiz, a cybersecurity and bioinformatics specialist from the Computer Sciences Department at the University of Puerto Rico in Río Piedras. His personal recommendation went to KeePass X, a well-trusted option among programming communities. Both KeePassX and KeePassXC are great open source options if you’re looking to self-host, although their user interface might be a bit too bare for users more accustomed to app-like dashboards.

SplashID Key Safe review

Best Token-Based Option

Token-based security options are becoming more popular as two-factor authenticators. The Splash ID Key Safe is a USB drive with 4GB of storage space that comes with a pre-installed full version of SplashID Pro which you can plug into the USB port of any computer running on Windows or Mac OS. The SplashID Key contains all your passwords and data. Splash ID advertises that once the key is unplugged, your data goes with you, leaving no traces of data on the computer device. 

A Unique Key Yours to Hold

The advantage of token based password managers is that you carry with you the master password at all times, leaving no information available to hackers in servers or devices. This represents a strong advantage to your data security as you possess the only key that can unlock your encrypted personal information. On the downside, those same advantages come with their very own limitations, as you are dealing with a physical item, which can get lost, stolen or simply stop working. 

Screenshot of https://splashid.com/ 11/5/2019

Lifetime License

Right now, SplashID is offering a free lifetime license whenever you buy a Key Safe (currently at $49 for one and $149 for five keys). We asked the Splash ID support team to to confirm the offer. We got a fairly quick response from them confirming the subscription includes a SpashID Pro license for the life of the device. Their promotion also offers a two-year money back guarantee and a promise for a full refund if you are not satisfied with the product.

Our Research

More insight into our methodology


Features

We examined more than 20 leading password managers and compared them on 22 different features, giving individualized consideration to product-specific features.  General features assessed included programming standards and functionality across browsers and operating systems. We considered only password managers that clearly identify the cryptographic hashes and key derivation functions employed in their programs. We also ruled out services that don’t offer 256 bit encryption as standard.

Additionally, we made sure that all the managers reviewed included their own strong password generators and whether these include password strength check with length and character customization. All of the products we reviewed allow an unlimited number of accounts to be stored, as well as synchronization across multiple devices. With the exception of free programs, all the services offer both of these as standard. Other essentials are autofill features and single-click fill options. 

password features

 

However, auto password changer features, which can be set up to routinely change passwords, were considered but ultimately not determined to be a defining factor. These capabilities are more a matter of personal preference than must-have features.  

Concerning security, we looked for password managers with two-factor authentication as well as biometric authentication capabilities, secure notes storage, digital wallets, password and data import and export features. We scrutinized available tech support for each service as well as the offline access capabilities, and emergency or legacy contact features. Lastly, we looked for the availability of free trial periods and overall price per year.


User Experience

Clearly, we are looking for systems which not only facilitate your initial account set-up, but also offer user-friendly program interfaces to store and retrieve your personal information. Different password managers employ distinct organization strategies via dashboards, vaults or simple drop-down menus. We looked for fully integrated options that don’t require additional extensions or outside applications for full functionality. Ultimately, ease of use and simplicity are the main factors in determining whether to recommend one password manager above the other. Safely transferring, storing and keeping your passwords, digital wallet and secure notes shouldn’t be a hassle.


Price

Although most services advertise monthly fees, the vast majority of them charge for a full year. With the exception of free options and Zoho Vault, which offers a pay-as-you-go option, most password managers will require full payment in advance. This is why we strongly believe that free trial offerings or feature-reduced free options are extremely valuable: they allow you to test the service before you make a full year commitment. When examining two services with the same basic features and similar service histories, our recommendation consistently goes to the option which offers more bang for your buck. 


Security

We spoke to three independent cybersecurity experts and discussed both theoretical and practical considerations of online security. We asked straightforward questions about actual benefits and performance of advertised safety features and cleared up some of the myths about the password manager industry. We asked hard questions about past breaches and queried whether these services should be trusted. We also investigated whether advertised capabilities are up to par and offer the protections they claim to provide.


Support

As with most software applications, some troubleshooting might be necessary to adjust the program to your browser or operating system, especially during the initial set up or when importing or exporting data from previous accounts. We looked for services with up-to-date community blogs, easy to use FAQ sections, and quick response time for help requests. We also took into consideration consumer reviews and concerns across the web.

Helpful information about Password Managers

Insight From Cyber Security Experts

We spoke to three independent and unbiased cyber security experts and contractors regarding the many security claims that password managers make about their services. Their general consensus was in praise of password manager’s capacity to enhance stored data and browser security. Here are some of the questions we asked, as well as some of the insights they had to offer:

Are There Real Benefits to Using Password Manager Services?

We asked Quentin Rhoads-Herrera, Offensive Security Manager at Critical Start, a security firm specializing in managed detection and response to computer and network threats. He spoke about the many advantages offered by password managers: “In almost every penetration test, an account is found to have a very weak password. Sometimes those accounts are elevated accounts such as domain admins. With password managers you can create very complex passwords that would take decades, if not longer, to crack if the password hash was leaked. The downside of using a password manager is that you have one master password that is used to access all others. So, you must ensure that password is complex enough to thwart any attacker. If companies moved to password managers for at least managing service accounts, that would greatly increase their security posture. The reason for this is attackers and assessors frequently go after service accounts because they rarely get their password changed and are usually setup with fairly weak passwords. Password managers also prevent password reuse, which is still a big problem for most users.”

