A simple way to stay safe from hacking when using your online accounts is by using one of the best password managers listed below in addition to antivirus software, and a virtual private network for an added layer of security.
If you're looking for an easy way to manage your online logins, using one of the best password manager options in this article can help. As an extra level of safety, consider using an physical security key and an online security suite for a full suite of digital defences.
We all have many online accounts, but it's often easy to fall into the habit of reusing the same password for multiple sites and services. It might be convenient, but it also leaves you in danger of a very real cybersecurity issue that could affect work and personal files alike.
Getting one of the best password manager choices has never been more important, especially as more and more of us are embracing a remote working life that splits time between the home and office.
Here's our pick of the services we think offer the top features and value for users when it comes choosing the best password manager selections. And if you're looking for something to boost your workplace security, we've also looked at the best business password manager options around.
Best Password Managers of 2022
As one of the most popular password managers in the world, Dashlane (opens in new tab) is a capable password manager for a single device, capable of storing unlimited passwords (50 for a free account) in a secure vault with multi-factor authentication, Like LastPass, it can do much more than just fill in passwords for you; it can also store all kinds of information and fill out forms with delivery addresses and contact details automatically.
So far so good, but Dashlane's premium service is even more impressive. Not only does it let you synchronize all your passwords across all your devices (both desktop and mobile), it also monitors the dark web for data breaches and sends you personalized alerts if any of your stored details appear in a batch of stolen data.
There's secure file storage too (ideal for scanned ID documents, insurance policies and receipts) and even a VPN (opens in new tab) for browsing the web more securely via Wi-Fi hotspots.
Unsurprisingly, all of this comes at a price, and Dashlane's premium plan is one of the most expensive options around, but the extra services (plus remote account access and priority support) do justify the cost.
LastPass password manager (opens in new tab) is easy to use, super-secure, packed with features, and offers both free and premium tiers so you can choose the option that suits you best. No wonder it's one of the most searched for and popular password managers available!
All data is stored using AES-256 bit encryption with PBKDF2 SHA-256 and salted hashes to keep it secure - and this isn't limited to passwords either. You can also store credit card details and delivery addresses so they can be entered automatically when you're shopping online, plus encrypted notes, details of insurance policies and much more besides.
The free version of LastPass is superb, but premium accounts are very reasonably priced and offer an extremely useful extra feature: the ability to log into apps on your phone. Very few password managers offer this, and it could prove invaluable if you ever lose your phone, preventing people from accessing your emails and social media.
One of our favorite LastPass features is its support for multi-factor authentication, which helps protect you from phishing attempts by requiring an additional form of authorization to log into your accounts, such as a code generated by a mobile app or a fingerprint scan. Although it's becoming more widespread, not all sites and services offer this yet, so having all your logins secured in a vault that's protected this way is a real boon.
Do note, though, that LastPass Free users will have to choose whether they want their accounts on mobile or desktop, with the company saying it will only include access on unlimited devices of one type.
Newcomer NordPass (opens in new tab) is part of NordSec suite of products that also includes NordVPN (opens in new tab). Nordpass offers a very capable password manager with browser plugins for Chrome, Firefox, Edge, Opera, Brave, and Safari, as well as desktop apps for Windows, macOS, and Linux, plus iOs and Android mobile devices. In addition, NodPass has a web vault that allows accessing all of the data on any desktop device via a browser.
As well as storing encrypted passwords, NordPass can also suggest strong passwords as well as offer to safely and securely store credit card and banking details for faster checkouts on ecommerce websites.
With the premium edition, you can then sync this information across up to 6 devices per licence. The free version only allows one, but you get to try out other premium features for 30-days.
Another positive is that there is no limitation to the number of passwords you can save, unlike some others that have restrictions. The software is also constantly updated (as it should be) with some new features, either big or small. For instance, the desktop app recently got a nice quality of life change - a 'switch account' feature, which allows you to switch accounts with just one click, provided you have more accounts, like personal and business.
Overall, though, NordPass is a highly capable password manager that does a little more than would be expected.
