You have lots of options for password managers, and when it comes to your security, you want the best possible tool for the job. Let's take a look at some of the most popular password managers and compare them side-by-side so you can pick the one that's right for you.
Photo by Sergay Nivens
Considering the security required for a password manager, you have a surprising number of choices here. We spent some time with all of them, then picked the following five because they hit the sweet spot between reliability, features, security and support (and not surprisingly, the best five were those picked in our last password manager Hive Five). With that said, we'll also talk about some of the other options at the end too. Let's start by taking a look at the basic feature set of our top five choices. In this table, 3P indicates support via a third-party app, not the original developer. (If you're on a mobile device and can't read the whole table, click here to see it in graphic form.)
|Password strengh report||Yes||Yes||Yes||Yes||Yes|
|Automatic password changing||Yes||Yes||No||Yes||No|
|Secure password sharing||Yes||Yes||Yes||Yes||No|
|Two-factor authentication||Yes||Yes||Yes (3P)||No||Yes|
|Security notes||Yes||Yes||Yes (3P)||Yes||No|
Features aren't everything — usability, support and security also matter. These are the basic features that each of these password managers offer:
- Password generation: The only secure password is one you can't remember, and you need a different one for every account you use — which means a password generator comes in really handy. All of the password managers on this list will do that for you when you sign up for a new account on a web site.
- Form filling: Every password manager here will also fill out your name, address, and other information automatically on other sites. This option isn't specifically related to passwords, but hey, it's super-handy.
- Secure password sharing: Each of the password managers here support sharing passwords securely with other people. They each handle this a little differently, but if you need to share a password with a co-worker or family member, this feature is one of the easiest (and most secure) ways to do so.
- Secure Notes: If you want to store extra passwords for Wi-Fi networks or any personally identifiable information, all of these password managers include a secure notes section.
Next, let's take a look at how each of these password managers differ — and what they charge — to help you pick the one that's right for you.
- Browser extensions and a dedicated Mac app: With browser extensions, you can use LastPass with just about any browser out there, without the need for an extra app on your computer. Once you get it set up, your login and password information are saved securely on LastPass's servers, and you can access them from any computer which has the extension installed. The Mac app adds a few more features to the extensions, including a faster search and a better way to browse your passwords outside your browser.
- Mobile apps: If you do a lot of browsing on your phone or tablet, you can take your LastPass passwords with you. The apps themselves are free, but they require a LastPass Premium account ($US12/year) to actually use. LastPass is available on Android and iOS like everything else on this list, but you can also get it on Windows Phone and Blackberry.
- Password audits: LastPass will scan your vault to check for weak passwords and help you create more secure ones. It will also show you a score on the screen so you can quickly see how strong the bulk of your passwords are.
- Automatic password changes: After a site gets hacked, it's generally advisable to change your password for that service (and any other service on which you used the same password). LastPass keeps a database of hacks around the web and will alert you when you have an account that's been compromised. From there, you can change your password with just a click.
- Two-factor authentication: LastPass supports two-factor authentication through services like Google Authenticator, Grid, YubiKey and more.
Where LastPass fails: LastPass is free if you're only using it on your computers, but the extra features and mobile apps do cost $US12/year. That might sound like a lot over the course of your life, but with a subscription system you're more likely to get more features and better support. That said, even after a much-needed update, the interface is still a bit clunky, and it takes a while to get the hang of. Likewise, LastPass stores your (encrypted) passwords in the cloud, which some might not be comfortable with, but this is done in a fashion that's quite secure and keeps them safe from hackers. LastPass has been very good about notifying users immediately if an incident occurs, and if you have two-factor authentication enabled you should be safe in the case of any password breaches.
Who LastPass is for: LastPass is a great all-around solution for people who just want to keep their passwords safe. It has enough advanced features, even in the free version, to make it worthwhile for most power users. LastPass' real appeal, though, is the fact that anyone can get started using it really quickly (provided they can navigate the clunky UI). With the exception of mobile access, most of LastPass' best features are available for free, so if you don't need to get your passwords on the go, it's easily your best option. LastPass also has the widest mobile support of all the password managers, with apps on Android, iOS, Windows Phone and Blackberry, so if you're not an Android or iOS user, it's your best bet.
