Passwords are a terrible system. Lots of people use the same old insecure passwords for every account—and yet, they still manage to forget them all the time. Really, the only good passwords are the ones that are so long and complex you can barely type them accurately, let alone remember them. And that's why you need a password manager.
As a tech journalist, I've been covering password security for almost a decade. I even wrote my dissertation for my BSc. in Psychology on the underlying reasons people can't recognize secure passwords. I've advocated for password managers at every opportunity I've had, and even convinced some of my family members to start using them. It's safe to say, this is a category that I care a bit too much about.
So I spent a few extra days testing every viable password manager on the market, and here are the four best.
The 4 best password managers
1Password for most people
Bitwarden for a free password manager
Dashlane for a full internet security tool
iCloud Keychain for Apple users
Why is password security important?
Ok, everyone gets that good passwords protect your account, but from what? Well, data breaches are way more common than you'd think. Just last year, 23andMe, T-Mobile, the United Kingdom Electoral Commission, the Indonesian Immigration Directorate General, Insomniac Games, Activision, and Mailchimp lost hundreds of millions of data records, including plenty of information that can be used to commit fraud or identity theft. KonBriefing lists hundreds of major cyber attacks that affected companies around the globe in 2023. As I write this sentence on January 18, 2024, there have already been 25 cyber attacks this year—that's more than one major incident per day.
While some of these cyber attacks are hacks that exploit technological vulnerabilities, the majority of them target people and their passwords. Verizon's annual Data Breach Investigation Report found that 74% of incidents involved some kind of human element, whether it was falling for a phishing email, using a weak password, reusing a password that had previously been compromised, or otherwise making a password security error.
And that's just on the enterprise side of things. If you use a bad password with your email account, online investment account, or other important service, it isn't your employer's money or data that can get stolen—it's yours.
It's hard to overstate how bad the password situation is right now. And although passkeys, which we'll look at in more detail later, should fix some issues, we're all still going to be using at least a few passwords for a long time. According to Dashlane, in 2022, nearly 20 percent of passwords in North America were compromised. Apparently things improved a little bit in 2023, but still somewhere around 1 in 5 passwords of the passwords saved in Dashlane have been exposed in a data breach—and something like half of all passwords are reused. Those are the statistics for people who actively use a password manager—what do you think they're like for regular people?
Honestly, I suspect that the reason most people aren't constantly being hacked and losing access to their accounts is that ransomware groups and other bad actors are too busy targeting enterprises with weak security to focus on the little guys. But just because no one has yet bothered to steal all your digital information, doesn't mean you should hang out a sign saying "hack me" and use a bad password. Instead, you should use a strong password and good password security so that all your information stays safe, even if someone decides to try to steal it.
(For what it's worth, as a mildly public writer, I experience people trying to break into my social media and email accounts at least a few times a month.)
Why you need a password manager
If you can't trust yourself to think up a long, complex, and unique password for every site you use—and you can't—then, you need a password manager. It's the only reliable way to have a strong, unique password for every single online account you have. And if you're anything like me, that's a lot of passwords. 2022's Dashlane report found that the average user had 240 online accounts that require a password. (While people willing to use a password manager probably have more accounts than average, even people who are barely online still have dozens of accounts.)
Password managers fix a lot of the problems with passwords for you. All you have to do is remember a single secure master password, and it takes care of the rest:
It automatically creates strong and unique passwords that are more secure than the "clever" algorithms the human brain comes up with.
It fills your passwords in automatically when you go to log in to your online accounts.
It sends you data breach notifications, telling you to change your passwords if they've been compromised.
It detects weak passwords and offers suggestions for how to make them stronger.
It alerts you if you have reused passwords across your various accounts.
It gives you access to other security features like two-factor authentication, without having to worry about downloading extra apps or having your cell phone nearby.
In terms of online security, password managers can be life-changing.
How do password managers work?
Password managers all work in more or less the same way:
They create an encrypted file (or vault), where they store all of your usernames, passwords, and other details.
Every time you sign up for a new account, they create a strong, unique password for it.
They automatically (or almost automatically) fill in your passwords whenever there's a login box on a website that you have a password stored for.
In order to access all this, they have you use one master password (or a passkey).
There are two different kinds of password manager, though.
A password manager with cloud storage means that all your data is stored in the cloud. The benefit here, of course, is that it can work across all your devices, so you can use the same system on your computer as you do on your phone or tablet (and you can even access your passwords on someone else's device). As long as other security concerns are addressed, it's the best option for most people—so all the apps on this list use cloud storage.
