The best password managers for 2024

Related searches

Over the last year, we saw all the ways password reuse can harm your security posture. The 23andMe attack comes to mind, but generally credential stuffing has been on the rise. Hackers can buy or find your reused passwords to access some of your most sensitive accounts. To prevent yourself from falling victim, password managers can help. They encourage you to switch to unique, strong passwords by removing the burden of memorizing all sorts of different login combinations. We tested out nine of the best password managers available now to help you choose the right one for your needs. 1Password remains our top pick thanks to its zero-knowledge policy, numerous security features and general ease of use, but

How do password managers work?

Think of password managers like virtual safe deposit boxes. They hold your valuables, in this case usually online credentials, in a section of the vault only accessible to you by security key or a master password. Most of these services have autofill features that make it convenient to log in to any site without needing to remember every password you have, and they keep your credit card information close for impulse purchases.

But given that passwords are one of the top ways to keep your online identity secure, the real value of password managers is staying safe online. “It’s just not possible without a password manager to have unique, long and hard-to-guess passwords,” Florian Schaub, an associate professor of information and of electrical engineering and computer science at the University of Michigan, said.

Common guidance states that secure passwords should be unique, with the longest number of characters allowed and uppercase letters, lowercase letters, numbers and special characters. This is the exact opposite of using one password everywhere, with minor variations depending on a site’s requirements. Think of how many online accounts and sites you have credentials for — it’s an impossible task to remember it all without somewhere to store passwords safely (no, a sticky note on your desk won’t cut it). Password managers are more readily accessible and offer the benefit of filling in those long passwords for you.

Are password managers safe?

It seems counterintuitive to store all your sensitive information in one place. One hack could mean you lose it all to an attacker and struggle for months or even years to rebuild your online presence, not to mention you may have to cancel credit cards and other accounts. But most experts in the field agree that password managers are a generally secure and safe way to keep track of your personal data, and the benefits of strong, complex passwords outweigh the possible risks.

The mechanics of keeping those passwords safe differs slightly from provider to provider. Generally, you have a lengthy, complex “master password” that safeguards the rest of your information. In some cases, you might also get a “security key” to enter when you log in to new devices. This is a random string of letters, numbers and symbols that the company will send you at sign up. Only you know this key, and because it’s stored locally on your device or printed out on paper, it’s harder for hackers to find.

These multiple layers of security make it difficult for an attacker to get into your vault even if your password manager provider experiences a breach. But the company should also follow a few security basics. A “zero-knowledge” policy means that the company keeps none of your data on file, so in the event of an attack, there’s nothing for hackers to find. Regular health reports like pentests and security audits are essential for keeping companies up to par on best practices, and other efforts like bug bounty programs or hosting on an open source website encourage constant vigilance for security flaws. Most password managers now also offer some level of encryption falling under the Advanced Encryption Standard (AES). AES 256-bit is the strongest, because there are the most number of possible combinations, but AES 128-bit or 192-bit are still good.

Who are password managers for?

Given their universal benefit, pretty much everyone could use a password manager. They’re not just for the tech-savvy people or businesses anymore because so much sensitive information ends up online behind passwords, from our bank accounts to our Netflix watch history.

That’s the other perk of password managers: safe password sharing. Families, friends or roommates can use them to safely access joint accounts. Texting a password to someone isn’t secure, and you can help your family break the habit by starting to use one yourself, Lisa Plaggemier, executive director at National Cyber Security Alliance, said. Streaming is the obvious use case, but consider the shared bills, file storage and other sites you share access with the people around you as well.

Are password managers worth it?

You likely already use a password manager, even if you wouldn’t think to call it that. Most phones and web browsers include a log of saved credentials on the device, like the “passwords” keychain in the settings of an iPhone. That means you’ve probably seen the benefits of not having to memorize a large number of passwords or even type them out already.

While that’s a great way in, the downfall of these built-in options are that they tend to be device specific. If you rely on an Apple password manager, for example, that works if you’re totally in the Apple ecosystem — but you become limited once you get an Android tablet, Lujo Bauer, professor of electrical and computer engineering, and of computer science, at Carnegie Mellon University, said. If you use different devices for work and personal use and want a secure option for sharing passwords with others, or just don’t want to be tied to one brand forever, a third-party password manager is usually worth it.

How we tested

We tested password managers by downloading the apps for each of the nine contenders on iPhone, Android, Safari, Chrome and Firefox. That helped us better understand what platforms each manager was available on, and see how support differs across operating systems and browsers.

As we got set up with each, we took note of ease of use and how they iterated on the basic features of autofill and password generators. Nearly all password managers have these features, but some place limits on how much you can store while others give more control over creating easy-to-type yet complex passwords. From there, we looked at extra features like data-breach monitoring to understand which managers offered the most for your money.

Finally, we reviewed publicly available information about security specs for each. This includes LastPass, which more experts are shying away from recommending after the recent breach. For the sake of this review, we’ve decided not to recommend LastPass at this time as fallout from the breach still comes to light (The company disclosed a second incident earlier this year where an unauthorized attack accessed the company’s cloud storage, including sensitive data. Since then, hackers have stolen more than $4.4 million in cryptocurrency using private keys and other information stored in LastPass vaults.)