Short on time? Here’s our favorite password manager in 2023:
- 🥇 1Password: High-level security with 256-bit AES encryption, zero-knowledge architecture, and various two-factor authentication options. Includes useful extras like secure password sharing (with anyone), password security auditing, dark web monitoring, hidden vaults, and 1 GB secure storage.
A password manager is one of the best (and most convenient) ways to protect your login credentials in 2023. Threats like data breaches, phishing attacks, and password cracking result in millions of user accounts being hacked every year, and most users aren’t taking the necessary steps to protect their logins from hackers and scammers.
To prevent your online accounts from getting compromised, you should create a different and complex password for every single account — for example, I strongly recommend that each password has at least 12 characters and includes upper and lower case letters, numbers, and symbols. I know that it’s overwhelming to come up with so many unique passwords, remember them, and keep all of them in a secure place.
Fortunately, a good password manager takes care of everything for you — it generates, stores, and even auto-fills all of your logins so you don’t have to memorize all of them.
But not all password managers provide the same level of security — many log your data on their servers or lack secure 2-factor authentication (2FA), increasing the risk of your saved logins being stolen in a data breach or by a password cracking tool.
But all the password managers I recommend use advanced security technologies to protect user data, such as end-to-end encryption, zero-knowledge architecture, two-factor authentication (2FA), password auditing, and breach monitoring.
In this article, you’ll learn how top-rated password managers reliably secure your logins and protect your account and devices from being hacked. And, I’ll also recommend the best password managers in 2023.
How Do Password Managers Keep Your Data Secure?
Password managers store all of your login information (and other information like addresses, travel documents, payment information, and more) in a secure password vault. Your password vault is only accessible by entering your master password, which is a single password that unlocks your password manager. The information in your password vault is encrypted using unbreakable 256-bit AES encryption, and that encrypted data is sent to the password manager’s proprietary cloud servers so that your vault can be synced across all of your devices and apps.
Password managers use a process called hashing to encrypt user information from your password manager — this means that your master password and a unique chain of random characters generated on your device are used as the keys to scramble the encryption. So, this hashing function creates stronger encryption and protects your data on your password manager’s servers. This type of encryption is known as end-to-end encryption, because the keys to unlock the encryption are only stored on your device, allowing you to sync your password vaults between multiple devices.
A password manager with good end-to-end encryption is described as having a zero-knowledge architecture. This way, even the developers of your password manager have zero knowledge of the information in your password vault.
To sum up, password managers keep your data secure with 256-bit AES encryption, as well as advanced password hashing techniques that ensure your data isn’t accessible to your password manager.
However, none of these tools will protect you if a hacker gets ahold of your master password. While password managers generate a new device key for any device that is authenticated with your master password, a hacker can access your password vault from their device if they steal your master password. This is why it’s essential to protect your password vault with a strong master password, as well as 2FA and other cyber security programs.
Get the Best Password Manager in 2023
Can a Password Manager Be Hacked?
A password manager can only be hacked if your master password is somehow exposed, shared with an untrustworthy person, or cracked. As I pointed out in the section above, if a bad actor steals your master password, they can authenticate a unique key on their device and access your entire password vault. This is why it’s very important to create a long master password (at least 12 characters).
But even a strong master password can be stolen if your computer is infected by keyloggers, screenloggers, trojans, spyware, or rootkits. These malicious programs record your keystrokes and screen activity, or simply give hackers remote access to your computer, which allows a hacker to steal your master password and log into your password vault.
This is why I strongly recommend using a premium antivirus program like Norton to protect your computer from every type of malware.
While client-side password manager hacking is a risk, server-side hacking isn’t something you need to worry about with a good password manager like 1Password or Dashlane — because password managers use secure end-to-end encryption, your information is completely uncrackable on a password manager’s servers. So, even if hackers successfully breach your password manager’s servers, none of your information will be accessible. This was demonstrated when LastPass’s servers got hacked in 2015. Hackers gained some internal LastPass data, but no user data was extracted from the encrypted files on LastPass’s servers.