A password manager with a local file means that the vault is stored on your device. Some of them let you sync it through a cloud storage app, but it's up to you. In theory, only storing your passwords locally makes them more secure as hackers would need access to your device to get them. However, the extra management required isn't worth it for most users—especially if you're tempted to reuse a password or create an insecure one because your vault isn't on your smartphone.
Password best practices
The best password manager will do most of the heavy lifting for you when it comes to password best practices, but it's still worth keeping a few things in mind for the times when you do create your own passwords, like when you're coming up with your master password:
Use complex passwords. For any site where you're still using your middle name (or the word
password), go into your password manager and have it come up with a new one for you.Use long passwords. Make your passwords as long as the site will allow. Ideally, that's at least 16 characters, but some websites have odd password rules that you'll have to follow. If you can use 64 characters, go for it.
Use different passwords for every account. Unique is what you're after. Remember, if a password is leaked, it's leaked for every account you use it on, not just the account that was breached.
Use all sorts of characters (not just letters). Add numbers and symbols into your passwords. If, for some reason, a site won't let you do that, it's still better to use a random string of letters (created by your password manager) than to come up with your own.
Use lots of words. Longer passwords are more secure than shorter ones, and one of the easiest ways to make them longer is to use real words. The key here is that your password really has to be long. The best way to come up with a good master password is to combine three or four words with a few numbers and special symbols to make something that's at least 20 characters long. Of course, a password manager can give you 20 characters of gibberish, which is even better, but words aren't something to avoid.
Don't use personal information. Your middle name, your dog's name, your birthday—leave those out of your passwords.
Add multi-factor authentication to the process. Whether it's getting texted a code or using an authenticator app, two-factor authentication can help you double down on your security.
And, of course, use a password manager—which takes care of all of that for you.
What makes the best password manager?
There are dozens of password managers available. For this article, I considered almost 40 of them, and—to be blunt—a lot of them are bad. Either their security is lacking (or can't be verified), they're only available on a limited number of platforms, or they're just plain awful to use.
But because there are so many apps to choose from, we don't have to settle for bad—or even mediocre. I was able to set a really high bar and only include the apps that cleared it. To make this list, apps had to:
Be available on different platforms. Your passwords should be accessible to you everywhere, not confined to one device. The best password manager needs to work with at least one desktop and one mobile platform, and preferably everywhere. This ruled out password managers that rely on local storage, but as I explained above, I think the convenience of cloud storage is worth it for most people as it means using secure passwords is easy.
Generate secure passwords and 2FA codes—and auto-fill them. In other words, the apps had to be complete password managers that handled everything, not glorified spreadsheets. Once you enter your master password (or use a biometric unlock), you should be automatically logged in to your accounts with, at most, a click or a keyboard shortcut. Also, the apps had to make creating and saving new accounts simple and as automatic as possible.
Support additional security features, like security audits, data breach notifications, and passkeys. The best password manager not only makes it so you can use secure passwords, but it also continuously protects you. This means apps that let you know if you're using a weak—or hacked—password, help you update and change bad passwords, and otherwise make securing your online life easier. While passkeys aren't as widely supported around the internet as I'd like, all my chosen password managers support them to some degree or another.
Be transparent about how passwords are encrypted and secured (and, ideally, third-party audited). Security by obscurity doesn't work. Instead, the best password managers are very clear about what technologies they use to keep data safe. Some are open source, some are audited by third-party security companies, and some are just incredibly clear about how they work. But I'm confident that all these picks offer incredible security—and will continue to do so.
Nice to use, reliable, and just plain good. Logging in to accounts is something you do every day, so you'll be forced to interact with your password manager a lot. If it's annoying to use, poorly designed, or just bad, it's going to get annoying fast. I have a really low threshold when it comes to bad app experiences, so the highest praise I can offer these picks is that I would happily use any one of them on a daily basis—there are very few apps I'll say that about.
Of course, all of my picks also offer lots of other features, from credit card auto-filling and secure notes to sharing passwords with family and private document storage. These are all fully-featured apps. The criteria above were the minimum requirements to make this list, not an exhaustive list of features.
Each secure password manager on this list has both personal plans for regular users and business or enterprise plans for companies. I focused on the personal plans, but I'm confident that the business plans will offer the same level of ease of use and security if you're looking for the best password manager for your business. (For example, plenty of large businesses use 1Password for their teams).
