I wonder how many people in the world at least once in their life used the password “123456” or “qwerty1”?! According to SplashData, about 10% of all internet users in the world have used at least one of the top-25 worst passwords and about 3% of people have used the password “123456”. But why do so many people use these passwords, knowing that it is insecure? The answer is simple - because it is easy! It’s easy to remember, easy to type, and easy to use. But what about security? To keep your data and accounts safe, we advise you to choose passwords consisting of 12 or more different characters and use different passwords to access different accounts. Using password managers will help you follow these tips.
All data for authorization on various services can be kept in a password manager. It will also allow you to generate strong passwords. A password manager can be used for corporate goals or personal use on your home PC, Android, iOS or just as an extension for any browser. Which variant is worth choosing depends on the goal. We have collected for you the top-5 best password managers that will help protect your accounts. We conducted a comparative analysis to see which one is best. Enjoy!
First, How Password Managers Work
The password manager acts as a kind of safe inside which all your secret combinations are stored. You will not need to remember the password for each of your accounts, but only come up with a complex, and as much as possible, unique master password that opens this “safe” containing all the other data. At the same time, there are offline and online tools.
An online service is when a password database is stored on the developer's servers. This will be the most convenient solution for the user because you can use these passwords not only on a stationary computer but also on smartphones and tablets. In this case, to start synchronization, you just need to enter your login and master password. All combinations will be available to you anytime and anywhere.
However, it is clear that storing the database locally could be the safer option. Using online services requires you to trust the provider and be sure that the master password is not really available to them. You have to believe that there is no way to access the database in any other way. We are not sure that this article was written for someone who works at the Pentagon and looking for “the best free password manager” to improve the work of the US Department of Defense. Therefore, with all due respect to the importance of safe storage of your data, online services are still more convenient.
Do not worry about safety. These utilities use powerful AES encryption with a virtually unbreakable 256-bit key. Such a database can only be unlocked with the correct master password. Therefore, again, we will repeat, come up with a cool and complex master password. (And in no case can you forget it.)
1. Dashlane Password Manager
Dashlane is a cross-platform password manager with cloud sync across devices.
Security
Dashlane developers try to make their service as safe as possible. Unlike many other cloud-based password managers, Dashlane has never experienced a user data breach.
All passwords are encrypted locally on the user's device. Additionally, for authorization, you can add two-factor authentication, authorization through Windows Hello or a physical U2F key. On smartphones, protection is available with a pin code, fingerprint, or face ID. For additional protection when entering passwords the program has a built-in VPN. Dashlane is the only password manager to provide users with access to a VPN. This feature allows you to route your internet traffic over a secure encrypted channel. By encrypting your data on public Wi-Fi networks, a VPN can protect you from hackers stealing passwords and other personal data.
Features
Passwords are stored in sections. For each password, in addition to the standard authorization data, you can add an additional login and a note. Also, separately configure automatic authorization on sites, entering a master password for access. Any of the passwords can be shared with other Dashlane users.
The service automatically generates passwords when registering on sites. For old passwords, it shows information about their stability and uniqueness. Dashlane will warn you if the password is easy to crack, or if it is already in use on another site. In the Payments section, you can save all of your card data, and automatically fill in all the data when paying.
In the Contacts section, you can quickly see who you have shared data with, and quickly change the access level, or withdraw it altogether. Here you can also assign an emergency contact, who will automatically be given access to the entire database in case of your long absence.
The version for mobile devices completely repeats the functionality of its desktop brother. Therefore, we will not talk about them separately. We only note that the phone version also has automatic authorization on websites and applications. Dashlane will automatically add the extension to the browser after installation on your computer. This bundle allows you to work with such functions as automatic authorization, password generation, and filling out forms on sites. Besides extensions, Dashlane is available as a browser version. This is very convenient when working on someone else's PC.
Pricing
There are two plans for working with Dashlane: Free and Premium. Dashlane “Premium” offers more useful features than other password managers do. Therefore, Dashlane is one of the most expensive password managers on the market. Dashlane's main competitors - LastPass and 1Password - are slightly less expensive. They are also great password managers, but Dashlane's VPN and password changer give it a significant edge. The free version is not bad either, but it is not the best free password manager on the market. LastPass has a more interesting free version if you want a decent free password manager.
