With a password manager, you can forget about remembering all of your passwords.
Our brains are not well equipped to store and recall dozens of complex, unique passwords for all of our online accounts. Remembering even a single complex password is a feat in itself. This is why many people resort to the unsafe, risky practice of reusing the same often weak, easy-to-recall password across their online accounts.
A weak password is just as easy for criminals to hack as it is for you to remember. Once your password has been compromised, you're vulnerable to credential stuffing attacks, which can result in many of your online accounts being breached. At that point, you may as well tweet out all of your online login credentials to the world.
A password manager is an online service that provides an encrypted vault where you can store the login credentials for all of your online accounts so you don't have to remember them. You only need to remember a single master password to access the encrypted vault -- from which you can access all of the other passwords you have stored. Password manager services usually offer user-friendly web interfaces, apps or browser extensions where you can access your encrypted vault using your master password.
The best password managers are cross-platform-compatible and can automatically sync your entire vault across all of your devices. This means that once you've entered your passwords into the password manager on one device, they'll automatically show up on all your other devices on which you've installed the app -- whether you're using Windows, MacOS, Linux, iOS, Android or a browser extension. Keep in mind that, by their nature, password managers are extremely attractive targets for cybercriminals, so it's important that you choose one with a track record for security and transparency.
NordPass estimates that the average internet user has between 70 and 80 passwords. It's virtually impossible to remember each individual complex password that you should be creating for each account, which means you need another mechanism to keep track of them all.
Using a password manager is a far more effective and convenient mechanism for keeping track of your passwords. You can use one to create strong, unique passwords that are exponentially more difficult to hack than something like Fido1986. And if you're unsure of how to create a strong password, a good password manager will always include a strong password generator feature that will create them for you. A password manager can even help guard against phishing attacks because if the password manager doesn't recognize the URL on which you're entering your login credentials (i.e. if you're on a phishing site), its autofill function won't offer to fill the credentials.
And password managers have benefits beyond just storing passwords. You can use your password manager to securely store other items including credit card numbers (to autofill in online stores), identification documents, travel documents, medical records, PIN codes, bank account numbers and secure notes. Many of the top password managers also offer additional features like cloud storage and attachments, password health reports, data breach notifications and dark web monitoring (which alerts you if any of your personal information has been detected on the dark web). You can also use your password manager to securely share passwords and other items with family members, friends or other trusted contacts.
Bitwarden is a solid choice if you want a well-rounded premium password manager that's secure, transparent, budget friendly and easy to use -- or if you want a legitimately unlimited password management solution for free.
Bitwarden sits at the top of our list of the best password managers for a number of reasons. First and foremost, Bitwarden is fully open-source, secure and audited annually by third-party cybersecurity firms. This level of transparency sets Bitwarden apart from its peers in an industry that depends so profoundly on trust.
Another thing that sets Bitwarden apart from the rest is its unbeatable free plan. While other password managers impose limitations on the number or types of devices you can use, or the number of vault items you can store, Bitwarden's free plan lets you store an unlimited number of passwords and use it across an unlimited number of devices. Though it doesn't offer all the features its premium plans do, Bitwarden's free plan still offers many premium-tier features like secure sharing with another user, access to Bitwarden Send (which you can use to securely share passwords with anyone), two-factor authentication, encrypted vault export and a username and password generator.
In addition to the base features on the free plan, Bitwarden's premium plans offer full vault health reports, 1GB file storage, emergency access (where you can designate a trusted contact to access your vault in case of an emergency), Bitwarden authenticator and advanced multifactor authentication with YubiKey, FIDO2 and Duo. Premium plans are budget-friendly at $10 per year for individuals and $40 per year for families, which allows for up to six users.
You can access your Bitwarden vault using its web client or its apps across virtually any platform you can think of, including Windows, MacOS, Linux, Android, iOS and browsers like Chrome, Safari, Firefox, Brave, DuckDuckGo and even the Tor Browser. Bitwarden's interface is simple and easy to use across platforms, and sharing passwords and other vault items with others is straightforward. There are a lot of options to customize your overall experience, from the look and feel of the app to browser integrations and universal and granular security settings. Through the web interface, you can also access various reports that flag whether your email address has been included in a data breach, which accounts have reused passwords or weak passwords and if any accounts are still using passwords that have been exposed in a data breach.