There's no free version of Keeper password manager (opens in new tab), but you can try it for 30 days before deciding whether to commit to a subscription. Keeper Security scores highly for offering support for unlimited devices.
As you'd expect from a purely premium product, Keeper is one of the most sophisticated password managers around. Not only does it offer plugins for every major browser, plus mobile apps for iOS and Android, it's also available as a desktop app for Windows, macOS and Linux. There's support for biometric authentication on mobile devices too, and syncs your data across an unlimited number of devices.
Like the paid-for version of Dashlane, Keeper will warn you if any of your passwords appear in a data breach. It will also alert you if any of your passwords are particularly weak, or have been re-used, and help you create strong replacements.
There's an excellent family plan as well. This not only protects the login details of everyone in your household, it also lets you share files securely between one another and offers an encrypted messaging tool that's a solid alternative to WhatsApp if you'd prefer to avoid Facebook products.
Check out our review of Keeper Security
1Password (opens in new tab) is a password manager that aims to deliver protection not just for individuals or organizations, but also provides a shared password protection system for families. 1Password pitches itself as the world's most loved password manager.
There are two main service provisions, with one being for individuals and their families, allowing either a single user or a family of up to five people to use the 1Password service for protected logins. There's also a business service that offers protection for those working from home, as well as teams and enterprises in general.
As well as providing all of the above, 1Password protects you from breaches and other threats, such as keyloggers and phishing attempts, and will only work in verified browsers.
The result is a very secure and competent password manager that covers both personal use as well as corporate use, including working from home, without compromising your security.
LogMeOnce (opens in new tab) is a password management solution that offers cross-platform support, so it doesn't matter what device you use, whether desktop or mobile, your passwords and logins are still accessible as required.
Unusually, LogMeOnce gets rid of the need for a master password by putting in place additional security settings, so that you can't get locked out of your account simply by forgetting your master password.
It's also a service that offers additional security features, which includes the ability to encrypt and store your logins online to help with accessibility.
However, rather than just rely on passwords, LogMeOnce also offers biometric options, such as a selfie, fingerprint, face ID, as well as a PIN or password. The increased number of options means you can apply different levels of security to different logins.
As with other password managers, LogMeOnce is built to provide Single Sign On functionality, so once you're logged in with a service you shouldn't expect to need to keep signing into the self-same service.
Roboform (opens in new tab) is another versatile password manager, with plugins for all the major browsers and mobile apps for both iOS and Android.
The free version is superb, providing you with a secure vault for your logins (though you also have the option of only storing your data on your device if you prefer), an auditing tool to help you identify weak or duplicated passwords, and a password generator for replacing them with strong, unguessable combinations of numbers, letters and special characters.
Unlike LastPass, the free version of RoboForm doesn't sync your passwords across multiple devices. For that you'll need a premium subscription, but prices are very reasonable. You'll also get a host of other useful features, including the ability to share logins securely, multi-factor authentication, and priority 24/7 support.
Check out our review of Roboform
Bitwarden (opens in new tab) is open source software that is user-friendly and highly secure, and includes almost everything individuals, teams, and businesses require in a password manager.
Bitwarden’s basic plans focus on the meat of password management, but even the free plans include multi-device sync, optional self-hosting, and unlimited online storage (opens in new tab). Premium plans include reports on your passwords that highlight things like weak passwords and unsecured websites.
The pad-for plans include features for managing the passwords of a larger workforce, with password sharing, fine-grained access control, user groups, two-step login, and multi-factor authentication.
Bitwarden is not just one of the best free password managers (opens in new tab) available, it’s so usable and feature-packed it could put some paid password managers out of business.
You can read our review of Bitwarden
mSecure password manager (opens in new tab) covers all the essentials you need from password management software. There's no limit on how many entries you can keep and the built-in categories enable you to store much more than passwords. All entries support custom fields and you can also separate entries into groups in lieu of simple tags.