Let's list a few of the main advantages of Dashlane:
- Change passwords in one click. Checks all passwords in storage and replaces weak passwords in one click.
- Great user interface
- Unlimited VPN
- A well-trained team of technical specialists guarantees efficient email and live chat support.
Download Dashlane
2. LastPass
LastPass is one of the most popular password managers that is easy to use, with a powerful password generator and report function. It pretty much works automatically, saving you headaches.
Security
Signing in to LastPass can be as complex as you set it up to be. In your account settings, you can configure as many two-factor authentication options as you like.
LastPass uses AES-256 encryption to protect your data, over an encrypted SSL protocol. However, it does not store your information - it is a zero-knowledge provider, which means that only you (and those to whom you have entrusted the information) have access to your master password. LastPass will never store it on their servers or request it from you. Therefore, be sure to set up emergency contacts, because if your account is blocked, then your data will disappear forever. I think that is reassuring enough, especially in case your device or the LastPass server is compromised.
Emergency contacts
This feature is not standard for most password managers, so we moved it to a separate item. Indeed, with LastPass you can set up any number of emergency contacts with access to your account. This is in case you forget your master password and you can create emergency contacts for other user accounts as well.
It is incredibly easy to set up - just click the “Add Emergency Contact” button, enter the contact's email address, and the time limit for giving them emergency access. Voila!
Features
LastPass will not surprise you with a range of fancy features, but it does have a wide range of important features that keep your information safe: storage for credit cards and financial information, bank account details, 1GB for storing important documents and note storage, unlimited password sharing, and even storage for contacts. It also has a labeling system that helps classify information.
There are interesting parameters in your LastPass account settings - Never URL, Equivalent Domains, and URL Rules.
- Never URL allows you to add websites that LastPass will not work on (for example, if you would like to keep it private).
- Equivalent Domains allows you to configure domains that LastPass knows to be equivalent to the URL from which it retrieved your password; (It will be necessary to carefully check the equivalent domains in the list. For example, it will see Skype as similar to Bing, but the passwords from them can be very different!).
- URL Rules allow you to set rules for these equivalent domains - unless, as we said above, you do not want LastPass to use the same login for two separate domains.
There is a flaw with the import function, as there is no automatic import function. This is unlike their closest competitor, Dashlane, which imports all of your passwords without even asking you. This is a little disappointing. The easiest way to import passwords is through a browser extension. But, what if you have multiple browsers with many passwords…?
Pricing
LastPass offers three types of packages: Free, Personal, and Business. The “Personal” package has two more categories of packages - “Premium” and “Family”. The “Business” package also offers “Team” and “Enterprise” packages. “Premium” is for personal use only; “Family” for 6 users; “Team” from 5 to 50 users; and “Enterprise” for 5+ users.
As we mentioned earlier, the LastPass free package is one of the best, with a basic set of features that should be enough for non-commercial or personal use. You decide.
By choosing a free plan, you will lose Emergency access and, for their technical support team, you will not be a top priority. Also in our opinion, a significant disadvantage in LastPass is the absolute absence of a refund policy, which they do not mention on their website. Therefore, be careful when choosing a tariff, and of the password manager in general.
Main advantages:
- Easy installation and easy to use
- Excellent security check function
- Full free version
- Useful “Emergency contacts” function
Download LastPass
3. NordPass
NordPass is a relatively new password manager developed by NordSecurity, creator of NordVPN, one of the best-known VPNs in the market. It was launched in 2019 and is a cross-platform zero-knowledge architecture password manager with cloud synchronization and applications on macOS, Windows, Android, iOS, and Linux. It also offers browser extensions on Google Chrome, Opera, Mozilla Firefox, Microsoft Edge, Brave, and Safari.
Security
NordPass, like most similar password managers, uses a master password to grant access to the vault. Since it's a zero-knowledge architecture software, the master password is inaccessible to NordPass, and the vault is first encrypted on the user's device before being stored on the cloud. It also provides two-factor authentication and supports authentication apps, such as Authy, Google Authenticator, and Duo, and even logging in with biometrics, but misses 2FA key support.
