We are terrible at passwords. We suck at creating them (the top two most popular remain “123456” and “password”), we share them way too freely, and we forget them all the time. Indeed, the very thing that can ensure our online security has become out biggest obstacle to it. This is what makes a good password manager essential.
A password manager relieves the burden of thinking up and memorizing unique, complex logins—the hallmark of a secure password. It allows you to safely share those logins with others when necessary. And because these tools encrypt your login info in a virtual vault—either locally or in the cloud—and lock it with a single master password, they protect the passwords themselves. If you’re looking to up your security game in the wake of Marriott Starwood’s massive 500 million guest hack, a password manager is the way to go.
But password managers vary widely in their capabilities and cost, so we compared six of the most popular. All support Windows Mac OS, Android, and iOS, as well as the major browsers. And all will let you sync your data across multiple devices, though you may have pay extra for the privilege.
Here are our top two picks, followed by tips on what to look for when shopping for a password manager and full reviews of all six products.
LastPass ticks all the boxes on our password manager want list. It makes it a breeze to create unique, complex passwords; capture and manage login credentials; sync them across multiple devices; and share them with others you trust. Its password auditing and updating features let you identify and eliminate weak or duplicate passwords with just a mouse click or two. It also stores credit card numbers and other personal data to autofill web forms when you’re making a purchase, signing up for a service, or paying a bill.
LastPass also supports a range of multi-factor authentication options for protecting your vault, including app-based authenticators like Symantec VIP and Google Authenticator, hardware tokens like YubiKey, and fingerprint readers. And its $12-a-year subscription is a steal when other password manager services charge as much as $35 for a single user.
Dashlane is the strongest contender for LastPass’s crown. It has a beautiful interface, is easy to use, and is stocked with features to help you strengthen your online security. Chief among these is a stellar security dashboard that grades your passwords and suggests actions for boosting your score and your protection. Only its $40 price tag—the highest in our roundup—dampened our enthusiasm for this fantastic password manager.
What to look for in a password manager
At their most basic, password managers capture your username and password—usually via a browser plugin—when you log in to a website, and then automatically fill in your credentials when you return to that site. They store all your passwords in an encrypted database, often referred to as a “vault,” which you protect with a single master password.
Of course, most password managers do much more than this and many extend protection beyond your login credentials to other types of personal data. We narrowed it down to a few essential features that we looked for and you should too:
- Password generation: You’ve been reminded ad nauseam that the strongest passwords are long, random strings of characters, and that you should use a different one for each site you access. That’s a tall order. This is what makes password generation—the ability to create complex passwords out of letters, numbers, and special characters—an indispensable feature of any good password manager. The best password managers will also be able to analyze your existing passwords for weaknesses and upgrade them with a click.
- Autofill and auto-login: Most password managers can autofill your login credentials whenever you visit a site and even log you in automatically. Thus, the master password is the only one you ever have to enter. This is controversial, though, as browser autofill has long been a security concern, so the best managers will also let you toggle off this feature if you feel the risk outweighs the convenience.
- Secure sharing: Sometimes you need to share a password with a family member or coworker. A password manager should let you do so without compromising your security.
- Two-factor authentication: To an enterprising cybercriminal, your password manager’s master password is as hackable as any other password. Increasingly, password managers support multi-factor authentication—using a second method such as a PIN, a fingerprint, or another “trusted device” for additional verification—to mitigate this risk. Choose one that does.
- Protection for other personal data: Because of how frequently we use them online, credit card and bank account numbers, our addresses, and other personal data can be securely stored in many password managers and automatically filled into web forms when we’re shopping or registering an account.
No online security measure is 100 percent foolproof, though, as we were reminded when LastPass, one of the most reputable password managers, recently scrambled to fix a pair of vulnerabilities that could have compromised users’ passwords and their computers. And just last month, OneLogin was victim of a breach that compromised customer data, including the ability to decrypt data.
Still, most security experts agree that password managers are still the safest way for people to manage their myriad logins, and we agree that the benefits far outweigh the risks. Just choose your password manager carefully after researching all the options starting with the guide.