The password generator included in mSecure works well, but it wasn’t our favorite. There's no option to force it to produce human-readable words. As a result, every password is a truly random string that’s hard to type if you don’t have auto-fill enabled. Notably, you also can’t access the password generator without creating a new record in mSecure.
mSecure is a quality password manager for individuals, with customizable templates and syncing across devices. It's also very affordable and capable enough for most individual users. The only major thing missing is secure password sharing for families and teams.
If you need to share passwords between members of a team, Zoho Vault (opens in new tab) offers the granular control necessary. Zoho Vault’s user management, permissions, and password policy features set it apart from personal password managers and you can make batch changes to passwords with ease.
Zoho Vault can integrate with third-party enterprise apps like Gmail (opens in new tab), Dropbox (opens in new tab), Microsoft Active Directory, and Microsoft 365 (opens in new tab). Enterprise users can use Single Sign On (SSO) (opens in new tab) with cloud apps like Salesforce and Slack, and as Zoho Vault has an API, it’s possible to integrate it with any of your own apps.
Zoho Vault has excellent security, fine control over users and passwords, and superb third-party integrations. It’s also inexpensive, and customer support is one of the best we’ve seen in a password manager service.
We don’t particularly recommend it for personal use as most of the features are geared towards teams, making the interface somewhat complex, but it’s an outstanding password manager for organizations and corporates.
The best password managers: How did we choose?
Given the sheer number of options for the best password managers now available, narrowing down the ones to include in this review was no easy task.
First of all, we identified six paid options, selecting those that we felt covered a broad number of use cases - including solutions that are tailored to business users and others that would work well for families.
Any apps that included less run-of-the-mill features, like biometric authentication were also considered. We’ve also come up with a list of the best free offerings. These may have a few limitations when compared to the paid software listed below, but they still hold up as very capable password managers.
Free vs paid password manager: Pros and Cons
Dr. Sid Potbhare, CEO at Untethered Labs, tells us more about the advantages and disadvantages of free and paid password managers especially with regards to businesses and enterprises.
"Password managers are fast becoming the tool of choice to manage our every increasing number of passwords. They are most used to simply store passwords in a “vault” for access using a “master password” - so basically one password to rule them all. However, there are several advanced features that paid password managers provide that can further enhance their usability and effectiveness in keeping your passwords secure.
Free password managers
Once the user is logged in to the password vault, all the save passwords are available to the user to auto-fill or copy and paste, avoiding having to memorize and constantly retype these passwords. These passwords may be saved in the browser itself, and you can get access to them whenever you log on to the computer.
Another feature common across all free password managers (opens in new tab) is that they automatically fill in username, password, and/or OTP on the websites you visit. This auto-fill makes it easier to quickly login to websites without typing usernames and passwords. This way, you can create strong and complex passwords on every website for high security, but conveniently login without typing them. Hopefully the password manager also has password auto-capture. This is when a new password is created on a website, the password manager notices and prompts the user to save the new password for future auto-fill.
Other nice-to-have features typically include the ability to generate random and complex passwords, ability to detect anomalies in the attempted login, ability to use other mechanisms instead of a master password including physical tokens and biometric features. Of course, there are limitations to free password managers that may not meet everyone’s needs. For example, some password managers limit free users by the number of passwords they can save - this can be an unacceptable factor for many.
Paid password managers
As an individual user, paying for a password manager may not get you too many relevant extra features. However, as an enterprise organization, there are significantly more options for password managers.
For starters, deployment of a password manager for your organization is simplified. You can set complexity requirements of the master password for all employees, so that they do not end up setting up simple passwords to protect their credentials.
One of the key advantages of a paid password manager is that you and your employees can securely share passwords with each other. This is a huge advantage when you want to set up complex passwords for critical systems and web applications, and you want to provide access to it to your employees.
Sharing passwords through the password manager makes it easy for a central authority to create, change and even remove the password for all users at once. Also, it reduces the tendency for users to resort to writing passwords on paper because the passwords are now too complex to write anyway. Then providing a more convenient mechanism to share anyway gives users an easier out. Sharing passwords is a significant risk point for password security and overall cyber security posture in general.