What separates it from other password managers is the use of XChaCha20 encryption algorithm for its data encryption. It's a somewhat new encryption standard that made its way to such companies as Cloudflare and Google, and the former implemented it in 2015 to improve mobile device performance for websites.
NordPass grounded this encryption algorithm's choice by stressing advanced and innovative user security solutions that would be sufficient in the future. Furthermore, XChaCha20 is praised for being faster and easier to implement and audit.
Features
NordPass is simplistic, although a fully developed password manager with numerous features. First of all, the app and browser extensions are extremely easy to use, which will provide comfort for casual Internet users. However, it lacks advanced customization features for more tech-savvy people, such as KeePass provides.
Coming from a professional cybersecurity company, it provides all the necessary features of a high-quality password manager coupled with advanced security. The basics are all there: it will allow you to store hundreds of complex passwords in an encrypted vault, autofill them, alert of reused or weak passwords, provide a password generator, and importing passwords to this password manager is a very straightforward process.
On a not-so-typical side, NordPass provides features such as a data-breach scanner for leaked passwords, which will scan leaked databases and compare them to passwords stored in your vault. You can also use a Password Health feature to check all of your passwords, and it will sort them into three categories - weak, reused, and old, alerting of potential issues.
Finally, you can organize passwords into folders, save credit card details, write down secure notes, and safely share passwords.
Pricing
NordPass offers three plans: Free, Premium, and Family Premium.
The free plan will allow you to save unlimited passwords, sync them across all devices (even though only one active device can be used with this plan), and keep notes & credit cards - it's a pretty limited plan.
Premium will cost $2.49/MO or $59.76 in total for a two-year plan, $2.99/month, or $35.88 for a one-year plan, or $4.99 for a monthly subscription. This plan includes all the features available for a single user, including, but not limited to, the ones discussed in the review.
The family Premium plan is a bundle of five NordPass Premium accounts, which costs $3.99/month or $47.88 for a one-year plan.
Download NordPass
4. Enpass
Enpass is a password manager supporting local data storage and cloud synchronization using third-party services like WebDav, Dropbox, Google Drive, OneDrive, and OwnCloud. This is a program with no special additional functions, designed primarily for storing passwords. We have added it to our list of “best” especially for those who will use such programs for personal purposes and do not need a bunch of specific features. Among the other simple programs in its category, it is considered good. Also, the premium version only costs $5.99 per year.
Security
Enpass uses a master password to control the entire program. In the mobile app, you can set up a biometric fingerprint, which is fairly easy to set up, but apart from that, there really is not anything else. The Enpass web app does not have two-factor authentication. It is possible to lock your device (which is pretty good), but some users may not like the lack of 2FA. If you buy the premium version, then it gives you the opportunity to use Windows Hello authentication.
Features
As already mentioned, this is a fairly simple password manager, which is very good if you are looking for just basic functionality. The program stores passwords, gives you the ability to save your confidential financial information, and use it as a virtual wallet. It can be used in several ways: a beautifully designed desktop app, a mobile app, and browser extensions.
Enpass has a cool password generator in the web app and also in the browser, but not in the mobile app. You can easily set up good, strong passwords using letters and even customize the delimiter character to your preference. Moreover, it allows you to decide if you want the password to be pronounceable or not.
If you decide to share your passwords, Enpass will let you do so. This is possible both in the desktop version and in the mobile application - just find the desired username and select the “Share” option. You will be prompted to send a shared key for encryption purposes.
You can sync the Enpass Password Manager base with other computers or mobile devices running iOS or Android. To do this, the program uses cloud storage Dropbox or OneDrive. To enable synchronization, you need to select one (or both) of the services in the program settings.
Pricing
For a one-time fee ($41.99), Enpass offers several additional features for the desktop and mobile app (unlimited items, unlimited vaults, and more). There are also annual rates, for example, if you need a password manager for a short-term project. And of course, a monthly payment plan for testing. The desktop version you get for free–but only with 25 items.