1Password is the password manager for you if you're looking for a solution that's a breeze to use on all your devices and includes some really handy extras. Its Travel Mode feature makes 1Password an ideal choice for anyone traveling on business, students studying abroad, journalists or digital nomads.
1Password is a trusted, highly secure password manager that is brimming with useful features. The user interface is slick and intuitive across all platforms, including Windows, MacOS, Linux, Android, iOS and browsers like Chrome, Safari, Firefox and Brave. Its autofill functionality works seamlessly as you log in to your accounts across the web or enter credit card information while online shopping. Sharing passwords and other vault items with others is also simple. You can securely share items with others whether or not they use 1Password. And if you have a family subscription, you can share any number of vault items with up to five friends or family members as well as up to an additional five guests (who only have access to a single vault).
While 1Password doesn't have its own data breach monitoring tool, it does offer HaveIBeenPwned integration in its Watchtower feature. Watchtower is 1Password's version of a password health report feature, which includes information on vulnerable passwords that were exposed in a data breach, detects reused and weak passwords and flags any sites where you haven't activated two-factor authentication.
1Password's Travel Mode is a unique feature that's especially useful for individuals that travel often, especially to destinations that may impose strict government surveillance. With Travel Mode activated, vault items that you haven't marked in the app as "Safe for Travel" will be temporarily erased from the app on all of your devices. This helps keep things like any particularly sensitive login information or financial information inaccessible to any authorities who may ask you to unlock your device for inspection. When you deactivate Travel Mode, all of the items temporarily hidden are automatically restored.
1Password is slightly on the more expensive side, comparatively, at $36 per year for individual users or $60 per year for families. There is no free plan available, but each subscription includes a 14-day free trial to start.
NordPass is the password management solution developed by Nord Security, the folks behind the popular virtual private network NordVPN (one of CNET's top VPN picks). Nord's password manager is relatively new, but has upgraded its offering in the past year with a slew of features that has brought it up to speed with its peers and has helped it earn a spot among our top password manager picks. If you're already a NordVPN user, or otherwise already in the Nord Security ecosystem and you're looking for a top-notch password manager, then NordPass is a no-brainer.
While not quite as robust as Bitwarden's free tier, NordPass's free plan is more than serviceable. With NordPass's free plan, you can store an unlimited number of vault items across all of your devices and you get access to additional basic features like a password generator, advanced multifactor authentication and automatic sync. With the premium plans, you also get password health reports, data breach scanner and monitoring, secure sharing, password history, emergency access, passkey integration and the ability to attach up to 50 files to each vault item, totaling up to 3GB.
The NordPass interface is well designed and easy to navigate. It works seamlessly across all platforms including Windows, Mac, Linux, Android and iOS, along with browser extensions on Chrome, Firefox, Edge, Brave, Safari and Opera. Its free plan is great if you want something that can get the job done for free, but its premium tiers are reasonably priced at $24 per year for individuals or $44 per year for a family account that covers six users. If you sign up for a free plan, you also get a generous 30-day free trial of Premium. Premium subscriptions also carry a 30-day money-back guarantee.
Keeper is a solid option for anyone who wants a family plan with generous amounts of cloud storage and continuous dark web monitoring or anyone who may need offline access to their vaults while traveling or in areas with spotty internet.
Keeper is a secure and well-established password manager with an easy-to-use interface and all of the features you need in a password management solution, plus a few extras. Like the other password managers highlighted above, Keeper lets you store and sync an unlimited number of vault items across an unlimited number of devices. But the number of platforms you can use the service on is a little more limited than most other password managers. You can access your Keeper vault via its web interface or its apps on Windows, MacOS, Linux, Android and iOS. The only Keeper browser extensions available are for Chrome, Firefox, Safari, Edge and Opera, which is fewer than what most other premium password managers offer.