Get the Best Password Manager in 2023
Tips on How to Further Secure Your Password Manager
One of the most important security measures you can take is to create a strong master password. Password managers like 1Password help users create a strong and unhackable master password with useful on-screen instructions, and they flag master passwords that are too short, simple, or are duplicates of a password already saved in your vault.
Once your master password is set up, you should strengthen it using 2FA. 2FA tools require users to accompany their login information with a second piece of verification, like a biometric scan, a time-based one-time password, or a USB token like Yubikey. Locking your password manager with 2FA ensures that, even if your master password is stolen, your password vault won’t get hacked.
The best password managers allow users to choose from a variety of 2FA tools to strengthen their logins — USB and biometric scans are considered the most powerful types of 2FA because they’re impossible to digitally duplicate (1Password has both).
Once you’ve imported all of your passwords into your vault, you need to make sure you don’t have any weak entries in your vault (for example, if you’ve been using “MyCat’sName1234” for all of your logins). Password vault auditing tools analyze every one of your saved logins and flag repeated, weak, or generic passwords so you can replace them before they get compromised.
And finally, once you’ve affirmed that your vault only contains strong passwords, you need to maintain your vault’s security. Most top-rated password managers provide breach monitoring tools that instantly notify you if any of your passwords are leaked in a public data breach — Dashlane even has a live dark-web monitoring team, which scans hacker forums for private data breaches.
Once you’ve selected a strong master password, set up good 2FA protection, audited your password vault, and activated data breach monitoring, your password manager is about as secure as it can possibly be.
Get the Best Password Manager in 2023
Best Password Managers for Keeping Your Passwords Secure
Quick Summary of the Best Password Managers for Keeping Your Passwords Secure in 2023:
- 1. 🥇 1Password — Best overall password manager in 2023.
- 2. 🥈 Dashlane — Highly secure with more extras than most competitors.
- 3. 🥉 RoboForm — Budget-friendly option with good security.
- 4. Keeper — Best for secure chat and storage.
- 5. Bitwarden — Open-source password manager.
- Comparisons of the Best Password Managers.
🥇1. 1Password — Best for Comprehensive Password Security in 2023
1Password includes excellent password security with strong encryption, zero-knowledge architecture, and a great set of extra features. It uses bank-grade 256-bit AES encryption to secure your password vault from attackers, as well as hashing technology, security keys, and a master password to ensure that your data is only accessible from your devices. Due to this zero-knowledge architecture, even 1Password’s developers can’t access your data.
In addition, you get a wide range of two-factor authentication options for additional security, as well as local data storage that lets you access your vault offline.
1Password includes excellent additional features, like:
- Secure password sharing.
- Travel Mode.
- Password security auditing.
- Dark web monitoring.
- Shared family vaults.
- Encrypted storage (1 GB).
- Privacy Cards (US users only).
- And more…
I think it’s great that 1Password lets you securely share passwords and other sensitive data with anyone, not just other 1Password users. Most competitors only along sharing among users, so it’s great that 1Password doesn’t force the password recipient to create an account to be able to view and use the shared credentials.
One of my favorite 1Password features is Travel Mode, which allows you to hide certain logins while you’re traveling. This feature is very easy to use and prevents intrusive border officials from accessing your social media or other personal information.
I’m also a big fan of 1Password’s security auditing. In my testing, it identified a couple of weak passwords, detected 3 duplicate passwords, and alerted me that one of my credit cards expired. 1Password’s data breach monitoring tool scans HaveIBeenPwned, which is a database of publicly available data breaches — it’s good, but not as good as Dashlane’s live dark web monitoring team.
1Password Personal ($2.99 / month) includes all of the above-mentioned features for a single user, whereas 1Password Families ($4.99 / month) adds coverage for up to 5 accounts, as well as a vault sharing dashboard that makes it easy to adjust permissions and recover accounts for family members on a shared plan.
