Updated on: September 21, 2023
Short on time? Here’s the best password manager in 2023:
Password managers are downloadable apps that securely store your passwords and make it quicker and easier to log into your online accounts.
While password managers are great for convenience, they are also great for security, as they enable users to create complex passwords for all of their accounts without needing to remember them all (or store them in an unsafe place!).
This article will break down how password managers work, the key components of a password manager, and whether or not they’re worth using.
What Is a Password Manager?
A password manager is a program that helps you create, store, and manage passwords. The idea is that you can use one master password to enter all of your other passwords into a single program, rather than having to remember them all. Once it’s set up, you just have to remember that one master password — and virtually everything else is handled by the password manager.
Password managers are great because they keep all of your important information safe. They encrypt your passwords so that only you have access to them (even if someone else gets hold of your computer, they won’t be able to access your password manager unless they have your master password).
Essentially, password managers mean you don’t have to remember passwords. They also store credit card information, bank account numbers, and other personal information such as home addresses and phone numbers, which can also be automatically filled into web forms.
Most password managers also generate strong, complex passwords for you, which means you can have hard-to-crack passwords for all of your accounts without having to remember them.
What Features Are Included In a Password Manager?
Aside from password storage, there are several other features that most good password managers include, such as:
- 256-bit AES encryption. Protects passwords and other important data with military-grade encryption.
- Zero-knowledge policies. Stores your passwords and other confidential data with zero knowledge about the data it’s storing.
- Multi-platform support. Grants users access to their account from any platform, operating system, device, or browser.
- Browser extensions. Provides easy-to-use browser extensions for all the most popular browsers.
- Auto-fill capabilities. Automatically enters usernames, passwords, payment card information, or other personal details into online web forms.
- Password generator. Generates complex, unique passwords ready for use with your online accounts.
- Two-factor authenticator. Generates two-factor verification codes for online accounts.
- Organization options. Organizes your passwords into different categories and folders to make it easier to manage and access your credentials.
- Password sharing. Enables users to share login details securely.
- Password vault auditing. Assesses the strength of your stored passwords and reports back if any passwords are weak, old, reused, or compromised.
- Secure file storage. Stores files including photos, passport copies, insurance documentation, and more.
- Notes. Allows users to add and store notes.
- Data breach alerts. Notifies you if your account credentials are leaked in a data breach.
- Dark web monitoring. Scans dark web forums and alerts you if any of your login credentials or other personal information are found.
- Emergency access. Allows you to select emergency contacts who can access your vault should you be unable to.
- Account recovery. Offers recovery options to help you regain access to your vault if you ever forget your master password.
- Family plans. Multi-user options with easy password sharing and intuitive family dashboards.
Many brands provide free plans with basic password management functions like unlimited password storage and auto-fill. However, if you want extra features like account recovery, device syncing, and shared vaults, I recommend investing in a premium program like 1Password. 1Password is the best password manager of 2023 — it provides excellent security features and extra tools like privacy cards and hidden vaults — plus, its interface is super intuitive and easy to use.
Are Password Managers Safe to Use? How Password Managers Keep Data Secure
Yes, password managers are perfectly safe to use. Most password managers keep data secure by using a combination of security features.
Essentially, encryption will scramble all of the data stored in your password vault, making it unreadable even if a hacker gained access. All data stored inside the password manager vault is encrypted, including login credentials, notes, and payment card details.
Password managers typically use advanced encryption such as 256-bit AES encryption, which is the same level of encryption used by governments and corporations. However, some providers offer different encryption options, including:
- 128-bit AES Encryption — Advanced encryption, less secure than 256-bit but still very strong.
- XChaCha20 Encryption — New form of encryption that claims to be even more secure than 256-bit AES.
Not even the password manager’s developers can access your information, as they do not keep a record of your master password so can’t access your vault. This means that even if hackers gain access to the password manager company’s systems, they wouldn’t be able to access or steal user passwords.
Multi-factor authentication (MFA)
MFA adds an extra layer of security to your password vault — it requires users to provide an extra form of verification to access their vault, such as time-based one-time passwords generated by apps like Google Authenticator, fingerprint or facial recognition, or a keyfile (a special file that proves you’re the owner of the password vault). MFA is also referred to as two-factor authentication (2FA).
Specialist access settings
Top password managers often include advanced settings to prevent access from unauthorized locations or devices. For example, users block access attempts from locations synonymous with hacking and even stop hackers from accessing the password vault via Tor browsers (browsers that hackers use to remain untraceable).
