Choosing a new password can be a daunting task. It can be hard to decide what to go for. Should you choose your pet's name? Your favorite teacher from high school? You can't be careless when it comes to passwords. You want your data protected and personal information secured, which means it's risky to rely on weak passwords like simple number sequences or your name. Even though it may be easier to remember and use, it's dangerous. The people looking to take your information are pros at password cracking, so you need to be diligent in defending your accounts. That's where a password manager comes in.
Unless you want to constantly safeguard a hard copy list of all your passwords, you might want to consider a. It can help you seamlessly oversee and handle all of your login credentials for any online account and maintain airtight password security. They're also handy when it comes to autofilling forms and syncing your data across Windows PCs and Macs, , , and more.
Editors' note, Jan. 12, 2023: In December 2022, LastPass revealed that the breach it originally disclosed in August had eventually led to an unauthorized party gaining access to unencrypted user data and customer vaults containing even more data. This breach significantly undermines LastPass's effectiveness as a privacy tool and consumer trust in the product. In light of the severity of this latest breach and given LastPass's lengthy history of security issues, we have decided to remove LastPass from our list of recommended password managers at this time. If you're a LastPass subscriber, take a look at in the wake of the breach, or see the LastPass section below for more information. We will be conducting a thorough re-review of LastPass in the near future.
What is a password manager, and why do you need one?
A password manager is essentially an encrypted digital vault that stores secure password login information you use to access apps and accounts on your mobile device, websites and other services. In addition to keeping your identity, credentials and sensitive data safe, the best password managers also have a password generator to create strong, unique passwords and ensure you aren't using the same password in multiple places. (Password generation really comes in clutch when you can't come up with yet another unique password on the fly for the latest must-have app.)
With the constant news of security breaches and identity theft, having a unique password for each location can go a long way to ensuring that if one site gets hacked, your stolen password can't be used on other sites. You're basically using multiple passwords to create your own security features.
Plus, with a manager, you don't have to remember the various other pieces of information, such as shipping addresses and credit card information. With just one master password, or in some cases a PIN or your fingerprint, you can autofill a form or password field. Some also feature online storage and an encrypted vault for storing documents.
All our best password manager picks come with either free versions or as a free trial -- and typically let you securely store passwords for one device -- although our pick for the best free manager can be used for syncing across multiple devices. And all handle hardware authentication through YubiKey.
Our best password security manager picks also feature subscription options that let you sync your secure password login information across devices, share credentials with trusted family and friends, and get access to secure online storage. And if transparency is important to you, several of our picks are open-source projects. We also look at what a password manager is, its security features and the basics of how to use one.
Note that these password manager services are independently chosen by our editors. We update this story periodically as new options become available or as prices change.
- Open-source, secure and transparent
- Free version can be used across unlimited devices and device types
- Premium subscriptions start at $10 per year
- Works with: Windows, MacOS, Linux, Android, iPhone and iPad. Browser extensions for Chrome, Firefox, Safari, Edge, Opera, Vivaldi, Brave and Tor
Bitwarden leads the list of the best password managers for 2023 thanks to both its open-source roots and its unbeatable -- and unlimited -- free version. This lean encryption software can generate, store and automatically fill your passwords across all of your devices and popular browsers, including Brave and Tor, with competitive security strength.
Its free version lacks some of the bells and whistles of our other picks, but its premium versions are just as feature-rich. Just like its closest competitors, a Bitwarden premium subscription allows you to share passwords, logins, memberships and other items with trusted family and friends, use multifactor authentication through YubiKey and get 1 gigabyte of encrypted storage. Although it has fewer features than the premium version, Bitwarden's free version also offers a one-to-one texting feature called Bitwarden Send which allows you to securely share login information with another person.
If you're looking for a user-friendly free service with an excellent security reputation for password management, it's hard to pass up Bitwarden, which made it into CNET's Cheapskate Hall of Fame as the best free password manager. Plus it has a password sharing feature so you can share all your login info with another person. For $10 a year, you can add 1GB of encrypted file storage. And for $40, you can opt for the Families Organization plan, which allows for six individual accounts with unlimited sharing between them. Both subscription tiers come with a 30-day money back guarantee.
