Review of the Top 9 Password Managers in 2024: Comprehensive Guide on Features, Pricing, and Usage Tips

Scott Gilbertson

Password managers are the vegetables of the internet. We know they’re good for us, but most of us are happier snacking on the password equivalent of junk food. For nearly a decade, that’s been “123456” and “password”—the two most commonly used passwords on the web. The problem is, most of us don’t know what makes a good password and aren’t able to remember hundreds of them anyway.

The safest (if craziest) way to store your passwords is to memorize them all. (Make sure they are long, strong, and secure!) Just kidding. That might work for Memory Grand Master Ed Cooke, but most of us are not capable of such fantastic feats. We need to offload that work to password managers, which offer secure vaults that can stand in for our memory.

I’m not just talking to you either. When you’re playing tech support for half a dozen family members this holiday season, why not get them set up with a password manager while you’re at it? The whole internet will thank you. Silently.

A password manager offers convenience and, more importantly, helps you create better passwords, which makes your online existence less vulnerable to password-based attacks. Read our guide to VPN providers for more ideas on how you can upgrade your security, as well as our guide to backing up your data to make sure you don’t lose anything if the unexpected happens.

Updated March 2024: We’ve noted some updates to some of our top picks, including some more support for passkeys, along with improvements in 1Password’s autofill feature.

Special offer for Gear readers: Get WIRED for just $5 ($25 off). This includes unlimited access to WIRED.com, full Gear coverage, and subscriber-only newsletters. Subscriptions help fund the work we do every day.

If you buy something using links in our stories, we may earn a commission. This helps support our journalism. Learn more.

Most web browsers offer at least a rudimentary password manager. This is where your passwords are stored when Google Chrome or Mozilla Firefox ask if you’d like to save a password. This is better than reusing the same password everywhere, but browser-based password managers are limited. In recent years, Google has improved the password manager built into Chrome, and it’s better than the rest, but it’s still not as full-featured or widely supported as a dedicated password manager like those below.

WIRED readers have also asked about Apple’s macOS password manager, which syncs through iCloud and has some nice integrations with Apple’s Safari web browser. There’s nothing wrong with Apple’s system. In fact, I have used Keychain Access on Macs in the past, and it works great. It doesn’t have some of the nice extras you get with dedicated services, but it handles securing your passwords and syncing them between Apple devices. The main problem is that if you have any non-Apple devices, you won’t be able to sync your passwords to them. All in on Apple? Then this is a viable, free, built-in option worth considering.

Bitwarden is secure, open source, and free with no limits. The applications are polished and user-friendly, making the service the best choice for most users. Did I mention it’s open source? That means the code that powers Bitwarden is freely available for anyone to inspect, seek out flaws, and fix. In theory, the more eyes on the code, the more airtight it becomes. Bitwarden was also audited for 2022 by a third party to ensure it’s secure. You can install it on your own server for easy self-hosting if you prefer to run your own cloud.

There are apps for Android, iOS, Windows, macOS, and Linux, as well as extensions for all major web browsers. Bitwarden also has support for Windows Hello and Touch ID on its desktop apps for Windows and macOS, giving you the added security of those biometric authentication systems. The web interface (which I frequently use) recently got a redesign, which makes it quite a bit cleaner and easier to use.

Matt Jancer

David Nield

Aarian Marshall

Boone Ashworth

Bitwarden supports passwordless authentication, meaning you can log in with a one-time code, biometric authentication, or a security key. Bitwarden also has excellent support for passkeys, including the ability to log into Bitwarden with a passkey, which means you don’t need to use your username or password even to open your vault. There’s also some extras, like a feature to securely share files (called Bitwarden Send), an authenticator app (paid only), and an extremely active and helpful community.

I like Bitwarden’s semiautomated password fill-in tool. If you visit a site you’ve saved credentials for, Bitwarden’s browser icon shows the number of saved credentials from that site. Click the icon, and it will ask which account you want to use and then automatically fill in the login form. This makes it easy to switch between usernames and avoid the pitfalls of autofill that we mention at the bottom of this guide. If you simply must have your fully automated form-filling feature, Bitwarden supports that as well.

