GADGET

The best password manager for 2024


Think about your digital footprint. How many accounts have you created online since you first started using the internet? How many of those use the same passwords, so you have an easier time logging in? It’s a habit we’ve all fallen into, but it greatly weakens our ability to stay secure online. Just one password leak can compromise dozens of accounts.

Password managers can help you break that habit. It’ll do the tedious work of creating and storing various passwords to up your security posture without testing your memorization skills. But there are dozens of password managers available now — that’s why we tested out nine of the best services available now to help you choose the right one for your needs. 1Password remains our top pick for the best password manager, thanks to its zero-knowledge policy, numerous security features and general ease of use, but there are other top password managers out there to consider as well.

1Password

Number of tiers: 4 | Pricing: $3/month for Individual, $5/month for Families, $20/month for Teams Starter Pack, $8/month per user for Business | Compatibility: macOS, iOS, Windows, Android, Linux, Chrome, Firefox, Safari, Brave, Edge, Command Line

Many security experts trust 1Password with their private information and, after testing it out, it’s clear why. The service includes industry standard encryption, a “secret key” that only you know on top of your master password, a zero-knowledge policy that means it keeps no data, and other security features like frequent audits, two-factor authentication and a bug bounty program. That said, 1Password did fall victim to a recent cybersecurity incident that’s worth noting. 1Password detected suspicious activity on its Okta instance, but an investigation “concluded that no 1Password user data was accessed.” 1Password now also supports passkeys, which are credentials stored in your most used devices that are protected by biometric authentication (like fingerprints or facial recognition) or PINs.

1Password has a pretty intuitive user interface across its desktop and mobile apps. A tutorial at download helps you import passwords from other managers onto 1Password so that you don’t feel like you’re starting over from scratch. It also clearly rates the strength of each password and has an “open and fill” option in the vault so that you can get into your desired site even more quickly. We also liked the user-friendly option to scan a set up code to easily connect your account to your mobile devices without too much tedious typing.

At $3 per month, the individual subscription comes with unlimited passwords, items and one gigabyte of document storage for your vault. It also lets you share passwords, credit card information and other saved credentials. If you upgrade to the family plan for $5 each month, you’ll get to invite up to five people (plus more for $1 each per month) to be a part of the vault.

Pros

  • Zero-knowledge policy
  • Intuitive user interface
  • Available across most platforms

$3 at 1Password

Bitwarden

Number of tiers: 3 | Pricing: Free, $3/month per user for Teams Organization, $5/month per user for Enterprise Organization | Compatibility: macOS, iOS, Windows, Android, Linux, Chrome, Firefox, Safari, Brave, Edge, Vivaldi, Opera, Tor, DuckDuckGo for Mac, Command Line

Bitwarden’s free plan includes unlimited passwords on an unlimited number of devices, which is more than we’ve seen from some of its competitors. There are drawbacks like you can only share vault items with one other user, but we think that’s a fair tradeoff.

Bitwarden is based on open-source code, meaning anyone on GitHub can audit it, which is a good measure of security. On a personal level, it includes security audits of your information, like a data breach report, that can keep you in the know about when your passwords have been leaked and when it’s time to change them. Plus, it’s widely available across the platforms we tested, including Windows and iOS, with a level of customization, options to access your password vault and more. It also recently added passkeys to its vault and two-factor authentication options as a secure way to sign in.

Bitwarden may be the best free password manager, but it does have a paid version and we do think it’s worth it. At $10 annually for individuals or $40 for families, you unlock encrypted file storage, emergency access, unlimited sharing and more additional features. But the free version comes with the basics that can get anyone set up on password management easily.

Pros

  • Robust free version
  • Based on open-source code
  • Available across a wide variety of platforms
Cons

  • Free version can only share a vault with one other user

$0 at Bitwarden

NordPass

Number of tiers: 3 | Pricing: Free, $2/per month for Premium, $4/month for Family | Compatibility: macOS, iOS, Windows, Android, Linux, Chrome, Firefox, Safari, Opera, Edge

Across password managers we tested, cross-platform availability was relatively similar. Most are widely available across web browsers and different operating systems, including our other top picks on this list. But we wanted to give a nod to NordPass here because of how easy the service makes it to access your vault from any platform while keeping your data safe. NordPass even lets you use biometric data to sign in now, like your fingerprints or face, making it even easier to get into accounts across devices.

NordPass has a free option with unlimited passwords and syncs across devices. A $2-per-month premium plan keeps you logged in when switching devices, comes with security notifications and allows for item sharing. A family subscription comes with six premium accounts and only costs $4 per month. This makes it an excellent budget option as well. Besides the pairing code to connect accounts, NordPass is a pretty standard password manager. Scanning a code gets me from my laptop to mobile device to work computer super easily. If you’re constantly switching devices and those extra few seconds save your sanity, it’s worth considering.