It’s important to know how to protect access to your password manager. Users must generate a strong yet easy-to-remember master password and ensure that no one else knows it. A master password is required to unlock a password vault — it’s linked to the decryption key needed for accessing the password manager vault.
A strong master password should be long (at least 16 characters) and contains a wide range of characters, including uppercase and lowercase letters, numbers, and special characters e.g. “I_l0v3_my_aMZa1ng_C4Ts!”. An alternative is to use a passphrase — a string of unrelated words that can be easy for you to remember but is still extremely difficult for hackers to guess, e.g. ‘calculate-heavy-surface-conqueror’.
If you lose your master password, you risk losing access to all of your passwords and other data stored in your password vault. So you need to make sure you keep a secure backup of your master password, preferably stored offline and not on any device.
Different Types of Password Managers
Offline password managers
Offline password managers allow you to access your vault and store your data offline (they’re also known as locally installed password managers). In an offline password manager, your passwords are stored in an encrypted file that’s separate from the password manager itself. Some password managers even allow you to store each password in a different file, increasing your password security further. Whatever the case, the data is ultimately stored on either your phone or computer, and the chosen device will act as your password vault.
Therefore, a hacker can’t access your passwords without accessing your physical device. But then again, if you lose your device and have no backup, it’s impossible to retrieve your data. It is possible to use your locally installed password manager across multiple devices, but this can be really tricky to set up, and requires the device with the offline password manager to go online to be accessible to third-parties. With an online password manager like 1Password, on the other hand, you can effortlessly sync your data across all your devices and it doesn’t involve any tech expertise to do so.
Offline password managers are usually offered as a free service.
Online password managers
Online password managers store your passwords and other data on the cloud in the provider’s servers rather than on your device. Therefore, you will need to be connected to the internet at all times (which is why online password managers are also known as web-based password managers). That said, there are a few online password managers, such as RoboForm, that offer the option to store your vault locally on your device too, but this isn’t the norm.
Web-based password managers allow you to access your passwords from anywhere at any time on any device, as long as the device is connected to the internet. You can easily access your vault via a mobile app, a web application, or a browser extension.
Reliable online password managers also have zero-knowledge policies, meaning that not even the password manager’s staff can access the information in your vault. This is good for security but means you have to remember your master password or risk losing your vault (though some password managers, like LastPass, have good account recovery options).
There’s a reason why online password managers are the most popular option — they’re super convenient, full-featured, and easy to use. Many online password managers offer free plans with basic password management features (Dashlane’s is particularly good), but for a few bucks a month you can get access to lots of useful additional features like multi-device sync and dark web monitoring.
Token-based password managers
Token-based password managers use a hardware device, such as a smart card or a USB flash drive, to store a key that unlocks your account. They’re also known as stateless password managers. When you use a token-based password manager, it generates a new key every single time you log into your account, thereby eliminating the need for a password vault.
Stateless password managers are very safe because your passwords are basically stored nowhere. But a hacker can gain access to your account if they have your master password and the physical token. Also, it goes without saying that if you lose your hardware device, you lose your passwords.
Stateless password managers are usually free and open source, which is great, but this means they offer little customer support (making them a poor choice for less tech-savvy users). Online password managers generally have various customer support options.
What’s the Difference Between Browser Password Manager and Password Manager Apps?
There are important differences between standalone and browser password managers in terms of security and the number of features offered. Standalone password managers like 1Password or Dashlane, offer many features, including advanced security settings, multi-factor authentication, password sharing, multi-device compatibility and synchronization, dark web monitoring, and more.
Browser password managers like Chrome or Firefox have a limited range of features in comparison — generally just auto-fill and auto-save capabilities. However, this doesn’t necessarily mean browser password managers are useless, as they can be very convenient and user-friendly. The other benefit is that browser password managers are free — but then there are many good free standalone password managers too. And along with extra security measures and a wider range of features, most standalone password managers come with browser extensions that are just as easy to use as browser password managers.
Do You Really Need a Password Manager?
Yes, you really need a password manager. Password managers can keep all of your accounts safe using military-grade 256-bit AES encryption, and many also offer two-factor authentication (2FA) to improve your account security even further.
Password managers also save you the stress of remembering numerous passwords. All you need to remember is the master password to unlock your vault — the password manager does all the rest for you. This means you can have unique passwords for every single one of your online accounts and won’t have to worry about remembering any of them.
What’s more, most password managers can generate unique, random, and unhackable passwords, saving you the hassle of doing so yourself. It’s really important to have different passwords for each of your accounts — this way, even if a hacker manages to access one of your passwords, they won’t be able to use it to get into your other accounts.
