Passwords are a terrible system. Lots of people use the same old insecure passwords for every account—yet still manage to forget them. Really, the only good passwords are the ones that are so long and complex you can barely type them accurately, let alone remember them. And that's why you need a password manager.
As a tech journalist, I've been covering password security for almost a decade. I even wrote my dissertation for my BSc. in Psychology on the underlying reasons people can't recognize secure passwords. I've advocated for password managers at every opportunity I've had, and even convinced some of my family members to start using them. It's safe to say, this is a category that I care a bit too much about.
So I spent a few extra days testing every viable password manager on the market, and here are the four best.
The 4 best password managers
1Password for most people
Bitwarden for a free password manager
Dashlane for a full internet security tool
iCloud Keychain for Apple users
How do password managers work?
All someone needs to log in to most online accounts is a username (or email address) and password. Ideally, only you would know your password, but as data breach after data breach has shown, that can't be guaranteed. There's a very good reason to believe that if you use the same password for all your accounts, it's been leaked online somewhere. This is a big problem—and it's only getting bigger. According to Dashlane, nearly 20 percent of passwords in North America are compromised.
If you can't trust that your carefully thought-up, long, complex password—because you do use a long, complex password, right?—is secret, the only way to stay secure online on most websites is to use a long, complex, and unique password for every single online account you have. And if you're anything like me, that's a lot of passwords. That same Dashlane report found that the average internet user has 240 online accounts that require a password, and that more than 50 percent of passwords around the world are reused.
Password managers take care of a lot of the problems with passwords for you. All you have to do is remember a single master password, and it takes care of the rest. A good password manager will automatically generate super strong passwords, fill them in for you when you go to log in to your online accounts, and even allow you to use additional security features like two-factor authentication, without having to worry about downloading extra apps or having your cell phone nearby. In terms of online security, they can be life-changing.
Passkeys: the end of passwords?
Despite all password managers do to make passwords secure, there are still some big underlying problems that can't be fixed. Even the most secure passwords can be leaked in a database hack, and social engineering attacks like phishing can even bypass two-factor authentication.
To that end, the FIDO Alliance (which includes Google, Apple, Amazon, Microsoft, American Express, Mastercard, Visa, and many others) has developed a new system called passkeys that rely on public-key cryptography.
In essence, when you sign up for a new account with a passkey, your browser, device, or password manager will create a pair of cryptographic keys: a public key that is shared with the service you're signing up for and a private key that it stores securely on your own device. Because of the mathematical relationship between your public key and your private key, your public key can be truly public, and your account will still stay secure. But the public key can also be used to confirm that your device has the correct private key for access. It's a one-way code!
When you log in with your passkey, your device verifies your identity—either with a PIN or a biometric lock like FaceID or TouchID—and then confirms with the service that you have the correct private key using a single-use token. This means that your passkey can't be intercepted in any way, and you don't have to remember a unique password for every service.
It's a great system, and support for it is slowly spreading. Apple and Google both support passkeys in Safari and Chrome, respectively, and more password managers are adding the feature. Most importantly, more online accounts like Google, WordPress, PayPal, and even Best Buy allow you to replace your password with a passkey.
What makes the best password manager?
There are dozens of password managers available. For this article, I considered almost 40 of them, and—to be blunt—a lot of them are bad. Either their security is lacking (or can't be verified), they're only available on a limited number of platforms, or they're just plain awful to use.
But because there are so many apps to choose from, we don't have to settle for bad—or even mediocre. I was able to set a really high bar and only include the apps that cleared it. To make this list, apps had to:
Be available on different platforms. Your passwords should be accessible to you everywhere, not confined to one device. I required that every app on this list work with at least one desktop and one mobile platform.
Generate secure passwords and 2FA codes—and auto-fill them. In other words, the apps had to be complete password managers that handled everything, not glorified spreadsheets. Once you enter your master password (or use a biometric unlock), you should be automatically logged in to your accounts with, at most, a click or a keyboard shortcut. Also, the apps had to make creating and saving new accounts simple and as automatic as possible.