How I tested the password managers
How we evaluate and test apps
Our best apps roundups are written by humans who've spent much of their careers using, testing, and writing about software. Unless explicitly stated, we spend dozens of hours researching and testing apps, using each app as it's intended to be used and evaluating it against the criteria we set for the category. We're never paid for placement in our articles from any app or for links to any site—we value the trust readers put in us to offer authentic evaluations of the categories and apps we review. For more details on our process, read the full rundown of how we select apps to feature on the Zapier blog.
I've been using and testing password management apps for 10 years. For this article, I started by making a list of all the apps that could possibly be considered fully-featured password managers and then checked to see if they met my minimum criteria listed above. Many apps failed out at this stage for any number of reasons, the most common being a lack of transparency about their security processes.
Of the 10 or so apps that made the initial cut, over the course of several days, I tried each one on at least two devices and used them to generate passwords, log in to my accounts, and generally just manage my passwords. I've been updating this list for three years now, so have put quite a lot of time into all the different options. Of the almost 40 apps I started with, there were only four I felt were worthy of inclusion on this list. Here they are.
The best password managers at a glance
Best for | Standout feature | Pricing | |
|---|---|---|---|
Most people | Easy to use across devices | $36/year for Personal account; $60/year for Families | |
A free password manager | Generous free plan with no big caveats | Free for important features; $10/year for Premium Account | |
A full internet security tool | Additional security features like VPN | Free for a single device with up to 25 passwords; from $60/year for Premium | |
Apple users | Seamless integration with Apple devices | Free with an Apple ID; Cloud+ plans starting at $0.99/month |
Best password manager for most people
1Password
1Password pros:
Easy to use across any device
Very transparent about its security
1Password cons:
No free option
1Password is one of the biggest names in password management, and I'd say it's the best option for most people prepared to pay for a password manager. It's easy to use, incredibly secure, and widely available, with all your passwords syncing across all your devices.
Although 1Password started out as a Mac exclusive almost 20 years ago, it's now available for Windows, macOS, Android, iOS, Linux, pretty much every browser, and even as a command line interface. That Mac app polish still shows, though, at least most of the time. It's overall just a nice, polished, modern app to use—no matter what your platform of choice is.
1Password is based around the idea of "vaults." Each vault contains your passwords, credit card details, and other auto-fill information like addresses, as well as up to 1GB of secure notes and documents. You can set up individual vaults for your personal and professional lives (I have one just for all the logins I create while writing these kinds of Zapier articles, for example), and, if you're on a Families or Team plan, securely share them with other people.
Where 1Password stands out most is how easy it is to use. Password managers have long been built by nerds, for nerds. Unfortunately, with the way online security is going, everyone needs to be able to use secure passwords—not just the most technical-minded. 1Password nails the basics and guides you through every step of setting up secure passwords.
Take Watchtower. It's the section of 1Password that assesses your ongoing password security. It tells you if any of your passwords are compromised in a hack, are weak, or are duplicates. It also tells you if there are any sites with two-factor authentication that you haven't enabled yet. All this info is presented clearly without any overdramatic warnings, so you can do something about it. 1Password is incredibly transparent about its security and is shifting to embrace passkeys.
The biggest downside to 1Password is that there's no free option (unless you're a journalist or politician): it costs $36 per year for one account or $60 per year for up to five family accounts. I'd say online security is worth the fee, but it's understandable that not everyone agrees.
1Password pricing: $36/year for a Personal account; $60/year for Families with up to 5 accounts. Monthly plan available once you onboard.
If you're looking for a 1Password alternative, NordPass, RoboForm, and Keeper are also solid choices. I just didn't find them as nice to use, as fully featured, or as good a value—but if you like them, they all check the security box.
Best free password manager
Bitwarden
Bitwarden pros:
The most generous free plan by a long shot
Extensions for basically every browser
Bitwarden cons:
A few usability quirks
Bitwarden is the best free password manager. It's the only app I tested that offered almost everything I wanted in a password manager as part of a free plan with no big caveats. It's a little less polished than 1Password, but it's no less effective at keeping your online accounts safe. Passkey support is rolling out too, and it's also included on the free plan.
Bitwarden is open source (so its security credentials are easy to verify) and available for Windows, macOS, iOS, Android, and Linux. Its browser support is even better: there are extensions for Google Chrome, Safari, Firefox, Microsoft Edge, Opera, Vivaldi, Brave, and even Tor Browser.
