Password managers are akin to the vegetables of the internet. While we acknowledge their benefits, many of us find ourselves gravitating towards the digital equivalent of junk food when it comes to passwords—think “123456” and “password,” the web’s most frequently used choices for nearly a decade. The issue lies in our lack of understanding regarding what constitutes a strong password, coupled with the impossibility of remembering a plethora of them.
While the ideal scenario would involve committing all passwords to memory (ensuring they are long, robust, and secure), this feat is typically beyond the capabilities of most individuals. Herein lies the value of password managers, which offer secure vaults to serve as a digital surrogate for our memory.
And it’s not just about you. When you find yourself playing the role of tech support for numerous family members during the holiday season, consider setting them up with a password manager. The entire internet will appreciate your efforts, albeit silently.
A password manager not only provides convenience but also aids in crafting stronger passwords, thereby reducing the vulnerability of your online presence to password-based attacks. For additional measures to enhance your security, explore our guide on VPN providers, as well as our recommendations for backing up your data to mitigate the risk of unexpected losses.
Why not use your browser?
Most web browsers offer a basic password manager. (This is where your passwords are stored when Google Chrome or Mozilla Firefox prompt you to save a password.) While this is better than reusing the same password everywhere, browser-based password managers have limitations. Google has made improvements to the password manager in Chrome, but it still lacks the advanced features and widespread support found in dedicated password managers.
Users often inquire about Apple’s macOS password manager, which syncs via iCloud and integrates well with Apple’s Safari web browser. While there’s nothing inherently wrong with Apple’s system, it lacks some of the additional features provided by dedicated services. However, it effectively secures your passwords and syncs them across Apple devices. The downside is that if you own non-Apple devices, you won’t be able to sync your passwords to them. If you’re fully committed to Apple products, though, this built-in option is worth considering as it’s free and readily available.
Bitwarden
Bitwarden prides itself on being secure, open source, and free with no limits. The applications are designed to be polished and user-friendly, making it the top choice for most users. Notably, it’s open source, meaning the code driving Bitwarden is freely available for anyone to inspect, identify flaws, and contribute fixes. The platform underwent a third-party audit in 2022, further ensuring its security. For those inclined, it’s even possible to install Bitwarden on your own server for easy self-hosting.
The availability of Bitwarden is expansive, with apps catering to Android, iOS, Windows, macOS, and Linux users, as well as extensions compatible with all major web browsers. Additional security features include support for Windows Hello and Touch ID on desktop apps for Windows and macOS, bolstering biometric authentication options. Recently, the web interface underwent a redesign, enhancing its usability.
Bitwarden supports passwordless authentication, offering flexibility with one-time codes, biometric authentication, or a security key. It also boasts robust passkey support, allowing users to access Bitwarden without requiring their username or password. Beyond these essentials, Bitwarden offers extras such as secure file sharing (via Bitwarden Send) and an authenticator app (available with a paid account), coupled with a vibrant and supportive community.
A standout feature is Bitwarden’s semiautomated password fill-in tool, simplifying login processes. When visiting a site with saved credentials, the browser icon indicates the number of saved credentials from that site. A simple click prompts Bitwarden to automatically fill in the login form, streamlining the user experience and mitigating the risks associated with autofill functionality.
For those seeking additional features and support, Bitwarden offers paid upgrade accounts. The most affordable option, Bitwarden Premium, priced at $10 per year, provides 1 GB of encrypted file storage, two-factor authentication compatibility with devices like YubiKey, FIDO U2F, and Duo, along with a password hygiene and vault health report. Additionally, users receive priority customer support with a paid account.
1Password
1Password stands out from other options in this list due to its wealth of extras. Like its counterparts, 1Password provides apps compatible with various platforms, including macOS, iOS, Android, Windows, Linux, and ChromeOS. Additionally, it offers a versatile command-line tool that functions across different environments. The inclusion of plug-ins for popular web browsers simplifies tasks like generating and editing passwords on the go.
While 1Password was previously our top choice, it underwent a period where the revamped app experienced some rough patches. Issues such as autofill malfunctions were reported. However, recent updates have addressed these concerns, notably resolving the inconvenience of having to reenter the master password after every Chrome update. A promising beta feature for browser extensions automatically creates and saves credentials for newly accessed sites, streamlining the login process.
Despite BitWarden being a more cost-effective option for many users, 1Password offers unique features not found elsewhere. For frequent travellers, the standout feature is Travel Mode, enabling the deletion of sensitive data from devices before crossing borders and restoring it afterwards. This safeguards the complete password vault from unauthorized access, including by law enforcement at international borders.
It’s important to note that 1Password employs a two-key combination to unlock accounts, comprising the user’s password and an additional generated secret key. While this enhances security against weak passwords, it introduces the reliance on a key not created by the user. 1Password ensures users have this key as part of their “emergency kit,” though some may prefer pairing a self-generated password with a Yubikey for added security.
In addition to its primary function as a password manager, 1Password doubles as an authentication app, akin to Google Authenticator. Furthermore, it employs a secret key for the encryption key, ensuring password decryption requires this key. However, losing this key renders the passwords irretrievable, although this risk can be mitigated by setting up a custom group with the “Recover Accounts” permission.
1Password also boasts seamless integration with other mobile apps, eliminating the need to manually copy and paste passwords. Its autofill feature works within numerous apps, enhancing user experience, particularly noticeable on iOS where inter-app communication is more restricted.
Dashlane
My first encounter with Dashlane was several years ago. At that time, it didn’t possess any standout features compared to its competitors. However, updates introduced over time have incorporated several beneficial functionalities. One notable addition is Site Breach Alerts, a feature now also offered by other services. Dashlane actively scans the depths of the internet for leaked or stolen personal data and promptly notifies users if their information has been compromised.
Setting up Dashlane and migrating from another password manager is straightforward. Similar to BitWarden, users employ a secret key to encrypt their passwords during setup. In practice, Dashlane operates much like its counterparts on this list. Notably, the absence of a desktop app from the company may be a consideration for some users. However, since I primarily utilize passwords within the web browser, this aspect doesn’t significantly impact my experience. Dashlane provides browser add-ons for all major browsers, in addition to iOS and Android apps. If a desktop app holds importance for you, it’s worth noting this omission. Dashlane offers a 30-day free trial, allowing users to test its features before making a commitment.
Don’t panic about hacks
The software has bugs, even your password manager. The question is not what to do if it becomes known that your password manager has a flaw, but what you do when it becomes known that your password manager has a flaw. The answer is, first, don’t panic. Normally bugs are found, reported, and fixed before they’re exploited in the wild. Even if someone does manage to gain access to your password manager’s servers, you should still be fine. All of the services we list store only encrypted data, and none of them store your encryption key, meaning all an attacker gets from compromising their servers is encrypted data.
