Choosing a new password can be a daunting task. It can be hard to decide what to go for. Should you choose your pet's name? Your favorite teacher from high school? You can't be careless when it comes to passwords. You want your data protected and personal information secured, which means it's risky to rely on weak passwords like simple number sequences or your name. Even though it may be easier to remember and use, it's dangerous. The people looking to take your information are pros at password cracking, so you need to be diligent in defending your accounts. That's where a password manager comes in.
Unless you want to constantly safeguard a hard copy list of all your passwords, you might want to consider a. It can help you seamlessly oversee and handle all of your login credentials for any online account and maintain airtight password security. They're also handy when it comes to autofilling forms and syncing your data across Windows PCs and Macs, , , and more.
What is a password manager, and why do you need one?
A password manager is essentially an encrypted digital vault that stores secure password login information you use to access apps and accounts on your mobile device, websites and other services. In addition to keeping your identity, credentials and sensitive data safe, the best password managers also have a password generator to create strong, unique passwords and ensure you aren't using the same password in multiple places. (Password generation really comes in clutch when you can't come up with yet another unique password on the fly for the latest must-have app.)
With the constant news of security breaches and identity theft, having a unique password for each location can go a long way to ensuring that if one site gets hacked, your stolen password can't be used on other sites. You're basically using multiple passwords to create your own security features.
Plus, with a manager, you don't have to remember the various other pieces of information, such as shipping addresses and credit card information. With just one master password, or in some cases a PIN or your fingerprint, you can autofill a form or password field. Some also feature online storage and an encrypted vault for storing documents.
All our best password manager picks come with either free versions or as a free trial -- and typically let you securely store passwords for one device -- although our pick for the best free manager can be used for syncing across multiple devices. And all handle hardware authentication through YubiKey.
Our best password security manager picks also feature subscription options that let you sync your secure password login information across devices, share credentials with trusted family and friends, and get access to secure online storage. If you're looking to save on a subscription, check out our coverage of Cyber Monday deals to see special offers on password managers and other cybersecurity offerings. And if transparency is important to you, several of our picks are open-source projects. We also look at what a password manager is, its security features and the basics of how to use one.
Note that these password manager services are independently chosen by our editors. We update this story periodically as new options become available or as prices change.
- Open-source, secure and transparent
- Free version can be used across unlimited devices and device types
- Premium subscriptions start at $10 per year
- Works with: Windows, MacOS, Linux, Android, iPhone and iPad. Browser extensions for Chrome, Firefox, Safari, Edge, Opera, Vivaldi, Brave and Tor.
Bitwarden leads the list of the best password managers for 2022 thanks to both its open-source roots and its unbeatable -- and unlimited -- free version. This lean encryption software can generate, store and automatically fill your passwords across all of your devices and popular browsers -- including Brave and Tor -- with competitive security strength.
Its free version lacks some of the bells and whistles of our other picks, but its premium versions are just as feature-rich. Just like its closest competitors, a Bitwarden premium subscription allows you to share passwords, logins, memberships and other items with trusted family and friends, use multifactor authentication through YubiKey and get 1 gigabyte of encrypted storage. Although it has fewer features than the premium version, Bitwarden's free version also offers a one-to-one texting feature called Bitwarden Send which allows you to securely share login information with another person.
If you're looking for a user-friendly free service with an excellent security reputation for password management, it's hard to pass up Bitwarden, which made it into CNET's Cheapskate Hall of Fame as the best free password manager. Plus it has a password sharing feature so you can share all your login info with another person. For $10 a year, you can add 1GB of encrypted file storage. And for $40, you can opt for the Families Organization plan, which allows for 6 individual accounts with unlimited sharing between them. Both subscription tiers come with a 30-day money back guarantee.
- Offers free version (but limited to one device type)
- Base price beyond free: $36 per year
- Command line interface is open source
- Works with: Windows, MacOS, Linux, Android, iPhone and iPad. Browser extensions for Chrome, Firefox, Safari, Internet Explorer, Edge and Opera.
The free version of LastPass once made it stand out as the best password manager in this category by giving you the ability to store passwords, user login info and credentials and sync all of it wherever you want across both your mobile devices or your browsers. And while you can currently view and manage passwords across mobile and desktop devices, as of March 2021, you'll have to choose either mobile or desktop if you're using the free version.