Pros

  • Available across a wide variety of platforms
  • Relatively affordable
  • Allows for biometric logins

$2 at NordPass

Dashlane

Number of tiers: 4 | Pricing: Free, $3/month for Advanced, $5/month for Premium, $7/month for Friends and Family | Compatibility: macOS, iOS, Android, Chrome, Firefox, Safari, Brave, Edge, Opera

Dashlane has four subscription options: A free user gets access to a single device with unlimited passwords; an advanced user pays $3 per month to get upgraded to unlimited devices and dark web monitoring; for $5 per month, a premium user also gets VPN access and an $7.49-per-month family plan includes access for up to 10 subscribers.

It met all the criteria we looked for, but with a clear emphasis on sharing credentials. Dashlane highlights “secure sharing” starting at its free level, which is a functionality that some competitors keep behind a paywall. Other free features, however, recently took a hit. Dashlane limited the number of passwords users of the free version could store. Access for up to 10 members in a family plan is one of the bigger plans we’ve seen as well. While we were testing it, password sharing seemed front of mind with a tab dedicated to it in Dashlane’s browser extension. Arguably the biggest caveat here, though, is lack of Linux support.

Pros

  • Easy to securely share information with others
  • Free version includes robust sharing features
Cons

  • Free version supports a limited number of passwords
  • No Linux support

$3 at Dashlane

It seems counterintuitive to store all your sensitive information in one place. One hack could mean you lose it all to an attacker and struggle for months or even years to rebuild your online presence, not to mention you may have to cancel credit cards and other accounts. But most experts in the field agree that password managers are a generally secure and safe way to keep track of your personal data, and the benefits of strong, complex passwords outweigh the possible risks.

The mechanics of keeping those passwords safe differs slightly from provider to provider. Generally, you have a lengthy, complex “master password” that safeguards the rest of your information. In some cases, you might also get a “security key” to enter when you log in to new devices. This is a random string of letters, numbers and symbols that the company will send you at sign up. Only you know this key, and because it’s stored locally on your device or printed out on paper, it’s harder for hackers to find.

These multiple layers of security make it difficult for an attacker to get into your vault even if your password manager provider experiences a breach. But the company should also follow a few security basics. A “zero-knowledge” policy means that the company keeps none of your data on file, so in the event of an attack, there’s nothing for hackers to find. Regular health reports like pentests and security audits are essential for keeping companies up to par on best practices, and other efforts like bug bounty programs or hosting on an open source website encourage constant vigilance for security flaws. Most password managers now also offer some level of encryption falling under the Advanced Encryption Standard (AES). AES 256-bit is the strongest, because there are the most number of possible combinations, but AES 128-bit or 192-bit are still good.

You likely already use a password manager, even if you wouldn’t think to call it that. Most phones and web browsers include a log of saved credentials on the device, like the “passwords” keychain in the settings of an iPhone. That means you’ve probably seen the benefits of not having to memorize a large number of passwords or even type them out already.

While that’s a great way in, the downfall of these built-in options are that they tend to be device specific. If you rely on an Apple password manager, for example, that works if you’re totally in the Apple ecosystem — but you become limited once you get an Android tablet, Lujo Bauer, professor of electrical and computer engineering, and of computer science, at Carnegie Mellon University, said. If you use different devices for work and personal use and want a secure option for sharing passwords with others, or just don’t want to be tied to one brand forever, a third-party password manager is usually worth it.

We tested password managers by downloading the apps for each of the nine contenders on iPhone, Android, Safari, Chrome and Firefox. That helped us better understand what platforms each manager was available on, and see how support differs across operating systems and browsers.

As we got set up with each, we took note of ease of use and how they iterated on the basic features of autofill and password generators. Nearly all password managers have these features, but some place limits on how much you can store while others give more control over creating easy-to-type yet complex passwords. From there, we looked at extra features like data-breach monitoring to understand which managers offered the most for your money.

Finally, we reviewed publicly available information about security specs for each. This includes LastPass, which more experts are shying away from recommending after the recent breach. For the sake of this review, we’ve decided not to recommend LastPass at this time as fallout from the breach still comes to light (The company disclosed a second incident earlier this year where an unauthorized attack accessed the company’s cloud storage, including sensitive data. Since then, hackers have stolen more than $4.4 million in cryptocurrency using private keys and other information stored in LastPass vaults.)