Password managers also provide additional security features like password vault auditing, data breach alerts, and dark web monitoring. This means you’ll be alerted if any of your passwords are weak, old, duplicated, or breached, and you can change them accordingly. Other convenient features good password managers offer include password sharing (which allows you to easily share passwords and other details with friends and family) and auto-fill (which automatically inputs passwords and other personal details on websites).
How to Set Up a Password Manager
These are the steps you need to follow to set up an online password manager, which is the most popular and convenient type of password manager product.
- Decide which devices you want to use your password manager on. This is the first step in setting up your password manager. Knowing the devices you’ll be using your password manager on will help you determine what kind of plan will work for you. For example, if you want to use the password manager on both your computer and your phone, you’ll need a plan that lets you sync your data across devices (most free plans don’t allow this).
- Choose your password manager and install it. The next step is to choose and install your password manager. It might be a bit difficult to pick one out of the many password managers out there (both free and paid versions), but you can narrow down your selection by focusing on only the best password managers on the market. Things to look out for include features, OS compatibility, customer support availability, and value for money.
- Create a secure master password. Choose a password that’s easy for you to remember but difficult for others to guess. You should also check if your password manager provides account recovery. This will come in handy if you should ever forget your master password.
- Enable Two-factor authentication (2FA). 2FA adds an extra layer of protection to your accounts. If your master password is compromised, 2FA will still require an additional authentication method (such as fingerprint or face recognition, time-based one-time passwords (TOTPs), or a keyfile). This can secure your account.
- Begin adding your passwords. When starting with a password manager, first store less critical passwords. As you become comfortable, you can save more essential passwords.
- Add other information to the password manager. Aside from passwords and login details, you can also store other data such as credit card details on your password manager. This is especially helpful if you often shop online — it will save you some time if your payment info is already set to autofill whenever you’re making a purchase online. 1Password even alerts you if you have a credit card stored that is about to expire!
- Share your login details. Information like Netflix account logins are often shared. However, it’s not a smart idea to share your logins via text message or chat. Most password managers provide a secure method to share your login details with others.
Frequently Asked Questions
How do password managers keep passwords safe?
Most top password managers protect user data with industry-standard features like:
- 256-bit AES encryption — the same type of secure encryption that banks and militaries use (it’s never been broken).
- Zero-knowledge protocols — means that no one else can access the sensitive data located in your vault besides you. The only way for your passwords to be decrypted and accessed is through your master password, which only you should have knowledge of.
- Two-factor authentication (2FA) — an extra layer of security that uses a second factor (like another device or a one-time code) to verify your identity before logging into your account.
My personal favorite password manager is 1Password — it’s very secure, feature-rich, has strong customer support, and is user-friendly.
Is it possible to hack a password manager?
Yes, it’s possible to hack a password manager, but it’s very rare. However, a password manager could still get hacked if your device is infected with malware, or if a hacker gains access to your login credentials and master password. That said, most top password managers offer a variety of security features to keep your account and personal information protected, including military-grade encryption, advanced 2FA options, and more.
If you’re looking for a password manager with strong security, I recommend using 1Password — it’s never been hacked and comes with industry-standard features like 256-bit AES encryption, a zero-knowledge policy, and two-factor authentication (2FA), along with key extras like Travel Mode and virtual payment cards (US only).
What’s the best password manager?
1Password is our top-rated password manager in 2023. Along with industry-standard security features, it offers useful extras including password security auditing, dark web monitoring, and secure password sharing. Additionally, 1Password is extremely easy to set up and use, offers affordable payment plans, and has strong customer support.
What happens if I lose my master password?
If you lose your master password, you could lose access to your password manager account, along with all of the items stored in your password vault. However, most top password managers offer account recovery options if you happen to lose your master password so that you can regain access to your personal data without having to create a new vault.
I recommend LastPass if you’re looking for a good password manager for recovering your account — it offers multiple account recovery options if you lose your master password, including sending a recovery code to your phone and providing an option to restore your master password for 30 days after creating a new one.
Is it safe to use a password manager on my smartphone?
Yes, it’s perfectly safe to use a password manager on your smartphone or mobile device. Many top password managers offer extremely secure, intuitive, and feature-rich mobile apps for Android and iOS devices. Similar to their desktop apps, you face very little risk of the sensitive information in your vault being breached while using the mobile apps of most premium password managers.
My favorite mobile password manager is 1Password — it has one of the most customizable mobile apps on the market, allows you to create mobile-only vaults, and is ranked #1 in our list of top password managers for both Android and iOS in 2023.