Bitwarden isn't as polished or nice to use as 1Password, but that seems like a pretty fair trade-off given how secure and usable it is. A pixel-perfect interface is a bonus when it comes to password managers, but keeping your passwords safe and making it simple to use secure passwords are non-negotiables.
In addition to offering a great free plan, Bitwarden's $10 per year Premium Account is well worth a look. It adds features like Vault Health Reports (which let you know about weak or leaked passwords), 1GB of encrypted file storage, and more advanced two-factor authentication options like support for hardware keys—and it allows you to generate two-factor codes to log in to your other accounts.
Bitwarden pricing: Free for all important features except generating two-factor codes; Premium Account at $10/year for password health reports, encrypted file storage, and a few other nice-to-have features.
Best password manager with full internet security features
Dashlane
Dashlane pros:
A few more security features than the other apps on this list, including a VPN
Very clear Password Health score
Dashlane cons:
No desktop apps on Windows (though the web app is fully-featured)
Dashlane is as good and easy to use as 1Password and Bitwarden, but it has a few extra security features that aren't necessary for most people—though they're certainly nice to have if you don't mind paying its higher subscription fee.
Dashlane is available for iOS and Android, and the Safari extension comes bundled with a macOS app. The other desktop apps were discontinued a few years back, so access on Windows and Linux is through the fully-featured web app and Google Chrome, Microsoft Edge, and Firefox browser extensions.
I especially liked Dashlane's Password Health score. While it doesn't do anything different than 1Password's Watchtower, the way it presents the overall quality of your passwords as a percentage is incredibly clear. There's the added motivation to improve the score, which you can do by updating your passwords to better, more secure options. Dashlane also automatically monitors the Dark Web for your various email addresses to let you know if any of your personal information has been compromised in a hacked database. (Mine was from nine separate hacks.)
While Dashlane is a powerful, secure, and super easy-to-use password manager that may or may not warrant its $6.49/month (or $60/year) price tag to you, it's important to note that it also includes a VPN service, so you can browse a bit more privately or access region-locked content while you travel. If you otherwise pay for a VPN, Dashlane could be a good deal instead of paying for both 1Password and your VPN of choice. For example, I pay €5/month (~$5.40) for Mullvad VPN, but I get 1Password for free as a journalist. If I paid for both, it would cost me around $100/year. (With that said, Mullvad is an expensive VPN with a lot more privacy protection than Dashlane's VPN partner, Hotspot Shield, so it's not a straight-up comparison.)
Dashlane also offers a free account, but it's limited to one device. It's nice if you want to explore Dashlane, but it's not really a usable password management option for most people.
Dashlane pricing: Free for a single device; from $6.49/month for Premium that includes a VPN.
Best password manager for Apple products
iCloud Keychain
iCloud Keychain pros:
Built in to all Apple products, and works seamlessly across devices
Works in the background, but also has nice extra features
iCloud Keychain cons:
Doesn't support Google Chrome with Mac
Much more complicated setup for non-Apple users
iCloud Keychain comes built into Macs, iPhones, and iPads—it's really just a part of the operating system and a way to sync your passwords and credit card details between all your Apple devices in a suitably seamlessly Apple-like way. But it's also available on Windows through the iCloud for Windows app, which allows you to use the iCloud Passwords browser extension for Google Chrome and Microsoft Edge. Strangely, the one popular combo that it doesn't support is using Google Chrome with a Mac.
For simplicity's sake, I'm going to work on the assumption that anyone considering using iCloud Keychain is a fairly typical Apple user with an Apple ID, iPhone, Mac, and maybe an iPad. I'm also going to assume they use Safari—mostly because it's the best browser anyway. In this case, you'll barely notice you're using iCloud Keychain. (It's not that anyone else can't use iCloud Keychain, but a non-Apple user will have a more complicated setup and might run into issues.)
When you go to log in to any website (or app that supports it), you'll be prompted to use FaceID or TouchID—and then just be logged in. When you create a new account, a secure password will be automatically generated and saved. If you pay for iCloud+ (which is what Apple now calls its iCloud storage subscriptions), you'll even have the option to have Apple obscure your email address for extra privacy. Similarly, iCloud Keychain supports passkeys.
With everything happening so seamlessly, it's easy to miss that iCloud Keychain has a load of extra features. You can securely share passwords with other Apple users, you can set up groups with trusted friends and family members to share passwords and passkeys automatically, it can automatically detect weak or compromised passwords, and you can even set up auto-filling two-factor authentication codes. Strangely, it doesn't have an app. Everything is just tucked away in System Preferences > Passwords (on a Mac) or Settings > Passwords (on iPhones and iPads).
