Charles Martin
Using unique and strong passwords for every website is a must for internet security. Too few people know how to do this, and that's where the best password managers come in and can make online life easier.
There's no doubt about it, actually doing the work to stay safe on the web is hard — and getting harder. In order to be truly secure online, each and every login you use needs its own strong, unique password.
We're starting to see the spread of "passkeys" that make this process easier, since it doesn't rely on passwords. Until this is universal, however, users should consider a password manager to help them create, manage, and fill in strong passwords.
The best password managers we've picked here are excellent, free or low-cost, and user-friendly. Furthermore, we've checked each company's privacy policies to ensure that they can't read any of your stored passwords, thanks to end-to-end encryption.
All six of our managers offer features like two-factor authentication, secure password sharing, and importing existing passwords. They all help you create strong passwords, auto-store them, and report on any passwords that are weak or compromised.
We've checked to see if any of the companies reported a compromise or server breach, such as what happened to LastPass. Thanks to their "zero-knowledge" policies, none of the password managers we list here have been compromised.
Keychain
Being built-in to Apple's Mac and mobile devices, this is the obvious first choice. Whenever you first sign in or create an account on a website in Safari, Keychain — called "Passwords" in system settings — will pop up and offer to store this new login.
You should always, always say "yes" to this. That login is then stored and encrypted on your device, and then stored on iCloud and synced across your Apple devices.
At one time, what is now called iCloud Passwords only worked with the Safari browser on Mac. As of macOS Sonoma, it now also supports Edge, Chrome, Opera, and other Chromium-based browsers — sorry, Firefox.
You can even use Keychain on PCs by downloading "iCloud for Windows" application, and signing in to your Apple ID. It can then import and sync any logins you have stored in the default Edge browser, or Google's Chrome browser.
Keychain includes some features for free that require a paid subscription on other password managers. Keychain will let you know if your passwords have been compromised or reused.
It will also let you know if a password is insecure/weak. It can direct you to the website so you can reset them to something better.
If you access "Passwords" through Safari on the Mac, you can more easily edit or remove duplicates or old passwords than in Keychain itself. Really, its main weak spot is the lack of an option for multiple users in one account.
On iPhones and iPads, you can go to Settings -> Passwords and do the same. On the Mac, the Keychain app is still a bit intimidating to inexperienced users, so use Safari to get to passwords instead.
The password list is covered by Apple's standard privacy policy, so Apple doesn't know the contents of your keychain. Some basic and anonymized "telemetry" data may be collected to help Apple determine how often an app is opened, for how long, or if the app crashes.
Given that it's built-in, feature-rich, and supports passkeys, why would any Apple user want to use anything else? One reason is its lack of support for Firefox, but there's also the lack of support for users who are cross-platform on smartphones or tablets — sorry, Android.
You can export your passwords easily from Keychain/iCloud Passwords, and import them into most other browsers on other platforms. However, imported passwords don't sync back to the Mac or iOS devices.
This is where third-party password managers come in. You can also easily import those passwords into them, and they do stay current across platforms, so let's take a look at some of those.
1Password
All five of the alternative options we've picked securely store your passwords as Keychain does, but also have additional features for managing and sharing passwords.
Although it is a very close choice, our favorite amongst the third-party companies is 1Password. As with the others, 1Password is multi-platform, supports all major browsers, and has zero knowledge of the contents of your password vault.
The main reason we prefer it over its competitors is its ease of use and tutorials for new users. It features support for multiple and shared "vaults," and ensures it is communicating with 1Password's real servers, foiling imposter sites.
Its one real drawback for potential customers is that it has no free tier. There is a free two-week trial — and it's worth noting that most managers that do offer a free tier limit them in various ways.
1Password has you create a master password — which the company will never know — as well as a "secret key" as secondary protection. You should store them in a physical safe or other secure place, because if you lose both of these, the company cannot help you recover them.
The price for 1Password beyond the trial is $2.99 per month, or $4.99 a month for up to five family members, with both plans billed annually. As with the other options listed here, they have team, business, and enterprise pricing as well.
Bitwarden
Bitwarden is a bit less friendly-looking than 1Password, but it is the gold standard for password managers. It offers a limited free tier, which makes it a good choice for people new to the idea of a password manager.
Like most of the other options, the company has no knowledge of what users store in the vault. Like 1Password, it helps you if you lose your master password. It doesn't collect any user data beyond your signup info and doesn't sell that user data to anyone.