Securely sharing vault items is simple and straightforward. You can either share an item indefinitely, or opt for a one-time share that's only accessible on a single device for a set amount of time. Keeper also offers a dark web monitoring feature called BreachWatch on top of its password security audit report. The BreachWatch feature continuously monitors the dark web and issues an alert if it detects that any of your credentials have been compromised. Another useful feature is Keeper's offline mode, which allows you to access your vault items even while offline. This can be useful if you're somewhere with zero or limited internet access and need to access items from your vault.
Keeper doesn't offer a free plan, but you can take advantage of its 30-day free trial to see if it's right for you. Standard pricing is on par with 1Password at $35 per year for individuals, but its family plan is $15 more at $75 per year for a family of five (which includes 10GB of file storage).
Dashlane is a fine password manager that's easy to use and has a decent set of features, but it doesn't offer anything extraordinary compared to the others that would justify its relatively steep pricing. The free plan lets you store an unlimited number of passwords, but is limited to a single device -- which may work for you if you only have one computer or mobile device. But if you want to sync multiple devices with Dashlane's free plan, you're out of luck. I found Dashlane's MacOS app to be a bit buggy in certain instances while sharing vault items, and the password generator isn't as robust as what others offer.
Still, Dashlane costs $33 per year for the individual plan and $90 per year for a family plan that covers up to 10 users. The family plan includes access to a virtual private network from Hotspot Shield, a middling VPN solution that falls short of cracking CNET's best VPN list. The VPN service is only available to the admin of the family plan, and there's no option to purchase a family plan for cheaper without the VPN or by reducing the number of licenses in the plan. But if you have a large family or want to share a password manager with a lot of your friends, then Dashlane could be a good fit for you.
Enpass is unique in that it allows you to store your vault in a location of your choosing. It doesn't have centralized servers that store your data. You can either store your vault on your devices themselves, or in your own personal cloud storage like Dropbox or iCloud. Unless you're storing it on your own device, you'll need to trust the third-party cloud service you're using just like you'd need to trust any other password manager with your vault. But with your vault stored locally on your device, you can access your vault items while offline or in areas of limited internet access.
Enpass is a great option for anyone who wants complete control over the storage of their password manager vaults and anyone who may be jaded by the way LastPass has failed to secure user vaults. If that's you, and you don't mind using an app that's a bit outdated and clunky but still fully functional, then give Enpass a look. There's a ton of options for customizations as well, so it's a solid option for the more techy crowd or anyone who likes to tinker around. Enpass costs $24 per year for individuals or $36 for the first year (then $48 per year) for a family plan that includes six licenses. You can also purchase a lifetime individual plan for $100.
KeePass is completely open source and completely free. It's a powerful password manager, but geared primarily toward the techie crowd. The interface is outdated and cumbersome to navigate compared to what other password managers offer. KeePass is optimized for use on Windows machines, but unofficial ports for other platforms including MacOS, Linux, Android and iOS are available for download on the site. But if you have a great deal of technical know-how and want a free password manager that's open source and highly customizable, then KeePass may be an option for you.
Apple's built-in password manager for Macs and iOS devices is probably already familiar to most Apple users. It's a secure and convenient password manager solution that's included with your Apple ID at no additional cost. It includes basic features like storing and autofilling your passwords and other items like credit card numbers and passkeys, but it lacks the full breadth of options offered by other premium password manager solutions. You can set up iCloud Keychain on a Windows machine as well, but you'll need to initiate the process from your Apple device. So it's really only a viable (albeit very basic) password manager solution if you already own an Apple device.
See iCloud Keychain details at Apple
ExpressVPN, CNET's Editors' Choice best overall VPN, is getting into the game with a new password management solution called Keys. The password manager is currently in beta and only available to a select number of ExpressVPN users, but will be rolled out more broadly and included with all ExpressVPN accounts at a later date. Though it's still in beta, Keys is already a feature-rich password manager that's intuitive and user-friendly. Keys offers many of the features that other top password managers offer, including a customizable password generator, password health reports, 2FA, auto-sync and autofill. Express also just added an authenticator feature to Keys, which can generate six-digit time-based one-time passwords (TOTP) that rotate every 30 seconds. The TOTP feature is only available to select Android users at this time, but will be rolled out universally in the near future, Express said.