Where LastPass fails a bit in basic interface, Dashlane truly excels. It's packed with a lot of features and is incredibly easy to use, even if you're not the most computer-savvy person out there. Here's what you'll get with Dashlane:
- Browser extensions, Windows and Mac apps: Dashlane works primarily from its desktop apps, but browser extensions allow you to integrate that data into your browser too. This means that you can set up Dashlane to store your data and sync online if you want, or keep it locally if you don't want those passwords going anywhere. Unlike LastPass, you'll need the Windows or Mac apps installed to use the browser extensions.
- Mobile apps: If you want to use the free mobile apps, you'll have to shell out for a subscription. Dashlane's is $US40/year.
- Password audits: Dashlane has a handy security score screen where you can check for weak or duplicate passwords, then automatically change them in a click if a hack is reported. Likewise, Dashlane will alert you if a security breach is reported.
- Automatic password changes: One of Dashlane's more impressive features is the Password Changer. Just log into your Dashlane account, click the checkboxes next to any passwords you want to change, and Dashlane will automatically change them on each individual site, all at once.
- Two-factor authentication: Dashlane supports two-factor authentication through Google Authenticator.
- Digital Wallet: Dashlane's digital wallet stores all your credit card information, then automatically saves receipts and screenshots of your online purchases. If you're using the mobile apps, that information goes with you too.
Where Dashlane fails: If you want features like syncing and web access to passwords, Dashlane is quite costly pricey at $US39.99/year. However, you do get a lot of bang for your buck, and the app is constantly being updated with new features and security improvements.
Who Dashlane is for: If you're willing to pay the $US39.99/year for Dashlane, it's definitely one of the easiest password managers to use. The breach notifications, consistent UI and range of features makes it a better entry-level password manager than LastPass if you're willing to shell out the cash. The automated, bulk password changes also make it a great choice for anyone who doesn't want to spend the time altering passwords.
KeePass is the only truly free option that's any good, and it's also open source, which is immediately appealing to a lot of people. That said, KeePass works a lot differently than some of the more modern options. KeePass stores all your passwords locally, and doesn't have a syncing service — though you can sync your passwords through Dropbox with a plug-in. Beyond that, its feature set is drastically different to your other options.
- Official Windows, Mac, and Linux apps: KeePass is officially available on Windows, Mac, and Linux. It integrates with your system to fill out passwords not just online, but everywhere else on your computer as well. KeePassX is a clone that alters the look and feel of the original a bit, if you're looking for something different.
- Unofficial mobile apps: Officially, the KeePass team doesn't make any mobile apps, but since it's open source, other people have. You can find a massive list of various ports for iOS, Android, Blackberry and more here. Just remember that you'll need to manually sync your passwords to your mobile device, since KeePass won't do it for you.
- Portability: KeePass doesn't require installation on your system, which means you can carry it around on a USB stick from computer to computer easily.
- Plug-ins add tons of features: Besides being free and open source, the truly unique thing about KeePass is the support for plug-ins. With them, you can completely alter how KeePass works. This includes adding syncing through service like Google Drive or Dropbox, adding enhanced search, creating password strength reports and many more.
Where KeePass fails: KeePass is a decidedly more hands-on password manager than the other options here, which means it's not as simple as something like Dashlane. It would be hard to recommend KeePass to anyone who isn't computer literate, even though it is the only completely free option. KeePass also doesn't have the handy security alerts and automatic password changing features of some of the other paid options.
Who KeePass is for: If you're willing to put in the effort to set it up, KeePass is incredibly powerful and well supported. Since it offers offline access and gives you complete control of your encrypted passwords, it's perfect for anyone who doesn't want to keep their data stored on a third-party server. If you're the tinkering type who likes to really customise your software, KeePass is definitely worth trying.
Like LastPass and Dashlane, 1Password takes the "simple is better" approach to a password manager and sports the best-looking software suite of the bunch. While it might look the same as its rivals at first glance, it has its own special twist on the password manager approach. It includes:
- Windows and Mac apps, with integrated browser extensions: 1Password works similarly to Dashlane: you need the desktop app installed, but you can easily integrate it into your browser with extensions for Chrome, Firefox, Safari and Opera. The nice thing about 1Password is the fact you can use it locally only, or sync to the web if you want to use it across devices. You can sync through Dropbox, iCloud, Wi-Fi or shared network folders. You'll need to download a single licence of the desktop apps for a one-time fee of $US50.