Bitwarden's free tier is fairly generous, allowing an unlimited number of stored passwords on an unlimited number of devices. You can only share vault items with one other user, and the free tier doesn't include the site authenticator or security reports.
Pricing for Bitwarden's paid tiers ranges from $10 per year for individuals to $40 per year for up to six family members. What Bitwarden calls "collections" — also known as "vaults" — are limited to two except for the family plans.
Dashlane
Dashlane, like Bitwarden, is another excellent product if you want more control than Keychain can offer. Its paid plans include compromise reports, as well as dark web monitoring.
Like the ones above, your passwords are only readable by you, not the company. Bitwarden does collect and store — but doesn't sell — email and payment info.
There is a free tier, but it is limited to a single device — and doesn't include reports. A personal plan costs $33 per year, but the Premium plan for $60 adds a Hotspot Shield VPN for extra anonymity.
Dashlane is one of the few here that offers a method to "pass on" your vault to a trusted family member or friend.
If you need a shared plan for a large group, Dashlane's Friends and Family plan allows up to 10 users and costs $90 per year.
Keeper
Keeper is another choice that respects user privacy. We're less enamored of its nickel-and-diming way of getting users to spend more, but like the others, Keeper has zero knowledge of what you store in your account.
It does not market or sell what little user data it has, but does share your email and IP address with its service partners. It has a limited free tier you can try out, but it is only for one device — so go for the one-month unrestricted free trial instead.
The individual plan costs $35 per year, with unlimited password storage on unlimited devices. The family plan is priced at $75 per year for a total of six people.
Other features often included in other companies' paid plans are add-ons with Keeper. For example, the company's Breachwatch feature for alerting you of compromises is a paid add-on.
NordPass
NordVPN is a well-regarded brand for its VPN service, so we also looked into NordPass as a password manager. As with Keeper, its free tier restricts you to one device at a time and is very limited.
The paid version is the most expensive on our list: $60 per year. This allows up to six devices and includes a password-strength checker and a Data Breach service.
As with most of the others, you have to set up two passwords — your normal account login password, and a "master password" if you forget your account password. All of your information is encrypted before being backed up to Nord servers, so the master password needs to be securely stored.
One feature NordPass has is a true "password inheritance" feature. You can set a trusted family member to have access to your vault in the event of your incapacitation or passing.
The service also has paid tiers that are really aimed more at businesses. Under a business plan, employee accounts are free, but if an employee is let go, administrators can transfer those logins to another employee.
We find it annoying that there is no option to combine the benefits of NordVPN with NordPass, apart from just paying for both. NordPass also doesn't offer a family plan, only the individual option.
Oliver Haslam
William Gallagher
Christine McKee
Sponsored Content
Malcolm Owen
Andrew Orr
10 Comments
I am using Safe + on both iOS and the Mac. It does not put passwords or other data in the cloud and syncs via WiFi.
It's reliable, supports password autofill and also some advanced features like 2FA.
No thank you to any subscription app. I'm happy to pay once, but not every month forever.
1) Encrypting on the server and the company not having access to your credentials is decent security, but do any of them offer a Secret Key-like feature that keeps your local and online vaults encrypted without having this random and long Secret Key that is not created on or stored on a server to keep your vaults encrypted? For me, this is the feature that keeps me a loyal 1Password customer for nearly 2 decades now.
2a) I know many on here are very much against both a subscription model and storing passwords online—I completely understand the dislike of a subscription and the fear of a company's servers being hacked, but I do love that I can easily manage an extended family where they would otherwise still be using the same idiotically complex to type yet easily hackable passwords with a great number of repeated and nearly all similar entries to each other. Additionally, being able to create a shared vault for shared items is a huge amount of time savings, especially if that means trying to walk someone over the phone how to edit a login in some way.. At $1 per month per person it's well wroth it for me. I pay annually so I just send everyone a $12+tax Apple Cash request via iMessage once a year.
2b) If you like the idea of shared vault and ease of use but are still weary of your personal data being on 1Password's servers despite the Secret Key encryption layer, you can create a hybrid set of vaults where your personal vaults are shared in a multitude of other ways while still allowing you to shared vaults for your family as you need them. This plus other features that are in 1Password 7 are not a part of 1Password 8 which is why I personally have yet to move to it.
How in the blue blazes can you not include Enpass?!
I've used 1Password from the v2 days. Eventhough my subscription is active (barely) I grew weary of its security issues and bloating. I also used Bitwarden for almost a year. I am SO happy with Enpass. I am under the impression it is used by as many, if not more, as any of the others you did cite, excepting probably 1 Password.