Keys will be available as a browser extension on Chrome, Edge, Opera, Brave and Vivaldi, and included on ExpressVPN's iOS and Android apps. Once Keys is rolled out to all users, it will be an ideal password manager choice for ExpressVPN users. I'm impressed with the service so far, and it's evident the Express team is working continuously to improve the offering and add new features. But at this point, it doesn't belong among the top picks because it's still in beta and not available to all ExpressVPN users yet, let alone to folks who don't use ExpressVPN. Once it is rolled out broadly to all ExpressVPN users, it would be nice to see Keys also made available to non-users as well, à la NordPass.
LastPass is one of the most well-known and popular password managers on the market, with more than 33 million personal users and 100,000 business users, according to the company. However, in light of its lengthy history of security incidents -- including the data breach at the end of 2022 in which an "unauthorized party" stole customer account information and sensitive vault data -- CNET cannot in good conscience recommend LastPass to our readers.
Even considering that LastPass has completed its investigation into the incident and has prioritized "investments in security, privacy and operational best practices" in the wake of the breach, the password manager remains off CNET's list at this time. The alarming nature of that latest data breach has severely undermined trust in the company's security tool for individual consumers and businesses.
That said, CNET will be conducting a thorough re-review of the service in the future, after which we will reevaluate whether LastPass has earned an opportunity to appear on our list of best password managers again. In the meantime, you can turn to any of the password managers featured above.
Most password manager setups are simple and straightforward. Typically, once you've decided on a password manager and signed up for the service you'll be prompted to create a master password. Your master password should be a strong password or passphrase that you can remember, but haven't used for any other logins. The master password is the one password you need to access your password manager vault. The next step is to download the app or browser extension to the devices you plan to use the service on. You can also opt to use the web-based user interface if you prefer (if offered by the service you choose).
Once you've signed up and gotten acquainted with the app, it's time to start adding passwords and other vault items you want to keep secure. If you have passwords stored in a web browser or other password manager, you can easily import them to the new password manager (most password managers have simple instructions on how to do this). If you don't have passwords saved in another location, you can either manually enter the login credentials or you can have your password manager automatically save your credentials when you log into one of your online accounts. Once you've got your passwords saved, you can use your password manager to autofill the login credentials for the accounts you have stored in your vault.
Password managers are extremely attractive targets for cybercriminals -- and yes, they can be hacked, as we've seen with LastPass. However, all of the password managers listed above (including LastPass) operate on a zero-knowledge approach to password management, meaning that not even the company storing your vault data has the ability to decrypt the information contained within. Only the user can decrypt and access their own vault. Similarly, the password managers featured above do not have access to your master password.
All of this makes it difficult for an attacker to actually gain access to the passwords and other items in your vault. In the case of the latest LastPass breach, attackers were able to steal encrypted user vaults. So all the attacker would need to do is crack the master password for a stolen vault to access everything inside, which would be an easy task if the master password is weak. The best way to protect your data in case of a similar breach is to create a strong master password.
A strong password should ideally be a minimum of eight characters, including upper and lower case letters, numbers and symbols. You can also create passphrases that consist of randomly strung-together words. The best password managers offer customizable password generators that you can use to create truly random passwords and passphrases based on the criteria you select. The longer and more complex the password or passphrase, the better.
There are a few legitimate free password manager options for anyone who wants to securely store their passwords without paying a dime. Bitwarden is CNET's recommendation for the best free password manager, thanks to it including a broad feature set and allowing for an unlimited number of vault items on an unlimited number of devices at no cost. NordPass is another password manager that offers a legitimate free plan that is almost as good as Bitwarden's. If you're more technically inclined, you can opt for KeePass, which is completely free and unlimited, but not as easy to use as many others.