Everyone Needs a Password Manager

Nearly every website you visit insists you create a user account and think up a password, from dating apps to hyper-secure banking sites. The human memory can't keep up with dozens and dozens of these. Some folks get the bright idea to use the simplest possible passwords, things that are easy to remember, like "123456789" or "password." Others memorize one superbly random password and use it for everything. Either path is likely to make you the latest victim of identity theft.

Don't be like them—use a password manager. With a password manager, you don't have to remember that strong, unique password for every website. The password manager stores them for you and even helps you generate new, random ones. We've tested and analyzed dozens, so you can pick the password manager that best fits your needs.

All of the products in this roundup earned at least 3.5 stars and all of them cost money (though you can use some of them for free if you accept certain limitations). If you don't want to spend money and don't want limitations, don't worry. We've rounded up the best free password managers in a separate article. Most of the free tools lack the most advanced features, but they get the job done. Whether free or paid, a password manager is something everybody needs.

The Password Basics

A typical password manager installs as a browser plug-in to handle password capture and replay. When you log in to a secure site, it offers to save your credentials. When you return to that site, it offers to automatically fill in those credentials. If you've saved multiple logins for the same site, the password manager lists all those options. Most also offer a browser toolbar menu of saved logins, so you can go straight to a saved site and log in automatically.

Some products detect password-change events and offer to update the existing record. Some even record your credentials during the process of signing up for a new secure website. For maximum convenience, you shouldn’t choose a password manager that doesn't include password capture and replay automation.

Those who are already using a password manager may find that the grass looks greener in the other app. Most allow you to export your saved data or import from other products, easing the process of switching password managers.

Getting all of your existing passwords into the password manager is a good first step. Next, you need to identify the weak and duplicate passwords and replace them with tough ones. Many password managers flag weak, duplicate, or compromised passwords and help you improve them.

When you create a new secure account or update a weak password, you don't want to strain your brain trying to come up with something strong and unique. Why bother? You don't have to remember it. Make sure your generated passwords are at least 20 characters long and include all of the major character types (uppercase, lowercase, numbers, and symbols); all too many products default to a shorter length.

Entering a password like @2a&[email protected] on your smartphone's tiny keyboard can be tough. Fortunately, almost all of our top password managers can sync across all your Windows, Mac, Android, and iOS devices. A few even let you authenticate on iOS or Android with your fingerprint or face rather than typing the master password each time.

Most password managers integrate some form of two-factor authentication for securing your account, be it biometric, SMS-based, or via time-based one-time passwords (TOTPs) stored in an authenticator app such as Google Authenticator or Microsoft Authenticator. The best password managers support authentication via U2F- or TOTP-based hardware keys such as from YubiKey and Titan Security.

Fill Forms Automatically

Since most password managers can auto-fill stored credentials, it's just a small step for them to automatically fill in personal data on web forms—first and last name, email address, phone number, bank cards, passport numbers, and so on. After all, storing payment and identity details in an encrypted vault is a much safer way than saving them to a website or browser.

Most of the top-rated products include a web form-filling component. The breadth and flexibility of their data collections vary, as does their accuracy when matching web form fields with their stored items. Even if they miss a field or two, the ones they do fill are ones you don't have to type. Think about how many sites you go to that want all the same information; this feature is a huge time-saver.

Each password manager handles form filling differently. Some immediately fill all recognized fields, some wait for you to click in a field, some pop up and ask what you'd prefer. You'll even find products that offer your choice of credit cards using realistic images with the correct color and bank logo!

Advanced Password-Management Features

Given that all these products take care of basic password management tasks, how do any of them stand out from the pack?

One handy advanced feature is managing passwords for applications, not just websites. Another is a secure browser, designed to protect sensitive transactions and invoked automatically when you visit a financial site. The ability to automate the password change process seems to be less and less common these days. Some password managers never offered this feature to maintain zero-knowledge policies.

Most password managers include a built-in mechanism for securely sharing passwords with other users, but some go a step further with advanced permissions. For instance, a few password managers allow you to share a login without making the password visible, revoke sharing, or make the recipient an owner of the item. On a grimmer note, what happens to your secure accounts after you've died? A growing number of products include some provision for a digital legacy, a method to transfer your logins to a trusted individual in the event of your death or incapacity.

Logging in with your secure username and password to a website that doesn't use a secure HTTPS connection is a big no-no. Some password managers even warn you about insecure login pages. Even when you do use HTTPS, sniffers and snoops can still learn some things about your activity, such as the simple fact that you're logging in to the secure site, and the IP address from which you're connecting. Running your secure connections through a virtual private network, or VPN, adds a layer of protection. Dashlane now includes a simple built-in VPN from Hotspot Shield, and RememBear comes from the same source as the Editor’s Choice TunnelBear VPN.

Secure storage is an increasingly common feature among password managers, too. The storage allocation won’t replace the need for a dedicated cloud storage and syncing service, but in many cases, it’s enough for storing important documents in an encrypted state.

What's Not Here

As mentioned above, every product in the chart above earned at least a 3.5-star rating. Those with three stars are still good, but they're not quite up there with the very best. If you're looking for a particular password manager that isn't in this table, we have probably reviewed it, but found it lacking in some way.

As mentioned earlier, you also won't find any only-free password managers here; those products are in a separate roundup. The password managers offer both excellent paid and free tiers appear in both roundups.

The Top Password Management Software

Although a password manager needs to offer all the advanced features, it should remain easy to use and avoid needless complexity. Users who get annoyed or baffled by a password manager may well abandon it and go back to using sticky notes to store and share passwords or, worse, applying the same password everywhere. Our Editors' Choices for the category are Dashlane, Keeper, and LastPass. Slick and polished Dashlane boasts a ton of features. Keeper Password Manager & Digital Vault offers a full set of advanced features, a sleek and elegant user interface, and support for every popular platform and browser. LastPass excels because of its ease of use and impressive free version. You won't go wrong choosing any one of these products. Products that do not earn an Editors' Choice still have their merits however, and you may even prefer one of them.