These are the password managers we tested:

For a while, security experts considered LastPass a solid choice for a password manager. It’s easy to use, has a slew of helpful extra features and its free version gives you a lot. But we decided not to include LastPass in our top picks because of the high profile data breaches it has experienced over the past couple of years.

Keeper met a lot of the basic criteria we tested for, like autofill options and cross-platform availability. We liked its family plan options, too, that can keep your whole household secure. There’s even a self-destruct feature that deletes local data after five incorrect login attempts, should your device be lost or stolen (the cloud-based data remains untouched). But we didn’t think its extra features, like the encrypted messaging app, added much value.

Enpass works well as an affordable password manager. That includes an inflation-beating “lifetime” access pass instead of a monthly payment for users really committed to the service. Still, it was confusing to set up across devices and because Enpass stores data locally, as opposed to in the cloud, we struggled to get started with it on mobile.

A familiar name in security, we were excited to test out Norton’s password manager. While it’s free, its features seem underdeveloped. It lacked password sharing, account recovery and complex form-filing tools that come standard in many of the other password managers we tested.

LogMeOnce comes with a wide range of premium tiers, from professional to family, that include different levels of storage and features. But when we tested, it lacked some basic cross-platform availability that other password managers had already, like compatibility with Mac and Safari.

Using a password manager can enhance your online security. They store all of your complex passwords and autofill them as needed, so that you can have unique, good passwords across the web without remembering each of them yourself. In many cases, unique passwords are your first defense against attack, and a reliable manager makes it easier to keep track of them all.

Password managers are a secure way to store your credentials. Experts in the field generally agree that the benefits of accessibility when storing complex passwords outweigh the possibility of attack, like what happened with LastPass. But with any service, it can vary from provider to provider. You should look out for zero-knowledge policies, regular security audits, pentests, bug bounty programs and encryption when choosing the right secure password manager for you.

Think of password managers like virtual safe deposit boxes. They hold your valuables, in this case usually online credentials, in a section of the vault only accessible to you by security key or a master password. Most of these services have autofill features that make it convenient to log in to any site without needing to remember every password you have, and they keep your credit card information close for impulse purchases.

But given that passwords are one of the top ways to keep your online identity secure, the real value of password managers is staying safe online. “It’s just not possible without a password manager to have unique, long and hard-to-guess passwords,” Florian Schaub, an associate professor of information and of electrical engineering and computer science at the University of Michigan, said.

Common guidance states that secure passwords should be unique, with the longest number of characters allowed and uppercase letters, lowercase letters, numbers and special characters. This is the exact opposite of using one password everywhere, with minor variations depending on a site’s requirements. Think of how many online accounts and sites you have credentials for — it’s an impossible task to remember it all without somewhere to store passwords safely (especially in instances when you need to create a new password for any given account). Password managers are more readily accessible and offer the benefit of filling in those long passwords for you.

Given their universal benefit, pretty much everyone could use a password manager. They’re not just for the tech-savvy people or businesses anymore because so much sensitive information ends up online behind passwords, from our bank accounts to our Netflix watch history.

That’s the other perk of password managers: safe password sharing. Families, friends or roommates can use them to safely access joint accounts. Texting a password to someone isn’t secure, and you can help your family break the habit by starting to use one yourself, Lisa Plaggemier, executive director at National Cyber Security Alliance, said. Streaming is the obvious use case, but consider the shared bills, file storage and other sites you share access with the people around you as well.

Forgetting a master password won’t necessarily lock you out for good, but the recovery process varies from provider to provider. Some services give you a “security key” at sign up to enter when you log into new devices. It can also be used to securely recover your account because it’s a random string of keys stored locally that only you have access to. Other services, however, have no way to recover your vault. So creating a master password that you won’t forget is important.

A good master password should be unique, with the longest number of characters allowed and uppercase letters, lowercase letters, numbers and special characters. Experts often recommended thinking of it like a “passphrase” instead of a “password” to make it easier to remember. For example, you can take a sentence like “My name is Bob Smith” and change it to “Myn@m3isB0b5m!th” to turn it into a secure master password that you won’t forget.

A passkey is a sort of digital identification that’s interlocked to your account on a given app or website. While that sounds like a password, there’s an important distinction: Passkeys are bilateral authenticators that have two separate components: a private key stored locally on your device and a public key belonging to the website or application. When logging in with a passkey, these two keys pair and give you access to your account. You can read more about passwords versus passkeys here.

Update, October 28 2024, 5:15PM ET: This story has been updated to note that Keeper’s “self-destruct” security feature only deletes local content when engaged, but maintains data on a subscriber’s cloud-based account.



Source link

Related Articles

Back to top button