Main advantages:
- Ease of use and setup
- Free desktop version
- High-quality storage of any user information - from login to passport data
- Cloud sync services
Download Enpass
5. Bitwarden
Bitwarden is a very easy to use, yet functional password manager. Bitwarden can easily compete with such giants as LastPass and 1Password. But, unlike them, it is completely open source.
Security
Bitwarden uses strong end-to-end encryption, so no one but you can access your passwords. Optionally, you can set up your server and deploy Bitwarden on it. This is the advantage of open source, and you will be solely responsible for security. Who to believe if not yourself?
After a period of inactivity, almost every password manager logs out. You can set Bitwarden to exit from anywhere between one minute to four hours. You can also set a lock when the system enters sleep mode. Two-factor authentication will greatly enhance the security of your saved passwords.
The free version of Bitwarden supports 2FA using Google Authenticator or Duo Mobile equivalent. When you enable 2FA in Bitwarden it offers an unlock code, and highly recommends keeping it in a safe place. Attach the QR code to your authenticator app and you are ready to go. It is also possible to receive 2FA codes by email but using the application is much more convenient.
Features
The Bitwarden app and its online storage look very similar but there are differences. To import data you must use the online storage. To edit saved passwords you must use the app.
As for the password generator, Bitwarden includes analysis tools to find passwords that need to be changed, but it reserves this feature for paid plans. When you find a password that you have used multiple times or a weak password such as “123456”, you do not have to come up with a replacement yourself. Like almost all competing products, Bitwarden includes a random password generator to help you out. The generator can output passwords from 5 to 128 characters long, but by default it is 14 characters.
Bitwarden stores two types of personal data items: cards and IDs. For each credit card, you record details such as number, cardholder name, and CCV. This prevents you from tying the card to your smartphone's camera like Dashlane and some others do, but filling in the data here means you do not have to fill it elsewhere.
If you are moving to Bitwarden from a different password manager, you do not have to transfer all data and combinations manually. The program supports import and export functions and can accept passwords from a huge number of other applications and browsers: Chrome, Firefox, Opera, Dashlane, Enpass, KeePass, LastPass, Blur, 1Password, PassKeep, RoboForm, Vivaldi, and Zoho. To import the information you want, open the Bitwarden web client settings, select where you want to transfer the entries from, and then follow the instructions.
Pricing
Bitwarden is completely free, with no restrictions on the number of devices used or number of saved passwords. Spending $10 a year on Bitwarden Premium gives you 1GB of file storage (useful if you decide to use Bitwarden for notes), advanced two-factor authentication, and priority tech support. The premium mode of the program will not be particularly useful to the average user.
The free version of Bitwarden allows you to connect an authenticator app to your account (any for Android, iOS, or Windows is suitable) or offers to send you one-time codes by email.
Main advantages:
- Open source
- It can be hosted on your own server
- Automatically sync passwords
- Auto-fill passwords
- Fully functioning free version
Download Bitwarden
6. 1Password Password Manager
We left this option for the end, as for many years, 1Password has been the best among its competitors, and has been around for 14 years. A distinctive feature of the service is the placement of classified information not in the developer's cloud storage, but on the user's own local or network drive.
Security
After registration, a secret key, and a Master password are generated, which are protected by AES-256 encryption and are not saved anywhere; therefore, they cannot be restored in case of loss. Protection against attacks is guaranteed by SHA512 and PBKDF2 algorithms, and each element of your database is encrypted with a 256-bit key (AES). So theoretically, it will take from several months to a year to find a password for your account. However, if you have lost a device that was not protected at the unlocking stage, no one will guarantee the safety of passwords and card information. So be careful.
Features
1Password allows you to store a variety of information including passwords, identity cards, and notes. All information is stored in a general list and the categorization is equal to the type of information. You can add your own tags, which will greatly simplify the search for the information you need. Passwords can be stored in different "safes" (password databases) and switched between them without restarting the program.
An interesting feature is a check that all sites are working on https. All passwords are protected by 2FA. Passwords can also be set to expire. Access to information is open while 1Password is open. There will be no additional password requests.