That means if you choose mobile, you'll be able to access your LastPass account across your phones, tablets or smartwatches, but not on your laptop or desktop app -- unless you upgrade to Premium, for $36 a year, or Families, for $48 a year.
The Premium version of the password manager also allows you to share passwords, logins, memberships and other items with trusted family and friends, use multifactor authentication through YubiKey and get 1 gigabyte of encrypted storage. Meanwhile, the Families plan gives you six individual accounts, shared folders and a dashboard for managing the family accounts and keeping an eye on your account's security.
No, LastPass isn't flawless: A vulnerability privately reported in September 2019 was a scary flaw that could potentially compromise passwords. But the company patched it before it was known to be exploited in the wild. It was one of several vulnerabilities that have been discovered in LastPass over the years.
More recently, however, privacy and security concerns emerged around LastPass' Android app when a privacy advocacy project discovered seven web trackers within the mobile app. LastPass has since reduced that to five web trackers on its Android app.
- Offers 14-day free trial
- Base price: $35.88 per year
- Works with: Windows, MacOS, Linux, Chrome OS, Android, iPhone and iPad. Browser extensions for Chrome, Firefox, Safari, Edge and Opera.
If you're looking for a trusted password manager app to keep your login information private and secure, 1Password is the best password manager for the task, letting you access your accounts and services with one master password. It's available for all major device platforms.
This nicely designed password manager lacks a free version, but you can check it out for 14 days before signing up. (Alas, that's down from the earlier 30-day trial period.) An individual subscription runs $36 a year and comes with 1GB of document storage and optional two-factor authentication through Yubikey for additional security. A travel mode lets you remove your 1Password sensitive data from your device when you travel and then restore it with one easy click when you return, so that it's not vulnerable to border checks.
Biometric authentication can be used to access your password vault on Mac and iOS operating systems, you can use Touch ID to unlock 1Password, and on iOS devices you can use Face ID as well. For $60 a year, you can cover a family of five and access password sharing, credit card information and anything else among the group with a single password manager app. Each person gets their own password vault, and it's easy to control who you share information with and what they can do with it.
You can also create separate guest accounts for password sharing to share Wi-Fi connection passwords, for example, or home alarm codes with guests.
Other free and paid options worth considering
Bitwarden, LastPass and 1Password are solid, affordable (or free) password keepers, and in a straw poll of CNET staffers, they were about neck-and-neck in use. But if you find none of our three recommended password managers works quite how you want, a handful of other apps are worth considering. These all have free versions available.
- Offers limited free version (50 passwords on one device)
- Base price beyond free: $60 a year
- Works with: Windows, MacOS, Android, iPhone and iPad. Browser extensions for Chrome, Firefox, Safari, Internet Explorer, Edge and Opera.
Dashlane provides a simple and secure way to manage your passwords and keep other login information stored. Just for managing passwords, we like it as much as our picks, but the free Dashlane app limits you to one device and 50 passwords. The $60 Premium subscription is similar to plans from 1Password and LastPass. The $90 Family subscription allows for up to 6 individual accounts.
- Offers limited free version (unlimited passwords on one device)
- Base price beyond free: $35
- Works with: Windows, MacOS, Linux, Android, iPhone and iPad. Browser extensions for Chrome, Firefox, Safari, Internet Explorer, Edge and Opera.
Keeper is another secure password manager that helps you manage login info on Windows, MacOS, Android and iOS devices. A free version gives you unlimited password storage on one device. The step-up version costs $35 a year and lets you sync passwords across multiple device options. For $75 a year, you can also get 10GB of secure file storage and dark web monitoring.
- It's free
- Donations accepted
- Works with: Windows, MacOS, Linux, Chrome OS, Android, iPhone and iPad, BlackBerry, Windows Phone and Palm OS. Access via the web plus popular browser extensions. (Except for the official Windows, MacOS and Linux versions, KeePass for other platforms are unofficial ports.)
KeePass, another open-source software password manager, started on Windows but has since added native MacOS and Linux apps and has been ported using the same code base to Android and iOS. On the plus side, it's totally free and endorsed by the Electronic Frontier Foundation. On the other hand, it's really for advanced users only: Its user interface takes a bit of fiddling to get all the independently built versions of KeePass to work together.
What about NordPass and Norton Password Manager?
