How to Choose the Right Password Manager
Everyone Needs a Password Manager
Nearly every page you visit insists you create a user account and think up a password, from dating apps to hyper-secure banking sites. The human memory can’t keep up with dozens and dozens of these. Some folks get the bright idea to use the simplest possible passwords, things that are easy to remember, like “12345678” or “password.” Others memorize one superbly random password and use it for everything. Either path is likely to make you the latest victim of identity theft.
Don’t be like them—user a password manager. With a password manager you don’t have to remember that strong, unique password for every website. The password manager takes care of that, and even helps you come up with random passwords. We’ve tested and analyzed dozens, so you can pick the password manager that suits your needs best.
All of the products in the chart above earned at least 3.5 stars, and all of them cost money (though you can use some of them for free if you accept certain limitations). If you don’t want to spend money and don’t want limitations, don’t worry. We’ve rounded up free password managers in a separate article. Most of the free tools lack the most advanced features, but they get the job done. Whether free or paid, a password manager is something everybody needs.
The Password Basics
The typical password manager installs as a browser plug-in to handle password capture and replay. When you log in to a secure site, it offers to save your credentials. When you return to that site, it offers to automatically fill in those credentials. If you’ve saved multiple logins for the same site, the password manager offers you multiple account login options. Most also offer a browser toolbar menu of saved logins, so you can go straight to a saved site and log in automatically.
Some products detect password-change events and offer to update the existing record. Some even record your credentials during the process of signing up for a new secure website. On the flip side, a password manager that doesn’t include password capture and replay automation needs to offset that lack with significant other assets.
The Best Password Manager Deals*
- Zoho : Free password manager forever, 15-day free trials on paid editions
- Dashlane : Free password manager (up to 50 passwords)
- LastPass : Free 30-day premium account
- Keeper : 30 percent off unlimited plans
*Deals are selected by our partner, TechBargains
Those who are already using a password manager may find that the grass looks greener in the other app. Most password managers include the ability to export your saved data, or import from other products, easing the process of switching to a new password manager.
Getting all of your existing passwords into the password manager is a good first step. Next, you need to identify the weak and duplicate passwords and replace them with tough ones. Many password managers flag weak and duplicate passwords, and some offer help with the update process. The most advanced ones can automate the password-change process for you.
When you create a new secure account or update a weak password, you don’t want to strain your brain trying to come up with something strong and unique. Why bother? You don’t have to remember it. All but one of our top-rated products include a built-in random password generator. Make sure your generated passwords are at least 16 characters long; all too many products default to a shorter length.
Entering a password like @2a&[email protected] on your smartphone’s tiny keyboard can be tough. Fortunately, almost all of our top password managers can sync across all your Windows, Mac, Android, and iOS devices. A few even let you authenticate on iOS or Android with your fingerprint or face rather than typing the master password. Most include some form of two-factor authentication, be it biometric, SMS-based, Google Authenticator, or something else entirely.
Fill Forms Automatically
Since most password managers can auto-fill stored credentials, it’s just a small step for them to automatically fill in personal data on Web forms—first and last name, email address, phone number, and so on. Most of the top-rated products include a Web form-filling component. The breadth and flexibility of their personal data collections vary, as does their accuracy when matching Web form fields with their stored items. Even if they miss a field or two, the ones they do fill are ones you don’t have to type. Think about how many sites you go to that want all the same information; this feature is a huge time-saver.
Some websites offer to save your address, credit card details, and so on, for convenience. If you accept that offer, you’ve put your personal data at risk. Who knows if the site is storing your deets securely? Equifax certainly didn’t. Just let the password manager fill the form each time. It’s safer.
Different products handle form filling in their own ways. Some immediately fill all recognized fields, some wait for you to click in a field, some pop up and ask what you’d prefer. You’ll even find products that offer your choice of credit cards using realistic images with the correct color and bank logo!
Advanced Password-Management Features
Given that all these products take care of basic password management tasks, how can one product stand out from the pack? One handy advanced feature is managing passwords for applications, not just websites. Another is provision of a secure browser, designed to protect sensitive transactions and invoked automatically when you visit a financial site. And of course automating the password change process is a big plus.
As noted, these top products let you sync your passwords across all of your devices. Some of them also include a built-in mechanism for securely sharing passwords with other users. Some let you share a login without making the password visible, some let you revoke sharing, and with some the sharing goes both ways—that is, if the recipient makes a change it will change the original.
On a grimmer note, what happens to your secure accounts after you’ve died? A growing number of products include some provision for a digital legacy, a method to transfer your logins to a trusted individual in the event of your death or incapacity.
Logging in with your secure username and password to a website that doesn’t use a secure HTTPS connection is a big no-no. Some password managers even warn you about insecure login pages. Even when you do use HTTPS, sniffers and snoops can still learn some things about your activity, such as the simple fact that you’re logging in to the secure site, and the IP address from which you’re connecting. Running your secure connections through a virtual private network, or VPN service, adds an additional layer of protection. Dashlane now includes a simple built-in VPN, and RememBear comes from the same source as the well-regarded TunnelBear VPN.
What’s Not Here
As mentioned above, every product in the chart above earned at least a 3.5-star rating. However, there are a couple of 3.5-star products that didn’t fit on the chart. Authentic8 Silo is primarily a super-secure browser that just happens to also be a full-featured password manager, so it was an easy choice. As for True Key, it gets kudos for its many multi-factor authentication options, but it’s just less well rounded than the other 3.5-star products.
Those with three stars are still good, but they’re not quite up there with the very best. Anything that scored under three stars is just not good enough to make the cut. If you’re looking for a particular password manager that isn’t in this table, we have probably reviewed it, but found it wanting in some way. Note that the blurbs below include everything with a three-star rating or better.
As mentioned earlier, you also won’t find any free password managers here, because they have their own, separate roundup. LastPass and Myki Password Manager & Authenticator are our Editors’ Choice free password managers.
The Top Password Management Software
It’s important for a password manager to offer all the advanced features, but it has to do so while retaining ease of use and avoiding needless complexity. Users who get annoyed or baffled by a password manager may well abandon it, going back to sticky notes, or to using the same password everywhere. Slick and polished Dashlane boasts a ton of features. Keeper Password Manager & Digital Vault has also leapt into the winner’s circle, with a full set of advanced features, a sleek and elegant user interface, and support for every popular platform and browser. You won’t go wrong choosing one of these two Editors’ Choice products.
Even the products not named as Editors’ Choice have their merits; you may prefer one of them. As mentioned, all of the products listed below earned at least three stars.