The sheer number of apps and services each of us use on a daily or weekly basis is headache-inducing when you think about all of the login credentials and passwords that entails. It’s why many people use the same password, or a variation of it, multiple times. While convenient in the near term, it’s a dangerous security risk in the long run.
A single data breach containing your account credentials could provide would-be bad actors with everything they’d need to gain access to your social media, email or, even worse, online bank accounts.
The solution? Use a password manager. Instead of reusing passwords or keeping a document that stores all of your account logins, a password manager will securely store your information and even generate then autofill complex passwords on your behalf.
We’ve been testing some of the most well-known password managers, with solutions ranging from free and built into your phone to paid offerings that include file storage and secure messaging apps. And while the free options are tempting because they don’t cost anything, you’re better off investing in your personal security. After our thorough testing and analysis, one option clearly rose above the rest:
Best password manager: 1Password
From $3 a month at 1Password
The cat’s already out of the bag. 1Password offers the total package: security, usability, features and pricing. It starts at just $3 a month for one user or $5 a month for family plans that protect up to five users.
After signing up for your account, which includes the option for a free 14-day trial, you can download an app or a browser extension. The apps and extensions are used to create, fill and store your complex passwords, so you don’t have to worry about remembering them. Better yet, every major operating system is supported, including macOS, Windows, Linux, Chrome OS and even those who stick to the command line.
Browser extensions include support for Chrome, Edge, Firefox, Brave and Safari. There’s even an app, called 1Password X, that lives in your browser if you use Chrome, Firefox, Edge or Brave.
You have full control over how complex the password is in terms of length and amount of numbers and symbols, or you can pick a memorable password that strings together a series of words.
For online accounts that use two-factor authentication (2FA), which adds an extra layer of protection by requiring your username, password and then a randomly generated code typically delivered via text or mobile app (you really should turn this on for all accounts that allow it), 1Password will store your one-time passwords and autofill them in the proper text field when available. With the exception of Keeper, we found competing services either required us to download a secondary app or didn’t support 2FA codes at all.
The process for telling 1Password to fill in your credentials depends on which platform you’re using. For example, on a Mac, the keyboard shortcut of the Command and “” key will open the app. On Windows, it’s the Control and “” key.
On iOS, you can use the systemwide autofill feature that displays your login as a shortcut just above your keyboard. Depending on the version of Android you’re using, 1Password either shows up at the top of the keyboard or you have to trigger it with a long-press in the text field, then selecting Autofill.
1Password can be opened from anywhere within each platform, be it apps or in any browser, and will automatically fill in your username and password and, if you have your 2FA code added, it will either copy it to the clipboard for you to manually paste when prompted or it will autofill it for you as well.
The process is especially smooth on iOS and Android where 1Password uses fingerprint or facial recognition to unlock itself and fill in your details, with minimal effort on your part.
Included with each 1Password account is extra storage for keeping personal data and documents, like photos of your driver’s license or social security card, along with any other private files you want to have access to at all times but don’t want to store in your typical cloud storage service. You can also securely share items in your vault — from passwords to documents — even if the recipient doesn’t use 1Password.
You can turn on Watchtower, an optional feature that will analyze your usernames and passwords, letting you know how many passwords are considered weak and should be changed, and list how many have been reused across your various accounts. Additionally, 1Password will check your various account details against known leaks posted on the website haveibeenpwned.com. If your details are detected, 1Password will let you know and suggest changing your login info.
As for keeping your 1Password account secure, the company encrypts your data with three different keys, each of which have to be used in order to unlock all of your passwords and banking information inside. A hacker would need access to your encrypted data, and then they’d need to know your master password — what you use to unlock the 1Password app when fingerprint sensors or facial recognition is unavailable — and your secret key. The secret key is a complex string of 26 letters and numbers that’s linked to your account. For those nervous about storing all your most private details on 1Password’s services, you can read more about 1Password’s approach to keeping your information secure on its blog, and take comfort in the fact that (knock on wood) the company has yet to suffer from any sort of hack or data breach. Of course, no company or service is immune to attacks. LastPass has suffered a series of high profile breaches, the first in 2015, in which attackers were unable to gain access to user password vaults, followed by more serious incursions in 2022 which may have exposed user data.
The team at 1Password has built the complete package when it comes to an app and service that keeps your personal information safe and secure. The apps are quick to get up and running, and the ease of use takes the headache out of using a password keeper.
How we tested
After searching the web for good password managers, both free and paid, along with researching which had the best reviews, we decided on our testing pool. Compatibility across platforms via specific apps, a website or a browser extension was a must here as well.