Safety in Numbers

More is not always better, especially when it comes to software security. With each additional feature, more code needs to be written. What does this mean to you? Well, we are looking not only for strong encryption, but for well-crafted programs that routinely audit data and test for weaknesses that could be exploited. Simply put, if there’s more room for hackers to test for faults, there will be more chances for them to find holes in your perimeter, as Profesor Humberto Ortiz Zuazaga of the Computer Sciences Department at the University of Puerto Rico explained. “Encryption of the password database is essential. I usually recommend managers with fewer features, to reduce the attack surface. Being able to paste passwords without seeing them is the other essential feature.” 

What Security Assurances Can These Services Legitimately Provide?

“No system is totally secure,” says Arturo Geigel, an independent security expert who serves as a researcher and consultant in the areas of machine learning, natural language processing and data mining. “[I]t depends on the threat model it is designed to protect against. That being said, there are layers of security that they can add that will further add security to the transaction of using the password manager. But as they add these layers, such as restrictions based on machine characteristics (e.g. IP address, Mac address, serial number, etc.), they limit the mobility and ease of use. Such measures, coupled with monitoring the environment for suspicious activity that deviates from normal, can help in preventing compromises

Should Consumers Trust Password Managers That Have Been Hacked Before?

This question elicited some disagreement among the experts we consulted. Geigel and Rhoads spoke in favor of the continuous betterment of codes, but Ortiz-Zuazaga was adamant in his personal distrust of previously compromised programs. 

On this Geigel had to say: “This is a matter of degree (of the breach). It all depends on the assets which those passwords authenticate. If the value of the assets is minimal and the service provides additional ease of use, then it is better than writing it on pieces of paper that a person can get ahold of and abuse. In the end, it is a matter [of evaluating] each user’s specific circumstances to see which decision to make…. It will vary with the circumstances, the system’s exposure and the user’s tolerance for risk.”

Rhoads-Herrera added: “Those password managers (OneLogin, LastPass) had features that contained bugs that were promptly fixed by the vendor. To my knowledge, none of those bugs resulted in the compromise of all passwords stored in a user’s password vault or the databases housed within the vendor’s infrastructure. Like most products, there are always vulnerabilities discovered. A consumer should look at how the vendor such as LastPass deals with those vulnerabilities, e.g. how fast do they patch? Do they have bug bounty programs to actively ensure their products are safe? At the end of the day, a user cannot remember a fully random 18-character password, and to use a random one on every login would be impossible. Having a password manager where you remember one password, use MFA to access that password vault, and set up fully random complex passwords is a much safer and stronger approach.”

However, when asked if he trusted password managers that had been compromised Ortiz-Zuazaga replied simply, “I don’t.”


FAQs about Password Manager


What is a password manager? How does it work?

Password managers are designed to create and manage complex passwords and login information and keep encrypted copies of your notes and documents. Password managers automatically fill in your account login information, both usernames and passwords, turning your browsing experience into a single-click login process based on a single master password.

How do I know which password manager to choose?

There are three types of password managers: local computer or browser software, online services, and token-based applications. The best password manager is the one that fits best with your digital lifestyle. Many of the best services available offer free trial periods which allow you to test features before committing to a particular product.

Are password managers safe?

Password managers have a solid track record. Even those with past breaches have only exposed password information that was retrieved from vulnerabilities that have been rapidly resolved. To this day, and to public knowledge, no individual consumer data has been compromised. Stored data is encrypted, which makes it far more complex than regular documents and files. Even if your encrypted data was somehow maliciously obtained, it wouldn’t be of use without your encryption key, which is tied to either your master password or token key.

Why do I need a password manager? Can’t I just write my password down?

You certainly could write down your passwords and store them yourself. However, the average person has around 90 different online accounts, from social media, news subscriptions, online shopping and a wealth of web-based services. Keeping track of such a large amount of information can easily become a nuisance, particularly when it comes to maintaining healthy data hygiene habits such as regularly changing strong arbitrary passwords.

Will my family be able to access my accounts if something happens to me?

Many password managers allow you to set up an emergency or legacy contact that can be used to retrieve access to your account if any unforeseen situation would require family or a designated party to be granted access to your login data.

What should I do if my master password gets lost?

If you’ve set up an emergency contact or have shared access with someone, they will be able to retrieve the account for you. Otherwise you will lose access and all information stored. Keep in mind that most services do not keep copies of your master password and only encrypted information would be accessible to the program operators which would be useless without your password key. Security experts suggest you use a personal phrase that only you will remember as to make sure you can always retrieve your account. If access is lost, you won’t be able to retrieve your information.

How do I know if my password has already been compromised?

Many services offer password audit services that help you maintain password hygiene. Most also offer dark web monitoring that checks your passwords against leaked password databases and known data breaches. You can also verify if your email address has been compromised by going to https://haveibeenpwned.com/

Our Password Manager Review Summed Up

Company NameThe Best
Dashlane Password Managerfor Individuals
RoboForm Password Managerfor Businesses
Sticky Password ManagerFree Option
Password Boss Password Managerfor Families
Bitwarden Password ManagerOpen Source Option
SplashID Key Safe Password ManagerToken-Based Option
We receive compensation from these partners