There's been a shift in the market for VPN and antivirus software in the past few years. Many of the companies behind these software packages are expanding them to become wider software suites. For instance:now offers NordPass, a dedicated password manager, and Norton now offers a Norton Password Manager as part of its antivirus and identity theft packages. We haven't specifically reviewed these password storage managers, if only because they don't yet appear to have a feature set or pricing option that beats any of our preferred options above. If and when that changes, we'll check them out in more detail.
We haven't specifically reviewed Norton's password manager solution, if only because it doesn't appear to have a feature set that beats any of our preferred options above. If and when that changes, we'll check it out in more detail.
However, we're looking forward to giving NordPass a closer look as the password manager's pricing and feature offering appears to have gotten significantly more robust and competitive since it was originally introduced in 2019. ExpressVPN's Keys is another password manager solution coming from a VPN provider we're excited to review in the future, so check back as we continually update this story.
Password manager basics
Still need more info on what password managers are, and why they're better than the alternatives? Read on.
How does a password manager work?
To get started, a password manager will record the username and password you use when you first sign in to a website or service. Then the next time you visit the website, it will autofill forms with your saved password login information. For those websites and services that don't allow automatic filling, a password manager lets you copy the password to paste into the password field.
If you're stuck picking a good password, a manager can generate a strong password for you and watch that you aren't. And if you use more than one device, you want a manager that is available across all your devices and browsers, so you can access your passwords and login information -- including credit-card and shipping information -- from anywhere through the manager app or its browser extension. Some provide secure storage so you can store other items too, such as documents or an electronic copy of your passport or will.
Take note: Many password managers keep the master password you use to unlock the manager locally and not on a remote server. Or if it's on a server, it's encrypted and not readable by the company.
This ensures your account stays secure in case of a data breach. It also means that if you forget your master password, there may not be a way to recover your account through the company. Because of that, a few password managers offer DIY kits to help you recover your account on your own. Worst-case scenario, you start over with a new password manager account and then reset and save passwords for all your accounts and apps.
What makes for a secure password?
When trying to avoid a weak password, a good password should be a long string of capital and lowercase letters, numbers, punctuation and other nonalphanumeric characters -- something that's difficult for others to guess, but a snap for a password manager to keep track of. And despite what you may have heard, once you select a good complex password or passphrase,.
Can I use a web browser to manage my passwords and login information?
You can certainly use Chrome, Safari or Firefox to manage your passwords, addresses and other login data. You can even set up a master password to unlock your credentials within a browser. And while using an online browser's password tool is certainly better than not using a password keeper at all, you can't easily access your passwords and other login info outside of the browser or share login info with others you trust.
What about iCloud Keychain?
Through iCloud Keychain, you can access your Safari website usernames and passwords, credit card information and Wi-Fi network information from your Mac and iOS devices. This cloud storage option is great if you live in Apple's world. But if you venture outside the Apple operating system and have a Windows or Android device or use the Google Chrome or Firefox browser, iCloud Keychain comes up short.
Can a password manager get hacked?
Even the best password managers can sometimes have security vulnerabilities and can sometimes even be hacked. However, a quality password manager will always be based on a zero-trust security model. This means that your master password along with all of your other stored passwords and data are encrypted at the device level and never accessible to the password manager or any other outside party. So even if a password manager did get hacked, an attacker would not be able to access the contents of your vault.
However, if someone did happen to get a hold of your master password, they could get access to your vault. Keeping your devices secure and enabling features like multi-factor and biometric authentication can be a big help in mitigating the risk of that happening.
How do I set up a password manager?
Setting up a password manager is typically very straightforward and easy. First, you'll need to choose the password manager that best fits your needs and create an account. As you're setting up your account, you'll need to set your master password. Make sure your masterbut memorable, and not one you've used elsewhere. Then, you can download the password manager's app to your devices and the browser extension to the browsers that you use.
Once you've downloaded the apps and browser extensions, you can start filling your vault with passwords and other information. Most password managers offer a way to import your stored passwords from a .csv file, browser or other password manager. This makes it easy to get started instead of having to enter each username and password manually. Once you've got your passwords loaded into your vault, you're all set. You'll be able to go to your online accounts and have your password manager automatically fill in your login credentials without having to remember a single one.
David Gewirtz contributed to this story.