I’m a password expert – and these are my top five tips for picking the right password manager

password manager example — (Image credit: Getty Images)

If you’ve never used a password manager before, it can be a seriously daunting task to try and pick the right one.

There are so many features to consider and it can be very hard to decide which features matter the most to you.

That’s why I have put together this guidance on the top five things to look out for when deciding on a password manager.

Encryption

The type of encryption a password manager uses is one of the most important factors. It can have all the bells and whistles in the world, but will fall flat if it doesn’t use a good encryption algorithm.

Most password managers use an AES-256 encryption algorithm, which is the industry standard. AES-256 is perfect for many of the threats we face today, and is even considered safe against quantum decryption methods that, as of today, are not yet technologically viable.

But some encryption methods take it a step further. xChaCha20 for example offers better performance over AES-256 encryption algorithms, particularly on mobile devices.

Autofill

Now, it is one thing to be able to store all your passwords securely, but another thing entirely to be able to enter them into a website or app hassle free. A reliable autofill feature is one of the most important factors to look for in a password manager.

There is nothing worse than heading to a login page and the autofill doesn’t work, especially if you use the best practices for every single password. Having to go back and forth between an app and a login page wastes time and is hugely frustrating.

The only thing worse than autofill not working is when it does work, but you’ve been tricked into navigating to a phishing page. It might look identical to the real thing, with a URL that looks almost correct, but an unsecured autofill feature could hand over your credentials to a hacker.

That is why you should choose an autofill feature that does more than just enter your credentials. It should be able to recognize when a phishing page or dodgy login is about to happen, and refuse to enter the credentials.

Syncing

Having your passwords available on every device is a must in the modern world. You might not always have access to your phone to check your passwords. That’s why having a strong syncing option is essential for a password manager.

In order to reduce friction when switching between devices, many password managers offer a web browser extension that syncs your passwords between the app and your browser. In order to make the best choice, choose a password manager that supports syncing across a wide range of browsers, operating systems, and devices.

Authentication

This is a big one to look out for in today’s world. You can have all the best security tools and features, but still fall for a well crafted phishing email. That is why apps with phishing resistant authentication support are so well regarded.

Multi-factor authentication does add an extra step in the log in process, but it is worth having to do if it keeps nefarious actors out of your account. A hacker could have your exact username and password combination, but a good authentication method will keep them out.

Authentication comes in many forms, from push notifications and SMS codes, to biometric scans and physical security keys. A good password manager should offer support for authentication, or even provide an authenticator app.

Passkey support

Passwords aren’t the be-all and end-all for account security. The world is making a gradual move towards passkeys.

Passkeys are the next logical step in account security. Rather than using a series of characters, passkeys rely on pairs of cryptographic keys to verify your login attempts. Passkeys are verified using biometrics such as a facial scan or fingerprint, or a PIN, and are immune against phishing attacks.

The problem for now is that not every organization, website, and password manager supports passkeys. We are currently in a middle phase between the two, but the eventual plan is to scrap passwords altogether.

So, while we are transitioning, it is important to use a password manager that offers good passkey support, including autofilling, cross device support, and sharing.

Google logo on a black background next to text reading 'Click to follow TechRadar'

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Benedict is a Senior Security Writer at TechRadar Pro, where he has specialized in covering the intersection of geopolitics, cyber-warfare, and business security.

Benedict provides detailed analysis on state-sponsored threat actors, APT groups, and the protection of critical national infrastructure, with his reporting bridging the gap between technical threat intelligence and B2B security strategy.

Benedict holds an MA (Distinction) in Security, Intelligence, and Diplomacy from the University of Buckingham Centre for Security and Intelligence Studies (BUCSIS), with his specialization providing him with a robust academic framework for deconstructing complex international conflicts and intelligence operations, and the ability to translate intricate security data into actionable insights.