For Apple users who are happy to sit back and let iCloud Keychain handle everything, it's actually hard to beat. It's incredibly secure, easy to use, and has all the features most people need. It's only if you want to take a more active role in managing your passwords, want to better share them with other people, or otherwise want an app that lets you see everything nicely in one place that you need something like 1Password or Bitwarden. Or, of course, if you want to easily use devices or browsers that aren't inside Apple's walled garden.
iCloud Keychain Price: Free with an Apple ID; iCloud+ starts at $0.99/month with 50GB of storage and Hide My Email.
Deciding between iCloud Keychain and 1Password? Read our showdown: iCloud Keychain vs. 1Password.
Should I use Google password manager?
Google has a password manager that's built into Android and Chrome—and it's absolutely fine. It supports passkeys, can check for compromised passwords, and works nicely if you just stick to Android and Chrome. It just isn't as powerful, easy to use, or widely compatible as the dedicated password managers on this list. Plus, both iCloud Keychain and Bitwarden are better if price is a concern.
What about LastPass password manager?
LastPass was once the other big name in password management. Unfortunately, over the past few years, there have been a number of major issues.
Between August and December of 2022, LastPass suffered two major data breaches that resulted in customer vaults being stolen (mine among them). Theoretically, the vaults are still encrypted, but the hackers now have unlimited time to brute force them offline. No password in any of the stolen vaults should be considered safe unless you had two-factor authentication turned on—and even then, I've changed all my affected passwords.
Worst of all, it's generally agreed upon that LastPass's response to the breach over the past year has been abysmal. The company has made excuses, blamed users, and offered little meaningful advice to affected customers. The only real change is that people with master passwords shorter than 12 characters are now being forced to update them to something more secure.
As well as failing to protect its users' passwords, I've found that LastPass has offered an increasingly poor user experience over the last few years. Up until 2021, LastPass had the best free plan of any password manager, to the point that very few people needed to subscribe to its premium offerings. But that changed, and it wasn't handled especially well. With one month's notice, LastPass limited all free accounts to one device type. You could either access your passwords on your computers or on your mobile devices, but not both. Existing users' passwords were essentially being held hostage unless they signed up for a paid plan.
Taken together, the loss of user data, the handling of the aftermath, and the already poor customer service make LastPass impossible to include on this list. If you still use it and love it, I can't force you to move services—but I can beg you to change all your passwords.
Passkeys: the end of passwords?
Despite all password managers do to make passwords secure, there are still some big underlying problems that can't be fixed—the underlying system was developed in the 1960s when researchers were sharing time on room-sized computers. Even the most secure passwords can be leaked in a database hack, and social engineering attacks like phishing can even bypass two-factor authentication.
To that end, the FIDO Alliance (which includes Google, Apple, Amazon, Microsoft, American Express, Mastercard, Visa, and many others) has developed a new system called passkeys that rely on public-key cryptography.
In essence, when you sign up for a new account with a passkey, your browser, device, or password manager will create a pair of cryptographic keys: a public key that is shared with the service you're signing up for and a private key that it stores securely on your own device. Because of the mathematical relationship between your public key and your private key, your public key can be truly public, and your account will still stay secure. But the public key can also be used to confirm that your device has the correct private key for access. It's a one-way code.
When you log in with your passkey, your device verifies your identity—either with a PIN or a biometric lock like FaceID or TouchID—and then confirms with the service that you have the correct private key using a single-use token. This means that your passkey can't be intercepted in any way, and you don't have to remember a unique password for every service.
It's a great system, and support for it is slowly spreading. Apple and Google both support passkeys in Safari and Chrome, respectively, and all the password managers on this list have implemented them to some degree or other, at least in beta. Most importantly, more online accounts like Google, WordPress, PayPal, and even Best Buy allow you to replace your password with a passkey—though they aren't as widely supported as I'd like. 1Password lists just 112 sites and services that allow you to create them, including its own passkey demo site.
Please use a password manager
Using a password manager isn't just about making your life easier—though it absolutely does that. It also increases your online security by many orders of magnitude. Identity theft and data leaks are too common and online accounts too valuable to just leave things up to your default browser.
Any of the four options above will serve you well, so head on over to the one that suits you best, and get started. Finding the best password manager is an investment in your security—and one I'd encourage you to make.
Related reading:
This article was originally published in October 2015 by Jesse Plautz. The most recent update was in January 2024.