Many paid password managers also offer the ability to synchronize the password vault across multiple devices. This is useful when employees are using multiple devices (computers, laptops, phones, etc.) to access accounts through passwords.
Some paid password managers can also be implemented on the organization’s servers, instead of relying on the vendor’s servers. This allows the passwords to not only be stored securely on an organization’s own databases, but also reduces the risk of exposure in case the password manager vendor’s vault is compromised.
Consumers may be able to get away with using a free password manager, but for enterprise organizations, it makes sense to invest in a paid solution because the benefits from the gains in productivity alone simply outweigh the costs."
Should you store your passwords in your browser?
We asked Kevin Mitnick (yes, THAT Kevin Mitnick), Chief Hacking Officer at KnowBe4 whether storing our passwords in your default browser is a good idea. And here's his answer...
"Storing your password in a browser is one method to track your passwords, but there are more secure methods such as using a password manager. Using a central tool to track your credentials provides different security levels not offered by browsers. Having a master password is one main reason.
Browsers store the login information, the credentials within its application, and are readily available to be used when the user visits a website. However, so can cybercriminals or anyone who gains access to your computer, either physically or remotely.
By using a password vault, everything is synced in one location and across multiple browsers. Password vault developers have no access to your vault data, as the user is the only one with the decryption key.
The password vault developers encrypt the vaults if and when they store it in the developer's cloud servers. You, as the user, are the only person with the decryption key. In this case, it's your strong password that secures the password vault and is unlocked when you type in the password to access all of the credentials.
Using multiple browsers like Chrome, Firefox, or Edge presents a challenge to access passwords across various platforms. While the browsers can generate passwords, the security of all your passwords and sensitive information is crucial. Unfortunately, the browsers do not provide any multi-factor authentication when accessing the password vault for the first time when using another computer.
Another misconception is that people try to keep their credentials safe by keeping them in a spreadsheet or document and saving it with a password, but this is by-passable as there are many tools available online that can be downloaded and used to crack the password."
How does a password manager work?
Answered by Craig Lurey, CTO and Co-founder of KeeperSecurity
"At their simplest, consumer-grade password managers store user passwords in an encrypted digital vault that is protected by one “master password,” the only password the user will ever have to remember again. Using their master password, users can access their stored passwords on any device, and the password manager will autofill them on all their sites and apps. Password managers will also automatically generate strong, unique passwords and warn users if their passwords are weak or if they’re reusing passwords across accounts."
Why are there so many password managers?
Answered by Craig Lurey, CTO and Co-founder of KeeperSecurity
"Market demand. =) Password fatigue is real. Most people have dozens, even hundreds of different online accounts. Nobody could possibly keep track of that many passwords on their own, so there’s a demand in the market for a product to make it easier to store and retrieve passwords. When there’s a market demand, vendors will step up to fill it."
(editor's note: password managers are also an easy low-hanging way to add a feature to a security suite. The likes of NordVPN, Norton and others have noticed this already; expect many more to follow suite)
Which password managers have we reviewed?
There are dozens of password managing services and even more applications that offer password manager features. Google Chrome, Microsoft Edge or even Bitdefender Total Security, a popular antivirus solution offer a password manager feature. To make things even more complicated, you have mobile-only password managers that focused primarily on smartphone users, literally dozens of them. At present, we have reviewed more than 20 password managers:
- 1Password password manager
- RememBear password manager
- LogMeOnce password manager
- Keepsolid Passwarden password manager
- KeePassXC password manager
- Keeper Password Manager
- PassCamp password manager
- Bitwarden password manager
- Zoho Vault password manager
- Enpass password manager
- mSecure password manager
- SafeInCloud password manager
- Kaspersky Password Manager
- RoboForm password manager
- LastPass password manager
- Dashlane password manager
- Norton Password Manager
- NordPass password manager
- Stick Password
- Passwd.Team
- Password Boss
- Intuitive Password
- McAfee True Key
- Solarwinds Passportal