Using a password manager is one of the best steps you can take to protect your security online. A good password manager makes it easy to generate unique, strong passwords, and it will then securely save them so they’re available wherever you need them, whether that’s on your phone, laptop, tablet, or desktop computer. Basically, they take 90 percent of the work out of being safe online.
Hopefully, at this point everyone knows why it’s important to use a unique password for all of your accounts online. But the short version is that using one password everywhere means that if just one site you use gets hacked, an attacker potentially has the password that unlocks your entire online life. Breaches still matter if you use a password manager, but at that point it’s a case of resetting just one password rather than dozens.
Although different password managers have different selling points, most offer the same core set of features. They generate passwords which they securely store, and they’ll prompt you to save passwords when you use them on websites. They’ll also sync your passwords across devices and autofill them into websites and apps when required.
There are many good password managers available that charge a monthly fee, but for this guide we’re going to be focusing on free services. All of them have paid subscription tiers, but for most, the free tier offers the essential core features of a password manager.
Our pick for the best for most people is Bitwarden.
The best for most people: Bitwarden
Bitwarden has basically everything you could want out of a password manager. It’s available across iOS and Android; it has native desktop applications on Windows, macOS, and Linux; and it also integrates with every major browser including Chrome, Safari, Firefox, and Edge.
Bitwarden’s security has also been audited by a third-party security company, and although it uses the cloud to sync your passwords between devices, it says it stores them in an encrypted form that only you can unlock. You also have the option of protecting your Bitwarden account with two-factor authentication to provide an extra layer of security.
Importing our passwords was easy, and Bitwarden has guides for many popular password managers in its support pages. It supports biometric security on iOS and Android, and all of its software is nicely designed and easy to use.
Bitwarden does have paid tiers, but we think most people will be able to do without most of the features they offer. Paying gets you access to encrypted file attachments, more second-factor security options, and reports on the overall security of the passwords you have in use. But even on the free tier, you can perform checks to see if individual passwords have been leaked in a password breach. Paying also gets you access to a built-in one-time code generator for two-factor authentication, but it’s easy and arguably more secure to use a separate app for this.
As part of our research, we also tried a variety of other password managers. Of these, Zoho Vault is another feature-packed free option, but its interface isn’t as good as Bitwarden’s.
Zoho Vault’s iOS and Android apps are nice enough, but its browser extension is a little clunky and buries useful features like its password generator behind one too many sub menus. It’s also unclear if the software has gone through a third-party security audit; the company didn’t respond to our query in time for publication.
There were two other free password managers we felt weren’t up to Bitwarden and Zoho Vault’s standards. Norton Password Manager has the advantage of coming from a well-known cybersecurity company. But we found the way it attempts to simplify its setup process actually makes things more confusing, and Norton’s support pages didn’t do a great job at helping us work out where we’d gone wrong. Norton didn’t respond to our email asking whether the software has gone through a third-party security audit.
We also gave LogMeOnce a try, but we weren’t reassured by the presence of ads in its smartphone app. It also asked for many more permissions than the other password managers we tried. The company says this is necessary to enable its Mugshot feature, which attempts to give you information about unauthorized attempts to access your account, which is an optional feature. The…