1Password is the only password manager that lets you add an unlimited number of users to the family plan for a small fee (it’s the best password manager for families in 2023). You don’t get a money-back guarantee, but there’s a risk-free 14-day free trial, which gives you enough time to try it and see if it’s right for you.
Read the full 1Password review
🥈2. Dashlane — Excellent Security + Tons of Features
Dashlane is very secure, comes with a ton of convenient features, and is super simple to use. In addition to 256-bit AES encryption and zero-knowledge architecture, it has the following security features:
- Password security auditing.
- Secure password sharing.
- Virtual private network (VPN).
- Live dark web monitoring.
- And more…
Like 1Password, Dashlane has an excellent vault auditing tool that checks the strength of all of your passwords and gives a score for your overall password security.
Dashlane’s live dark web monitoring is the best on the market — it aggregates data from public data breaches and dark web forums to give live updates when user data gets breached. Thankfully, none of my passwords were exposed on the dark web!
Dashlane is also the only password manager to offer a VPN — while it’s not as good as the best standalone VPNs, it’s secure, easy to use, and able to access streaming sites.
Dashlane Free allows unlimited password storage on 1 device — while a few other brands offer multi-device syncing on their free plans, Dashlane is still one of my favorite free password managers. Dashlane Advanced ($2.75 / month) and Premium ($3.33 / month) cover unlimited devices, whereas Dashlane Friends & Family ($4.99 / month) adds up to 10 users. You can try Dashlane with a 30-day free trial, and all purchases are backed by a risk-free 30-day money-back guarantee.
🥉3. RoboForm — Budget-Friendly Option with Good Security
RoboForm provides secure password protection, offers the most precise form-filling functionality out of all password manager apps, and is one of the most affordable password managers on the market.
RoboForm’s zero-knowledge architecture and end-to-end 256-bit AES encryption ensure that your data is secure on its servers. It also offers excellent security features like:
- Password auditing.
- Password sharing.
- Emergency access.
- TOTP and biometric 2FA.
- Bookmark storage.
RoboForm’s vault auditing tool increases login security by flagging weak and repeated passwords, and its 2FA options ensure that your vault is securely locked behind both a master password and either a fingerprint scan or one-time passcode. But unfortunately, RoboForm isn’t compatible with USB 2FA tools (unlike 1Password).
RoboForm also includes the most advanced set of form-filling templates of any password manager on my list — it automatically enters information like home addresses, bank account information, vehicle registration, passport information, and more. In my tests, this feature helped save me tons of time when I filled out an online application for a new credit card.
RoboForm has a pretty good free version, which offers password auditing, bookmark storage, and unlimited logins but only for 1 device. The premium plan RoboForm Everywhere ($0.99 / month) adds 2FA, password sharing, emergency access, and cloud backup, while Roboform Everywhere Family ($27.70 / year) allows for up to 5 separate user accounts. All RoboForm premium plans are backed by a 30-day money-back guarantee, and there’s also a 30-day free trial.
4. Keeper — Best for Secure Chat & Storage
Keeper provides the same industry-standard encryption protocols as all of the other password managers on this list — I really like how users can secure their master password with 2FA options like biometric scanning, TOTP apps (including smartwatch capability), SMS codes, and USB tokens.
Plus, Keeper offers other safety measures, including dark web monitoring, vault auditing, encrypted messaging, and encrypted storage. I especially like the encrypted messenger app (KeeperChat), which uses the same encryption and zero-knowledge architecture as Keeper’s main password manager app for high-level security (and I really like how user-friendly it is). I’m also impressed that Keeper offers up to 100 GB of encrypted storage (top competitors like Dashlane and 1Password only offer 1 GB).
However, I don’t like that breach monitoring and cloud storage cost extra — I’d like to see Keeper offer all of its features inside its premium plans.
Keeper has a free plan, but it’s a very bare-bones password manager. Keeper Unlimited ($17.49 / year) lets you store unlimited passwords on unlimited devices, whereas the Family plan ($37.49 / year) allows for unlimited storage on up to 5 different user accounts and includes 10 GB of encrypted cloud storage. While Keeper doesn’t offer a money-back guarantee, it has a 30-day free trial.