With each of these services, we created an account and set it up as brand new so we could note any nuances and gauge the difficulty of the setup process. In terms of password creation, we thoroughly tested adding an account and creating new passwords via our own complex idea or by using the password generator component. We also tracked how quickly that password appeared to be uploaded and available in the secure cloud.
And if you’re like us and might be migrating from a different password service, we tried importing our current library (accounts and passwords) into the new service. We also used each of these as our daily drivers for a bit.
- Setup and installation: As we created our account and started the journey with each service, we paid close attention to how long it took and how easy it was to set up.
- Password library: This was an umbrella category and covered all things password-related. From importing previously saved ones to syncing across devices and even creating a password on the fly.
- Apps: Being able to access your password manager app from any device with ease while also having it be secured was critical. Here we examined the interfaces across services as well as the platforms apps were available for.
- Security: Close attention was paid to how many layers of security were in front of seeing our actual passwords. If it was an app, we noted if it supported face or fingerprint recognition. We also looked at whether secret keys are required and if the service offered dark web monitoring.
Other password managers we tested
Bitwarden
Free with limited features or $10/year at Bitwarden
Bitwarden is a worthwhile option for tech enthusiasts. It’s an open-source project that allows you to host and manage Bitwarden on their own server, keeping your data to yourself. You can access your passwords via a browser extension, desktop app, mobile app or even a command line interface. There are plans aimed at individuals and at businesses or families, with free and paid tiers for each. A premium individual account is only $10 a year (that’s not a typo), while a family account is $3.33 a month for up to six users. We really like and appreciate Bitwarden’s approach but feel that 1Password offers a more user-friendly interface and experience. That said, if you’re comfortable tinkering with software, want the security that only keeping your information to yourself can provide or just like the idea of an open-source password manager, you can’t go wrong with Bitwarden.
Last Pass
Free with limited features or $36/year at Last Pass
In previous testing, we found the commonly known LastPass to be a solid free option. Unfortunately, recent changes have knocked the free tier down a few notches. Previously, the free tier allowed access to your passwords from multiple devices across operating systems — so, we could save a password on a Windows 10 Laptop and have it autofill on a phone. Now, you get access to your passwords from either a desktop PC (app or browser) or a mobile app, not across both. This removes what, basically, is the key reason you’d get a password manager, which is the ability to manage passwords and usernames across devices with just one app. The company has unfortunately suffered a series of high profile breaches over the course of 2022, and while it is still unclear how much user data may have been stolen users (and potential users) should take care to change their master passwords and any passwords saved in their vaults.
Keeper Security
From $35/year at Keeper Security
Keeper offers a wide range of apps and extensions, supporting multiple platforms, and is easy to get up and running. Storing 2FA codes is built in, making it simple to keep all of your information in one place. Keeper’s plans range widely in price because the company adds more services for higher-priced tiers. For example, the base plan gives you the basics: password management and device sync. If you want more advanced features, like BreachWatch Dark Web Monitoring or secure file storage, you’ll have to pay more per month. Ultimately, the overall design and usability of Keeper is what held it back from being our top pick. The interface isn’t always intuitive and easy to use, particularly on a computer. And to get feature parity of the 1Password plan, you’re going to pay a bit more with Keeper, which also includes KeeperChat Private Messenger, an app you can only use with fellow Keeper subscribers.
Apple iCloud Keychain
Free at Apple
If you spend all of your time inside Apple’s ecosystem of Safari, iPhone and iPad, then this free offering is a good fit for you. You can’t import or export any of your passwords, but there’s literally no setup or extra steps you need to take to start using it. Just fill in a password in an app or Safari on your iPhone, and iCloud Keychain will ask if you want to save it. Start signing up for a new account, and it will suggest a strong password. There are two main problems with iCloud Keychain as your main password manager: It’s limited to Apple products, which also means you have to use Safari as your browser on a computer. With the recent release of iOS 14, Apple recently added a tool that identifies compromised or weak passwords, and lets you know when they need to be changed, a feature the service has been lacking.
Google Chrome Password Sync
Free at Google
Google also has a password manager of its own, built directly into Android and the Chrome web browser. What makes this solution different from Apple’s is that it’s not just limited to Android and Chrome, thanks to a recent update on iOS. Google added the ability to access your passwords saved in Chrome anywhere in iOS, such as apps or even in Safari, allowing you to fill in information outside of Google’s ecosystem. But even then, you’re still limited to using Google on your Mac or Windows PC. Google also provides a tool to scan your credentials to see if they’re included in any sort of data breach and will suggest making a change if so.