Everyone Needs a Password Manager
Forgetting the password for an important website can send you down the rabbit hole of figuring out the password reset procedure. It’s really tempting to use something so simple you won’t forget it, or to memorize just one tricky password and use it everywhere. However, doing so is setting yourself up for major pain when some hacker guesses your simple password. And if that complex, tricky password gets exposed in a breach, all your accounts are in danger. The only solution is to use a different password for every account, and make them both long and random, like [email protected] There’s no way you can remember dozens of strong passwords like that, so you absolutely need a password manager.
What’s that you say? You can’t afford to buy yet another security tool? In truth, you can’t afford not to. The potential hit, financial and otherwise, that could result from using weak passwords could cost you plenty. Never fear. Quite a few password managers cost precisely nothing, and some of them come close to the best paid password managers.
Your typical password manager integrates with the browser and captures the username and password when you log in to a secure site. Occasionally, you’ll find one that doesn’t automate password capture and replay, but these may have other virtues, such as unusually strong securiyt or filling in passwords for secure applications, not just webpages.
The best password managers capture your credentials during account creation; when you change your password online, they offer to update the stored password for that site. Of course, password capture only works if the password manager recognizes that you’re logging in to a secure site, so non-standard login pages can cause trouble. Some products cleverly solve this problem by letting you manually capture all data fields on a page. Others actively analyze popular secure sites whose login pages don’t fit the norm, creating scripts to handle each site’s oddball login process.
When you revisit a site for which you’ve saved credentials, most password managers automatically fill the saved data, offering a menu if you’ve saved more than one set of credentials. Another handy (and common) feature is a browser toolbar menu of available logins, so that with one click you can navigate to a site and log in. One great thing about free password managers is that you can try several and find out which one you like best. If you’re thinking of making such a survey, look for products that can import from other password managers. Otherwise, you’ll have to go through the password capture process over and over for each candidate.
The point of adding a password manager to your security arsenal is to replace your weak and duplicate passwords with strong, unguessable passwords. But where do you get those strong passwords? Most password managers can generate strong passwords for you; many let you take control of things like password length, and which character sets to use. The very best ones offer a password strength report that eases the process of identifying and fixing poor passwords. A very few can even automate the password-change process.
Filling in usernames and passwords automatically isn’t so different from filling other sorts of data in Web forms. Many commercial password managers take advantage of this similarity and thereby streamline the process of filling forms with personal data. Not many free password managers offer this feature.
When you put all of your passwords into one repository, you had better be really, really careful to protect that repository. Yes, your master password should be as strong as possible, but you really need two-factor authentication to foil any possible hack attack. Two-factor authentication could be biometric, requiring a fingerprint, facial recognition, or even voice recognition. Some password managers rely on Google Authenticator or apps that emulate Google Authenticator; others use an authentication code texted to your smartphone. Allowing access only from registered, trusted devices is yet another form of two-factor authentication.
Speaking of smartphones, many of us are just as likely to log into a secure site from a mobile device as from a desktop computer. If that describes you, look for a password manager that can sync your credentials between your desktop and the mobile devices that you use. Most password managers use encrypted cloud storage to sync between devices. A few keep your data entirely local, syncing between databases on different devices without keeping anything in the cloud.
In addition to using your passwords on multiple devices, you may find you want to share certain logins with other users. Not all free password managers support secure sharing; many of those that do allow you to share the login without making the password visible. A very few let you define an inheritor for your passwords, someone who will receive them in the event of your demise.
Free Editions of Paid Programs
If you’re willing to give up a little something, you can use many for-pay password managers for free. If you see a paid password manager with features you like, check out its conditions. You may be able to get it without paying. For example, some companies let you use all the features of their product for free if you give up syncing across multiple devices. RoboForm is one that’s free for use on a single device, no syncing. Dashlane, too—but it also imposes a limit of 50 passwords for free users.
Another common tactic is to let you use the product for free, but limit the number of passwords you can store. The limit for free usage tends to range between about five and 15 passwords. If you can stick to that, you needn’t pay. If not, the company will happily accept your payment for upgrading to the paid edition.
The Top Free Password Managers
LastPass and Myki Password Manager & Authenticator are our Editors’ Choice picks for free password management. LastPass has a feature set that goes way beyond most of its free competitors. Myki also boasts a wealth of features, and the fact that it stores your passwords locally rather than using the cloud is a huge plus for those worried about password security. If you’re concerned about security, you should also read our best antivirus and best VPN roundups.