Bitwarden offers a paid upgrade account. The cheapest of the bunch, Bitwarden Premium, is $10 per year. That gets you 1 GB of encrypted file storage and two-factor authentication with devices like YubiKey, FIDO U2F, and Duo, plus a password hygiene and vault health report. You also get priority customer support with a paid account.

After signing up, download the app for Windows, macOS, Android, iOS, or Linux. There are also browser extensions for Firefox, Chrome, Safari, Edge, Vivaldi, and Brave.

What sets 1Password apart from the rest of the options in this list is the number of extras it offers. Like other password managers, 1Password has apps that work just about everywhere, including on macOS, iOS, Android, Windows, Linux, and ChromeOS. There’s even a command-line tool that will work anywhere. There are plug-ins for your favorite web browser too, which makes it easy to generate and edit new passwords on the fly.

1Password was previously our top pick, but the revamped 1Password app went through a stage where it was rough around the edges. I had problems with autofill not working, among other things. I’m happy to say that recent updates have solved those issues, especially the need to reenter your master password every time Chrome updates. Also promising is a beta feature for the browser extensions: When you sign in to a site that you haven’t yet stored a credential for, 1Password will automatically create and save the credential for you after you’ve logged in. That’s a much nicer workflow than the current version, which interrupts your login to ask if you want to save the password.

Matt Jancer

David Nield

Aarian Marshall

Boone Ashworth

I still find BitWarden to be a more economical choice for most people, but there are some very nice features in 1Password that you won’t find elsewhere. If you frequently travel across national borders, you’ll appreciate my favorite 1Password feature: Travel Mode. This mode lets you delete any sensitive data from your devices before you travel and then restore it with a click after you’ve crossed a border. This prevents anyone, including law enforcement at international borders, from accessing your complete password vault.

It’s worth noting that 1Password uses a combination of two keys to unlock your account, your password and an additional generated secret key. While that does add a layer of security that will protect against weak passwords, it also means part of what you need to unlock your passwords is something you did not create. 1Password does make sure you have this key as an item in your “emergency kit,” but I still prefer pairing a self-generated password with a Yubikey.

In addition to being a password manager, 1Password can act as an authentication app just like Google Authenticator, and for added security, it creates a secret key to the encryption key it uses, which means that no one can decrypt your passwords without that key. The downside is that if you lose this key, no one, not even 1Password, can decrypt your passwords. (This can be mitigated by setting up a custom group that has the “Recover Accounts” permission.)

1Password also offers tight integration with other mobile apps. Rather than needing to copy and paste passwords from your password manager to other apps (which puts your password on the clipboard at least for a moment), 1Password is integrated with many apps and can autofill. This is more noticeable on iOS, where inter-app communication is more restricted.

After signing up, download the app for Windows, macOS, Android, iOS, Chrome OS, or Linux. There are also browser extensions for Firefox, Chrome, Brave, and Edge.

I first encountered Dashlane several years ago. Back then, it was the same as its competitors, with no stand-out attributes. However, updates over time have added several helpful features. One of the best is Site Breach Alerts, something other services have since added as well. Dashlane actively monitors the darker corners of the web, looking for leaked or stolen personal data, and it alerts you if your information has been compromised.

Setup and migration from another password manager to Dashlane are simple, with a secret key used to encrypt your passwords. Despite the company not offering a desktop app, it provides add-ons for major browsers as well as iOS and Android apps. Be aware that if a desktop app is vital to you, Dashlane may not be the best choice. A 30-day free trial is available to try out Dashlane before commitment.

After registration,

download the app for Android or iOS, and get the browser extensions for

Firefox, Chrome, and Edge.