5. Bitwarden — Good Open-Source Password Manager
Bitwarden is an open-source password manager, which means anyone can inspect its source code. Its security has been widely tested and proven by cybersecurity experts around the world.
Bitwarden uses 256-bit AES encryption to protect user data, plus it gives users the option to store their data locally (like 1Password). It’s compatible with 2FA options like USB tokens, biometric verification, TOTP apps, and one-time email codes, and it also comes with extras like password security auditing, breach monitoring, and password sharing.
However, Bitwarden isn’t as intuitive as 1Password or Dashlane — it sometimes fails to detect login fields for some sites, and its password sharing feature is a little complicated for new users.
Bitwarden Free allows unlimited password storage on multiple devices, supports 2FA, and has local storage. Bitwarden Premium ($10.00 / year) adds password auditing, a built-in TOTP authenticator, and encrypted file storage, whereas Bitwarden Families ($40.00 / year) covers up to 6 users. You get a 30-day refund guarantee with all Bitwarden plans.
Comparisons of the Safest Password Managers
How to Choose the Best Password Manager for Your Needs
- Security. All of the password managers on this list come with 256-bit AES encryption, provide two-factor authentication (2FA), and have zero-knowledge architecture.
- Extra features. In addition to industry-standard security features like encryption and auto-filling, I only recommend password managers that include bonus security tools like password vault auditing, advanced 2FA options, data breach monitoring, and more (1Password has hidden vaults and virtual payment cards, and Dashlane even comes with a VPN).
- Ease of Use. All password managers should have intuitive interfaces and easy-to-use apps for all of the major platforms (RoboForm is the best for ease of use).
- Compatibility. A good password manager should provide good apps for both desktop and mobile devices. All of my top choices are compatible with all operating systems and devices.
- Value. The best password managers offer competitive prices, a strong suite of features, and either a free trial or a money-back guarantee.
FAQs — Is It Safe to Use a Password Manager in 2023?
What is the main risk of using a password manager?
The biggest risk of using a password manager is getting your master password cracked or stolen — if this happens, your entire vault can be accessed. The master password (which is used to unlock your password manager) is vulnerable if it’s too weak, and it can also be compromised through a phishing attack, a data breach, or a malware infection. To avoid these situations, use a strong, unique master password (12 or more characters, including numbers and symbols) and install a top antivirus (Norton is my favorite) to keep your system clean from malware.
Does a password manager know all of your passwords?
No, a good password manager includes security features that prevent it from accessing any of your passwords. All of the password managers on this list rely on zero-knowledge architecture and end-to-end encryption to maximize user security. So, while your password manager stores and auto-fills your passwords, the developers behind your password manager app don’t know what’s in your encrypted password vault.
How safe is Google Chrome password manager?
Google Chrome’s built-in password manager is pretty secure — it uses strong encryption, and Google offers the option to protect accounts with TOTP 2FA apps like Google Authenticator. However, Google doesn’t offer advanced features like password vault auditing, dark web monitoring, and secure password sharing, and it doesn’t sync across devices and browsers well.
Also, Google Chrome’s password generator is very basic and doesn’t offer the same customization options to generate complex passwords as top standalone password managers like 1Password and Dashlane.
What if a password manager is hacked?
If your password manager’s servers are hacked, your stored logins are still safe. The top password managers protect your personal data with 256-bit AES encryption, which is the same encryption standard used by banks and militaries. So, if a password manager’s server is hacked, all of your information is unreadable. For example, LastPass’s servers were hacked in 2015, but no user information was compromised in the hack.
But if your password vault is hacked, you need to immediately contact your password manager’s customer support department, change your master password, and possibly even delete your account. To prevent your password manager from being hacked, I strongly advise that you combine a strong, unique master password (that’s at least 12 characters long and includes random numbers and symbols) with 2-factor authentication (2FA). Also, I recommend that you install an antivirus like Norton to prevent hackers from using malware to steal your master password.