- Mobile apps: 1Password has free apps available on iOS and Android. Uniquely, you can download and use these apps for free without paying for the desktop companion, but you won't get the syncing features.
- Password audits: 1Password will take a look at all your existing passwords, then audit them for duplicates, weak passwords and old passwords. The Watchtower service will monitor your passwords and alert you to any breaches that require you to change your password right away.
- Two-factor authentication: Instead of supporting a variety of two-factor authentication services, 1Password acts as its own authenticator if you're a paid user of the apps. This allows you to generate one-time passwords for a variety of services. It does not support two-factor authentication to access your 1Password account, though, which is a pretty big downside.
- Digital wallet: 1Password includes a digital wallet that organises and securely stores any personal information you want. You can set it up to store credit cards, IDs, passport numbers, and just about anything else.
Where 1Password fails: While it's the only password manager on here that offers a one-time payment option, the $US50 entry fee to use 1Password is a bit high for some people. Thankfully, there is a demo available if you just want to check it out. While most people are only using Windows, Mac, iOS and Android, the lack of support for other operating systems does limit its usage a little. The lack of a two-factor authentication method is also a pretty big security hole and a major disadvantage compared to your other options.
Who 1Password is for: If you're a fan of good design, 1Password is easily the best looking password manager on this list. It's constantly getting updates and new features, so you know that your $US50 is well spent. If the thought of paying an annual subscription for Dashlane or LastPass is a turn off, 1Password's the way to go.
Roboform has been around for a long time, and while it's not the most innovative password manager out there, it does its primary job very well. It has:
- Windows, Mac and Linux apps: Roboform is available on all the major platforms, including on a USB stick, which makes it easy to transfer from computer to computer. The apps themselves integrate right into Chrome, Firefox, Internet Explorer and Safari. Like 1Password, you can sync your password in the cloud or store your passwords locally only.
- Mobile apps: Roboform is available for Android, iOS and Windows Phone for free.
- Start page: If you log into the same sites every day, Roboform has a handy start page where you can easily log into a bunch of different sites at once.
Where Roboform fails: Roboform is easily the least feature-packed on this list, and at $US9.95/the first year and $US19.95/every year after, it's hard to justify why you'd pick Roboform over something like LastPass. If you're only interested in the desktop version and not the syncing features, you can grab the Windows or Mac apps for a one-time fee of $US29.95. Roboform has been around a long time and has a incredibly good history of solid security. For a password manager, that's a very important thing.
Who Roboform is for: Roboform's lack of advanced features have one very specific advantage: it's incredibly easy to use. It generates passwords, logs you into sites, and that's it. There's no extra fluff, no wasting time checking password security (assuming you're already up to snuff), or anything else. If you've been using strong passwords for a while, Roboform is a nice, barebones option that does just what it's supposed to do and nothing else.
Other, Lesser-Known Options
As we mentioned at the start of this post, there are a lot of different password managers in existence. Most don't stray too far from the feature set of the above five though, and many are held back by extreme pricing models or platform availability. That said, if none of the above work for you, these may be worth checking out:
- Password Safe: Password Safe was created with the help of security technologist Bruce Schneier, so you know it's one of the most secure password managers out there. That comes at the cost of convenience. The free version of Password Safe is only available on Windows (The Mac clone is $18.99), and it doesn't integrate with browsers. Heck, it doesn't even create passwords for you, it's simply a vault. But it's a very secure vault.
- Keeper: Keeper does the basics of a password manager and adds in a handy file vault as well. The pricing is a bit on the higher side though, with a single device costing $US10/year and multiple devices running you $US30/year.
- PasswordBox: PasswordBox is a free password manager that has all the features you'd expect, but it's hard to recommend at the moment as it's in a transitional period after being bought out by Intel Security. On paper, that sounds like a good thing, but it's difficult to gauge what software support will be like from here on out.