When it comes to creating logins for online accounts, people usually choose a common or easy-to-guess password and then reuse it multiple times, said Kevin Lee, a research scientist and alumnus of the Center for Information Technology Policy at Princeton University. In general, he said these “extremely bad” passwords leave information vulnerable to cybercriminals — something a password manager can help remedy.
“A password manager is a tool that stores and generates your login credentials for your online accounts,” Lee explained. It’s a security measure you can take advantage of to help steer clear of identity theft and hacking, and it eliminates the need to memorize every single one of your passwords.
LEARN MORE What is a password manager? | Should you use a password manager?
There are a handful of password managers to choose from — some of them come pre-installed on your browsers while others can be installed as standalone apps. We spoke to experts about how a password manager can make you more secure online and rounded up four top-rated and staff-recommended options.
Expert-guided password managers
Since we do not test password managers ourselves, we rely on expert guidance and staff experience to determine which password managers are best. In line with our experts’ advice, we only recommended external password managers (We explain the difference between external and browser-based password managers below). You can download all of the following managers as apps or browser add-ons. Our recommended picks offer personal, family and business plans.
Select Reporter Harry Rabinowitz has used 1Password for years and has found it to be a great option for most people. It allows you to store unlimited passwords as well as other items, like credit cards, bank documents and tax files.
It is available as a personal account or a family plan, which allows you to invite up to five guests to the account, recover accounts for locked-out users, share passwords and more. Rabinowitz uses the family plan, which has helped tremendously to reduce “What’s the password for…?” conversations in his family group chat.
Bitwarden is another top-rated option notable for its robust free version. The free plan lets you store an unlimited amount of passwords across an unlimited amount of devices, something most competitors put behind a paywall. The free plan can be used by up to two users, according to the brand.
Bitwarden Premium and Families offer extra features, like two-factor authentication, password reports, credit card storage, identification storage and more.
Keeper is similar to 1Password and Bitwarden but touts an offline mode for when you need to access your passwords off the grid. Another notable feature is emergency contacts: you can add up to five contacts that can access your account in case of emergency.
A personal account has both free and paid versions, while the five-person family version is paid-only. Like 1Password and Bitwarden, Keeper allows you to store identity and payment information as well as sensitive files.
Dashlane has similar features to our other recommendations, but its premium plan comes bundled with a VPN service. VPNs are pricey by themselves; bundling a password manager and a VPN together makes Dashlane premium a good value.
In total, you can choose from a free, premium or friends and family plan. The free version gives users access to Secure Notes and unlimited passwords. Like other password managers, Dashlane Premium generates passwords for you, stores passwords and documents and allows for a friends and family plan with up to 10 accounts.
What is a password manager?
A password manager randomly generates and automatically fills in your passwords whenever you set up an account online, Lee said. It also stores all the unique passwords it creates for each of your accounts, which means you don’t have to remember them.
To begin using a password manager, you’ll first have to create a primary password, sometimes called the master password. Lee said you use the primary password to authenticate yourself to the password manager, giving you access to all of the information it stores. That way, you only have to remember your primary password; your password manager remembers all your other passwords, including ones it generates for new online accounts
All of the information stored on your password managers is scrambled — or encrypted — before it’s saved on its server. It can only be unscrambled by you when you enter your primary password. This is why it’s so important to remember your primary password — the password manager does not store it for you. That way, only you can “unlock the contents of your vault,” Lee said.
Additionally, some password managers offer two-factor authentication. This can take the form of a fingerprint, a code on an authentication app, or a code sent via email or text message. Two-factor authentication is a good way to add another layer of protection to your data.
Browser-based versus external password managers
There are two types of password managers: browser-based and external. Each has its own benefits and drawbacks, but regardless of which you choose, using any password manager is better than not using one at all, Lee said.
- Browser-based password managers are tied to browsers like Google Chrome, Apple Safari or Mozilla Firefox. This means you only have access to the passwords stored on that specific browser or mobile app. Browser-based password managers usually are free.
- External password managers — also called third-party password managers — can be installed on your desktop, as an app or as a browser extension. All of our recommended managers are external. External password managers usually are available with free and paid versions, which impacts the features and services they offer.
Lee said both types of password managers can sync across your devices as long as they’re installed and signed in on those devices.
Should you use a password manager?
Everyone can benefit from a password manager. Password managers are useful because they help you avoid two of the biggest mistakes people make when generating passwords: using common passwords and reusing the same ones for multiple accounts.
In general, Lee said people use very common passwords when creating them — for example, 123456 — which makes it easier for cybercriminals to access accounts. In fact, attackers will almost always use a list of common passwords when they’re trying to guess the password for an account. Since password managers randomly generate unique passwords, they’re more challenging for cybercriminals to guess.
Password managers are also helpful because many people reuse the same password across multiple accounts. Lee said the typical user has over 150 accounts, but trying to remember over 150 different passwords is challenging. If one of those websites suffers a password breach, all of the accounts that use that same password are at risk for hijacking, Lee said. With a password manager, you ensure that you’re not reusing passwords, which also makes it challenging for cybercriminals to hack into your accounts.
Meet our experts
At Select, we work with experts who have specialized knowledge and authority based on relevant training and/or experience. We also take steps to ensure that all expert advice and recommendations are made independently and with no undisclosed financial conflicts of interest.
- Kevin Lee is a research scientist and alumnus of the Center for Information Technology Policy at Princeton University.
Catch up on Select's in-depth coverage of personal finance, tech and tools, wellness and more, and follow us on Facebook, Instagram and Twitter to stay up to date.