- Offers 14-day free trial
- Base price: $35.88 per year
- Works with: Windows, MacOS, Linux, Chrome OS, Android, iPhone and iPad. Browser extensions for Chrome, Firefox, Safari, Edge and Opera
If you're looking for a trusted password manager app to keep your login information private and secure, 1Password is the best password manager for the task, letting you access your accounts and services with one master password. It's available for all major device platforms.
This nicely designed password manager lacks a free version, but you can check it out for 14 days before signing up. (Alas, that's down from the earlier 30-day trial period.) An individual subscription runs $36 a year and comes with 1GB of document storage and optional two-factor authentication through Yubikey for additional security. A travel mode lets you remove your 1Password sensitive data from your device when you travel and then restore it with one easy click when you return, so that it's not vulnerable to border checks.
Biometric authentication can be used to access your password vault on Mac and iOS operating systems, you can use Touch ID to unlock 1Password, and on iOS devices you can use Face ID as well. For $60 a year, you can cover a family of five and access password sharing, credit card information and anything else among the group with a single password manager app. Each person gets their own password vault, and it's easy to control who you share information with and what they can do with it.
You can also create separate guest accounts for password sharing to share Wi-Fi connection passwords, for example, or home alarm codes with guests.
What about LastPass?
LastPass recently disclosed a creating or changing passwords.that built on an . The incidents allowed "an unknown threat actor" to (including names, email and billing addresses, phone numbers and IP addresses) along with encrypted files. While the latter files remain protected by users' master passwords, the ongoing chain of incidents mean that existing LastPass customers -- at the very least -- should ensure their master passwords are secure, meaning they follow best practices when
Previously, we had selectedas our "best paid password manager." However, because of the severity of these incidents, we've decided (as of late December 2022) to temporarily remove LastPass from our list of recommendations, pending a re-review of the service in early 2023. Potential customers and anyone who's uncomfortable with LastPass's continuing security challenges should take a close look at the alternatives presented elsewhere in this story.
Other free and paid options worth considering
Bitwarden and 1Password are solid, affordable (or free) password keepers, and in a straw poll of CNET staffers, they were about neck-and-neck in use. But if you find none of our recommended password managers works quite how you want, a handful of other apps are worth considering. These all have free versions available.
- Offers limited free version (unlimited passwords on one device)
- Base price beyond free: $60 a year
- Works with: Windows, MacOS, Android, iPhone and iPad. Browser extensions for Chrome, Firefox, Safari, Internet Explorer, Edge and Opera
Dashlane provides a simple and secure way to manage your passwords and keep notes and other login information stored. Just for managing passwords, we like it as much as our picks, but the free Dashlane app limits you to one device. The $60 Premium subscription is similar to the plan from 1Password. The $90 Family & Friends subscription allows for up to 10 individual accounts and dark web monitoring.
- Offers limited free version (unlimited passwords on one device)
- Base price beyond free: $35
- Works with: Windows, MacOS, Linux, Android, iPhone and iPad. Browser extensions for Chrome, Firefox, Safari, Internet Explorer, Edge and Opera
Keeper is another secure password manager that helps you manage login info on Windows, MacOS, Android and iOS devices. A free version gives you unlimited password storage on one device. The step-up version costs $35 a year and lets you sync passwords across multiple device options. For $75 a year, you can also get 10GB of secure file storage and dark web monitoring.
- It's free
- Donations accepted
- Works with: Windows, MacOS, Linux, Chrome OS, Android, iPhone and iPad, BlackBerry, Windows Phone and Palm OS. Access via the web plus popular browser extensions. (Except for the official Windows, MacOS and Linux versions, KeePass for other platforms are unofficial ports.)
KeePass, another open-source software password manager, started on Windows but has since added native MacOS and Linux apps and has been ported using the same code base to Android and iOS. On the plus side, it's totally free and endorsed by the Electronic Frontier Foundation. On the other hand, it's really for advanced users only: Its user interface takes a bit of fiddling to get all the independently built versions of KeePass to work together.
What about NordPass?
There's been a shift in the market for VPN and antivirus software in the past few years. Many of the companies behind these software packages are expanding them to become wider software suites. Case in point:now offers NordPass, a dedicated password manager.
We're looking forward to giving NordPass a closer look as the password manager's pricing and feature offering appears to have gotten significantly more robust and competitive since it was first introduced in 2019.is another password manager from a VPN provider we're excited to review in the future, so check back as we update this story.
