We are terrible at passwords. We still suck at creating them (two of the most-used passwords remain “123456” and “password”), we share them way too freely, and we forget them all the time. Indeed, the very thing that can ensure our online security has become our biggest obstacle to it. This is what makes a good password manager essential.
A password manager relieves the burden of thinking up and memorizing unique, complex logins—the hallmark of a secure password. It allows you to safely share those logins with others when necessary. And because these tools encrypt your login info in a virtual vault—either locally or in the cloud—and lock it down with a single master password, they protect the passwords themselves. If you’re looking to fortify your security game, a password manager does that. Yes, web browsers are starting to offer password management features, but they’re not good enough.
Mind you, password managers vary widely in capabilities and cost; we compared several of the most popular. All support Windows, Mac OS, Android, and iOS, as well as the major browsers. And all will let you sync your data across multiple devices, though you may have pay extra for that privilege.
Here are our top picks, followed by tips on what to look for when shopping for a password manager. Once you’ve found the right password manager for your needs, head over to our guide on mastering your password manager.
1. LastPass – Best overall password manager
LastPass ticks all the boxes on our password manager wish list. It makes it a breeze to create unique, complex passwords; capture and manage login credentials; sync them across multiple devices; and share them with others you trust. Its password auditing and updating features help you identify and eliminate weak or duplicate passwords with just a mouse click or two. LP also stores credit card numbers and other personal data to autofill web forms when you’re making a purchase, signing up for a service, or paying a bill.
LastPass supports a range of multi-factor authentication options for protecting your vault, including app-based authenticators like Symantec VIP and Google Authenticator, hardware tokens like YubiKey, and fingerprint readers.
Read our full
2. Dashlane – Best overall runner-up
Dashlane is the strongest contender for LastPass’s crown. It has a beautiful interface, is easy to use, and is stocked with features to help you strengthen your online security. Chief among these is a stellar security dashboard that grades your passwords and suggests actions for boosting your score and your protection. Dashlane is free for a single device, but if you want syncing across multiple devices you’ll need a paid plan: the $60-per-year Premium plan or the $90-per-year Family plan that covers six accounts. These prices are at the higher end, high quality of the program notwithstanding. That’s why Dashlane is our runner-up.
Read our full
3. Keeper – Most security-minded
It’s a consumer’s market when it comes to password managers. While we have our clear favorites above, Keeper is a very strong contender in its own right. It takes security issues just a notch above. For instance, it eschews an automatic password update feature as it would require even temporary access to your credentials. It’s a solid choice in all respects as well.
Read our full
While most password managers require a master password to access your password vault, LogMeOnce relieves you of having to remember even that. It uniquely offers the option of a PIN, biometric, or photo login to access your vault.
Read our full
5. Password Boss
Password Boss is a perfectly decent password manager. It hits all the basic features you’d expect—easy creation and storage of credentials for your various accounts. It lacks a couple of the extras that our top picks offer, however, like automatic password updates and a web interface. That drops it down a tier.
Read our full
Password Boss review
With so many strong options to choose from, a password manager needs to fill some pretty big shoes to stand out. Alas, NordPass, while being a fine password manager, and certainly capable of getting the job done, still can’t match the dollar-for-dollar value of it’s most polished peers.
Read our full
What to look for in a password manager
At their most basic, password managers capture your username and password—usually via a browser plugin—when you log in to a website, and then automatically fill in your credentials when you return to that site. They store all your passwords in an encrypted database, often referred to as a “vault,” which you protect with a single master password.
Of course, most password managers do much more than this and many extend protection beyond your login credentials to other types of personal data. We narrowed it down to a few essential features that we looked for and you should too:
- Password generation: You’ve been reminded ad nauseam that the strongest passwords are long, random strings of characters, and that you should use a different one for each site you access. That’s a tall order. This is what makes password generation—the ability to create complex passwords out of letters, numbers, and special characters—an indispensable feature of any good password manager. The best password managers will also be able to analyze your existing passwords for weaknesses and upgrade them with a click.
- Autofill and auto-login: Most password managers can autofill your login credentials whenever you visit a site and even log you in automatically. Thus, the master password is the only one you ever have to enter. This is controversial, though, as browser autofill has long been a security concern, so the best managers will also let you toggle off this feature if you feel the risk outweighs the convenience.
- Secure sharing: Sometimes you need to share a password with a family member or coworker. A password manager should let you do so without compromising your security.
- Two-factor authentication: To an enterprising cybercriminal, your password manager’s master password is as hackable as any other password. Increasingly, password managers support multi-factor authentication—using a second method such as a PIN, a fingerprint, or another “trusted device” for additional verification—to mitigate this risk. Choose one that does.
- Protection for other personal data: Because of how frequently we use them online, credit card and bank account numbers, our addresses, and other personal data can be securely stored in many password managers and automatically filled into web forms when we’re shopping or registering an account.
No online security measure is 100 percent foolproof, though, as we were reminded when LastPass, one of the most reputable password managers, recently scrambled to fix a pair of vulnerabilities that could have compromised users’ passwords and their computers. And just last month, OneLogin was victim of a breach that compromised customer data, including the ability to decrypt data.
Still, most security experts agree that password managers are still the safest way for people to manage their myriad logins, and we agree that the benefits far outweigh the risks. Just choose your password manager carefully after researching all the options starting with the guide. We also have a guide to the best free password managers.
Editor’s note: Because online services are often iterative, gaining new features and performance improvements over time, our reviews are subject to change in order to accurately reflect the current state of the services.
Michael Ansaldo is veteran consumer and small-business technology journalist. He contributes regularly to TechHive and PCWorld.