There is a Travel Mode. This is a useful feature not only for traveling. You mark passwords as safe for travel. Switch your account to Travel Mode before starting your trip. Now when you are asked to enter a password during customs control, only travel-safe passwords will be displayed. You can enable this function only from 1Password.com. There will be no notifications on your device that you have enabled travel mode and the customs officers will not suspect anything.
Watchtower Service generally refers to security features: you will be able to receive round-the-clock notifications of any security breaches on services or sites used by you or your family. The service will inform you if you are the victim of a data breach so that you can update the hacked password.
Pricing
There are two different variants that you can get access to 1Password: Personal and Family or Team and Business.
You can purchase a subscription that starts at $2.99 per month for individuals or $4.99 per month for families (per family of five people). This subscription handles cross-device sync for you, as well as some of the other features we have mentioned.
Members get free access to desktop apps as part of their membership, so you never need to purchase a separate license.
For $7.99 per month, you get 1Password Business with VIP support, 20 guest accounts for limited access, usage reports, free family accounts for all your business team members, and many other useful things.
You will also have access to a free trial for 1 month. At the end of this period, you will be asked to provide your credit card details. All features will be available to you during the trial period.
Main advantages:
- Synchronizes with all devices
- Generate secure passwords
- Family plans for sharing passwords
- Travel mode
- Unlimited number of downloads of applications and browser extensions
- After the subscription expires, the data is available for viewing and export
All described password managers are placed in the following comparison table to save your time in reviewing the details. Choose the best option for yourself.
Dashlane | Enpass | LastPass | Bitwarden | 1Password | |
Website | dashlane.com | enpass.io | lastpass.com | bitwarden.com | 1password.com |
Platforms | Android, iOS, macOS, Windows, Linux, Web, Browsers (Chrome, Firefox, Safari, Opera, Internet Explorer, Edge) | Android, iOS, macOS, Windows, Linux, Web (Chrome, Safari, Opera, Edge, Internet Explorer) | Android, iOS, macOS, Linux, Windows, Windows Phone, Web (Chrome, Safari, Opera, Edge, Internet Explorer) | Android, iOS, Windows, macOS, Linux, Web (Chrome, Firefox, Safari, Opera, Brave, Microsoft Edge, Vivaldi, Tor Browser) | Android, iOS, macOS, Windows, Linux,Chrome OS, Web (Chrome, Firefox, Safari, Microsoft Edge) |
Two-factor authentication | + | - | + | + | + |
Emergency contacts | + | - | + | - | - |
Travel Mode | - | - | - | - | + |
Family plans | - | + | + | + | + |
VPN | + | - | - | - | - |
Minimum price for PRO* | $40 per year | $5.99 per year | $36 per year | $10 per year | $36 per year |
*Current price as of July 2020
Some companies have a rule for employees to change passwords every 90 days. But, sometimes it can actually reduce the level of security. We advise you to turn to one of the programs described above, in order to not lose peace and sleep from the devastating news about millions of stolen credentials. This is important both for companies and for employees themselves. Improve the security requirements of the passwords themselves:
- Make them long and complex
- Use different types of data (letters, numbers, signs)
- Avoid alternating the same combinations
- Use multi-factor authentication (fingerprint reader, face ID scan, etc.)
Remember that using a password manager is one of the protection strategies that allow you to minimize risks and simplify your life.
Password Managers FAQ
For any user, including the government or an attacker, to gain access to your account, they must have your master password to decrypt the password manager database. Therefore, the security of your data largely depends on using a strong master password and protecting it from theft. The main guarantee lies with you.
If you forget the master password that protects your other passwords, you could lose everything. Some password managers offer recovery options, but none are perfect. You can contact technical support, but you will most likely need to create a new account.
If your password managers subscription expires, you will be able to access, view, and export all of your data in almost every one of the listed services. You simply will not be able to edit or add new items.
You must decide if you are willing to offset the increased risk of your password being stolen from your password manager and the devices on which you set it up in exchange for the protection the password manager gives you. There is simply no single recommendation for everyone!
Read Also
How to Handle WordPress Security Risks in 2020 [Ultimate Checklist]