What about Norton Password Manager?
Norton also offers a password manager as part of its antivirus and identity theft packages. We haven't specifically reviewed Norton's password manager, if only because it doesn't appear to have a feature set that beats any of our preferred options above. If and when that changes, we'll check it out in more detail.
In the meantime, be aware that approximately 8,000 Norton Password Manager userslast December in which their full names, phone numbers and mailing addresses were potentially compromised. Users may have also had their vault data compromised in the attack. Though Norton said its internal systems themselves weren't targeted or accessed in the credential-stuffing attack, the bottom line is that Norton customers' personal information and passwords may have been stolen by an unauthorized party. The incident nonetheless serves as a reminder that password managers are attractive targets for cybercriminals -- and that it's more important than ever to create strong passwords and use a quality password manager to secure them.
Password manager basics
Still need more info on what password managers are, and why they're better than the alternatives? Read on.
How does a password manager work?
To get started, a password manager will record the username and password you use when you first sign in to a website or service. Then the next time you visit the website, it will autofill forms with your saved password login information. For those websites and services that don't allow automatic filling, a password manager lets you copy the password to paste into the password field.
If you're stuck picking a good password, a manager can generate a strong password for you and watch that you aren't. And if you use more than one device, you want a manager that is available across all your devices and browsers, so you can access your passwords and login information -- including credit-card and shipping information -- from anywhere through the manager app or its browser extension. Some provide secure storage so you can store other items too, such as documents or an electronic copy of your passport or will.
Take note: Many password managers keep the master password you use to unlock the manager locally and not on a remote server. Or if it's on a server, it's encrypted and not readable by the company.
This ensures your account stays secure in case of a data breach. It also means that if you forget your master password, there may not be a way to recover your account through the company. Because of that, a few password managers offer DIY kits to help you recover your account on your own. Worst-case scenario, you start over with a new password manager account and then reset and save passwords for all your accounts and apps.
What makes for a secure password?
When trying to avoid a weak password, a good password should be a long string of capital and lowercase letters, numbers, punctuation and other nonalphanumeric characters -- something that's difficult for others to guess, but a snap for a password manager to keep track of. And despite what you may have heard, once you select a good complex password or passphrase,.
Can I use a web browser to manage my passwords and login information?
You can certainly use Chrome, Safari or Firefox to manage your passwords, addresses and other login data. You can even set up a master password to unlock your credentials within a browser. And while using an online browser's password tool is certainly better than not using a password keeper at all, you can't easily access your passwords and other login info outside of the browser or share login info with others you trust.
What about iCloud Keychain?
Through iCloud Keychain, you can access your Safari website usernames and passwords, credit card information and Wi-Fi network information from your Mac and iOS devices. You can access your passwords on Windows too through the Chrome and Edge browsers and iCloud for Windows. This cloud storage option is great if you largely live in Apple's world. But if you venture far outside the Apple universe, iCloud Keychain comes up short.
Can a password manager get hacked?
Even the best password managers can sometimes have security vulnerabilities and can sometimes even be hacked. However, a quality password manager will always be based on a zero-trust security model. This means that your master password along with all of your other stored passwords and data are encrypted at the device level and never accessible to the password manager or any other outside party. So even if a password manager did get hacked, an attacker would not be able to access the contents of your vault.
However, if someone did happen to get a hold of your master password, they could get access to your vault. Keeping your devices secure and enabling features like multifactor and biometric authentication can be a big help in mitigating the risk of that happening.
How do I set up a password manager?
Setting up a password manager is typically very straightforward and easy. First, you'll need to choose the password manager that best fits your needs and create an account. As you're setting up your account, you'll need to set your master password. Make sure your masterbut memorable, and not one you've used elsewhere. Then, you can download the password manager's app to your devices and the browser extension to the browsers that you use.
Once you've downloaded the apps and browser extensions, you can start filling your vault with passwords and other information. Most password managers offer a way to import your stored passwords from a .csv file, browser or other password manager. This makes it easy to get started instead of having to enter each username and password manually. Once you've got your passwords loaded into your vault, you're all set. You'll be able to go to your online accounts and have your password manager automatically fill in your login credentials without having to remember a single one.
David Gewirtz contributed to this story.