Would you like to retain more control over your data in the cloud? Sync your vault manually. These services below do not store any of your data on their servers, meaning attackers have nothing to target. Instead, this data is stored in a local vault, and then you can sync that vault using a file-syncing service like Dropbox, NextCloud or Edward Snowden’s recommended service, SpiderOak. This method may be slightly more complex since you are working with two services, but if you’re already using a file-syncing file service, it could be a good option.

Enpass does not store any data on its servers, and syncing is handled through third-party services. Although Enpass does not handle the syncing, it offers apps on all platforms. This means that once you have the syncing set up, it functions like any other service. And, because your data isn’t on its servers, you don’t have to worry about Enpass being hacked. Enpass supports syncing through Dropbox, Google Drive, OneDrive, iCloud, Box, NextCloud, or any service using WebDAV. Unfortunately, SpiderOak is not currently supported. However, you can also synchronize your data over a local WLAN or Wi-Fi network.

All of the features you expect in a password manager are here, including auto-generating passwords, breach-monitoring, biometric login (for devices that support it), auto-filling passwords, and options to store other types of data, like credit cards and identification data. There’s also a password audit feature to highlight any weak or duplicate passwords in your vault. One extra I particularly like is the ability to tag passwords for easier searching. Enpass also makes setting up the syncing through the service of your choice very easy. Enpass recently added support for passkeys.

Matt Jancer

David Nield

Aarian Marshall

Written by Boone Ashworth

Enpass can be used for free on Windows, Mac, and Linux platforms. The mobile version offers synchronization of up to 25 items in one vault at no cost. If you require to sync more items, you should consider the paid service.

Upon registration, you can download the app for Mac, Windows, Linux, Android, and iOS, and acquire the browser extensions for Chrome, Vivaldi, Edge, and Firefox.

KeePassXC operates similarly to Enpass. Your passwords are stored in an encrypted digital vault safeguarded by a master password, a key file, or both. You are responsible for syncing this database file using a file-syncing service. As soon as your file is hosted in the cloud, you can access it from any device that has a KeePassXC client installed. KeePassXC is open source, allowing its code to be examined for critical flaws, which makes it an ideal choice for advanced users who can handle their problems and support.

The downside to KeePassXC is that it doesn’t have official mobile clients. There are third-party apps on both iOS and Android.

Download the desktop app for Windows, macOS, or Linux and create your vault. There are also extensions for Firefox, Edge, and Chrome. It does not have official apps for your phone. Instead, the project recommends KeePass2Android or Strongbox for iPhone.

Password managers are not a one-size-fits-all solution. Our top picks cover most use cases and are the best choices for most people, but your needs may be different. Fortunately, there are plenty of good password managers out there. Here are some more we’ve tested and like.

Matt Jancer

David Nield

Aarian Marshall

Boone Ashworth

LastPass used to be our favorite free password manager, but then it changed its free plan so you are limited to a single device. If you’re looking for a free service, Bitwarden is a far better choice. More worrying, LastPass has had more bad security breaches than any other service on this page, which led us to remove it from our top picks. We do not recommend using LastPass.

A concerted effort to get rid of passwords began roughly two days after the password was invented. Passwords are a pain—you’ll get no argument here—but we don’t see them going away in the foreseeable future. The latest effort to eliminate the password comes from the FIDO Alliance, an industry group aimed at standardizing authentication methods online. Does this sound a little bit like the infamous xkcd 927? Yes, yes it does. But thanks to the monopolistic nature of devices, it might work this time.

Apple supports the FIDO specs and coined the term passkeys, which has caught on. Passkeys are generated cryptographic keys managed by your device (usually your phone). They’re easy to create—you don’t need to do anything, your device handles the details. Your passkeys are stored on your device and usually protected by either biometrics or PINs. Since passkeys are generated key pairs instead of passwords, there’s nothing to remember. If you are familiar with GPG keys, they’re somewhat similar in that there’s a public and private key; the website you want to log in to has a public key and sends it to your device. Your device compares that to the private key it has and you’re signed in (or not if the keys don’t match). While passkeys aren’t a radical departure, they’re still an improvement by virtue of being a preinstalled tool for people who aren’t going to read this article and immediately sign up to use one of the services above. If millions of people suddenly stop using 12345678 as a password, that’s a win for security.