Pros: Syncs passwords across Windows, macOS, Android, and iOS devices. Two-factor authentication. Actionable password strength report. Secure sharing. Password inheritance. Automatic password change.
Cons: Some new personal data types rather complex. No new interface in Opera and Internet Explorer. Some components out of date.
Bottom Line: LastPass offers advanced password management features that few free competitors offer, and it has an updated user interface. However, some of its features are a bit dated.
Pros: Data stored securely on smartphone, not cloud. Browser extensions for any platform. One-click authentication. Replaces Google Authenticator. Password strength report. Secure sharing. Free.
Cons: Password strength report less effective on iOS. New form-filling ability limited to browser extensions, and not fully effective in testing.
Bottom Line: The free Myki Password Manager & Authenticator stores passwords on your smartphone, not in the cloud. Its slick interface and enhanced features make it an excellent, secure choice.
Pros: Syncs across Windows, macOS, Linux, iOS, and Android. Many options for authentication. Secure Wallet fills credit card data, displays card images. New, streamlined interface. Vast number of features, many of them unique.
Cons: SMS-based two-factor authentication costs money. Vast number of features may overwhelm users. Displays advertisements.
Bottom Line: The free, skillfully redesigned LogMeOnce Password Management Suite Premium boasts more features than any competitor, free or paid. But do you need all of those features?
Pros: Supports all popular platforms and browsers. Broad import capabilities. Secure sharing. Two-factor authentication. Generates passwords and fills forms. Free.
Cons: Edge extension not working correctly. Limited support for iOS.
Bottom Line: The free, open-source Bitwarden handles all expected password manager tasks and adds features such as secure sharing and two-factor authentication.
Pros: Outstanding authentication through facial biometrics, including liveness detection. Sync among one Android/iOS device and multiple desktops. Predefined templates for popular sites. Secure password sharing. Free!
Cons: No import from competing products. Can’t capture two sets of credentials for one site. Syncing not entirely automatic. Some important features are mobile-only. Weak password generator. No password-strength rating.
Bottom Line: Powerful biometric authentication is the star feature in 1U Password Manager. The password manager itself is pretty basic, however, and it could use some user-interface work.
Pros: Highly secure. Uses smartphone for authentication. Flexible secure sharing. Works on any platform. Free.
Cons: No automated password capture or replay. Limited import ability. No report on weak or duplicate passwords. No web form filling.
Bottom Line: The unusual cloud-based WWPass PassHub works on any platform and is very secure, but it doesn’t automatically capture or replay passwords. It’s a good password manager for those who value security over convenience.
Pros: Syncs passwords across all your Windows, macOS, Android, and iOS devices. Two-factor authentication. Free.
Cons: Doesn’t fill web forms. Lacks secure sharing, digital inheritance. Security status details require upgrade to paid edition.
Bottom Line: Avira Password Manager performs the basics of password management on all your devices, but it doesn’t offer form-filling, secure sharing, and other advanced features in the best competitors.
Pros: Syncs across many platforms. Secure sharing. Automatic password capture. Can sub for Google Authenticator. Generates strong passwords. Free.
Cons: Password replay not fully automated. Offers insecure sharing option. Not free for mobile use. Didn’t capture some common sites in testing. Syncing requires third-party cloud storage.
Bottom Line: Enpass Password Manager stores your passwords locally, or uses third-party cloud storage for syncing. It handles the basics, with some quirks, but lacks account inheritance and other advanced features.
Pros: Handles passwords for any website or application. Powerful, versatile password generator. Two-factor authentication. Imports from many competitors. More than100 plug-ins add features. Includes keylogger-foiling features.
Cons: Lacks automatic password capture. Password replay launched manually. Synchronizing among devices is complicated. No mobile support.
Bottom Line: KeePass 2.34 is the most configurable password manager around, but many of the convenient features we’ve come to expect are available only through third-party plug-ins.
Pros: Syncs passwords across all your Windows, iOS, and Android devices. Norton Safe Web rates website safety. Actionable password strength report. Automatic password change. Free.
Cons: Form-fill feature currently does not handle address data. Features not in sync across different platforms and browsers. No macOS support. No two-factor authentication, secure password sharing, or digital inheritance.
Bottom Line: Symantec Norton Password Manager now offers an actionable password strength report with automatic updating. The new feature set isn’t consistent across all platforms, however, and you don’t get secure sharing or digital inheritance.