Written By: Matt Jancer

Co-Author: David Nield

Aarian Marshall

Boone Ashworth

Almost all of the apps we’ve suggested here at least support storing passkeys, which means you can store your passkeys right alongside your passwords. Our two favorites, Bitwarden and 1Password, can generate, save, store, and sync passkeys. Generating new passkeys needs to be done using a browser, which is something of a pain, but it works. Once you have a passkey stored, it will automatically sync to all your devices the same way Bitwarden and 1Password sync your passwords. When you return to that site, your password manager will log you in using the passkey you generated.

Think of passkeys as credit cards next to the cash (passwords) in your wallet. It’s possible that one day passkeys will work everywhere and there will be no passwords, no password managers. In the mean time we think it’s better to stick with a password manager, even if all you’re doing with that manager is storing passkeys.

The best and most secure cryptographic algorithms are all available via open source programming libraries. While this is certainly beneficial as any application can incorporate these ciphers to protect your data, encryption is only as robust as its weakest link, and cryptography alone won’t guarantee the safety of your passwords.

This is what I put to the test: identifying the weakest links. Does your master password get sent to the server? Every password manager insists that it doesn’t, but monitoring network traffic while entering a password sometimes reveals otherwise. I also explore how mobile apps function: do they, for example, leave your password store unlocked but require a PIN to regain access? This may be convenient, but it excessively compromises security. While no password manager is flawless, the ones I’ve tested above represent the best and strike a balance between being as secure as possible and user-friendly.

An effective password manager stores, generates, and updates passwords for you at the click of a button. If you’re open to investing a few dollars each month, a password manager can synchronize your passwords across all your devices. Here’s how they work.

Only one password to remember: To access all of your passwords, you only need to remember a single password. When you enter that into the password manager, it unlocks the vault containing all of your actual passwords. Only needing to remember one password is convenient, but it puts a lot of importance on that single password. Ensure it’s a strong one. If you’re struggling to create this master password, consider reading our guide to better password security. Alternatively, you can use the Diceware method to generate a robust master password.

Apps and extensions: Most password managers are full systems, rather than a single piece of software. They consist of apps or browser extensions for each of your devices (Windows, Mac, Android phones, iPhone, and tablets), which have tools to help you create secure passwords, safely store them, and evaluate the security of your existing passwords. All that information is then sent to a central server where your passwords are encrypted, stored, and shared between devices.

Matt Jancer

David Nield

Aarian Marshall

Boone Ashworth

Fixing compromised passwords: While password managers can help you create more secure passwords and keep them safe from prying eyes, they can’t protect your password if the website itself is breached. That doesn’t mean they don’t help in this scenario though. All the cloud-based password managers we discuss offer tools to alert you to potentially compromised passwords. Password managers also make it easier to quickly change a compromised password and search through your passwords to ensure you didn’t reuse any compromised codes.

You should disable auto form-filling: Some password managers will automatically fill in and even submit web forms for you. This is super convenient, but for additional security, we suggest you disable this feature. Automatically filling forms in the browser has made password managers vulnerable to attacks in the past. For this reason, some, like 1Password, require you to opt into this feature. We suggest you do not.

Don’t panic about hacks: Software has bugs, even your password manager. The question is not what to do if it becomes known that your password manager has a flaw, but what you do when it becomes known that your password manager has a flaw. The answer is, first, don’t panic. Normally bugs are found, reported, and fixed before they’re exploited in the wild. Even if someone does manage to gain access to your password manager’s servers, you should still be fine. All of the services we list store only encrypted data, and none of them store your encryption key, meaning all an attacker gets from compromising their servers is encrypted data.

Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Article

Exploring AI-Based Productivity Tools: My Personal Experience and Outcome

Next Article

Priest Detained for Misappropriating Church Funds for Mobile Gaming Expenses

Related Posts