Support additional security features, like security audits, data breach notifications, and passkeys. I was looking for apps that not only made it so you could use secure passwords, but also continuously protected you. This means apps that let you know if you're using a weak—or hacked—password, help you update and change bad passwords, and otherwise make securing your online life easier. Passkey support was highly desirable, but won't be necessary for inclusion until next year.
Be transparent about how passwords are encrypted and secured (and, ideally, third-party audited). Security by obscurity doesn't work. Instead, the best apps are very clear about what technologies they use to keep data safe. Some are open source, some are audited by third-party security companies, and some are just incredibly clear about how they work. But I'm confident that all these picks offer incredible security—and will continue to do so.
Nice to use, reliable, and just plain good. Logging in to accounts is something you do every day, so you'll be forced to interact with your password manager a lot. If it's annoying to use, poorly designed, or just bad, it's going to get annoying fast. I have a really low threshold when it comes to bad app experiences, so the highest praise I can offer these picks is that I would happily use any one of them on a daily basis—there are very few apps I'll say that about.
Of course, all of my picks also offer lots of other features, from credit card auto-filling and secure notes to sharing passwords with family and private document storage. These are all fully-featured apps. The criteria above were the minimum requirements to make this list, not an exhaustive list of features.
Each secure password manager on this list has both personal plans for regular users and business or enterprise plans for companies. I focused on the personal plans, but I'm confident that the business plans will offer the same level of ease of use and security if you're looking for a password manager for your business. (For example, plenty of large businesses use 1Password for their teams).
How we tested the password managers
How we evaluate and test apps
All of our best apps roundups are written by humans who've spent much of their careers using, testing, and writing about software. We spend dozens of hours researching and testing apps, using each app as it's intended to be used and evaluating it against the criteria we set for the category. We're never paid for placement in our articles from any app or for links to any site—we value the trust readers put in us to offer authentic evaluations of the categories and apps we review. For more details on our process, read the full rundown of how we select apps to feature on the Zapier blog.
I've been using and testing password management apps for 10 years. For this article, I started by making a list of all the apps that could possibly be considered fully-featured password managers and then checked to see if they met my minimum criteria listed above. Many apps failed out at this stage for any number of reasons.
Of the 10 or so apps that made the initial cut, over the course of several days, I tried each one on at least two devices and used them to generate passwords, log in to my accounts, and generally just manage my passwords. I've been updating this list for two years now, so have put quite a lot of time into all the different options. Of the almost 40 apps I started with, there were only four I felt were worthy of inclusion on this list. Here they are.
Best password manager for most people
1Password is one of the biggest names in password management, and I'd say it's the best option for most people looking for a password manager. It's easy to use, incredibly secure, and widely available, with all your passwords syncing across all your devices.
Although 1Password started out as a Mac exclusive 16 years ago, it's now available for Windows, macOS, Android, iOS, Linux, and pretty much every browser. That Mac app polish still shows, though, at least most of the time. Over the past year, 1Password has released 1Password 8, a completely redesigned and reengineered version of its app. I use it daily, and while there have been a few user interface bugs, I'm confident they'll all be ironed out (if they aren't, you'll hear about it next year).
1Password is based around the idea of "vaults." Each vault contains your passwords, credit card details, and other auto-fill information like addresses, as well as up to 1GB of secure notes and documents. You can set up individual vaults for your personal and professional lives (I have one just for all the logins I create while writing these kinds of Zapier articles, for example), and, if you're on a Families or Team plan, securely share them with other people.
Where 1Password stands out most is how easy it is to use. Password managers have long been built by nerds, for nerds. Unfortunately, with the way online security is going, everyone needs to be able to use secure passwords—not just the most technical-minded. 1Password nails the basics and guides you through every step of setting up secure passwords.
Take Watchtower. It's the section of 1Password that assesses your ongoing password security. It tells you if any of your passwords are compromised in a hack, are weak, or are duplicates. It also tells you if there are any sites with two-factor authentication that you haven't enabled yet. All this info is presented clearly without any overdramatic warnings, so you can do something about it. 1Password is incredibly transparent about its security and has announced it will support passkeys in early 2023.
The biggest downside to 1Password is that there's no free option (unless you're a journalist or politician): it costs $36 per year for one account or $60 per year for up to five family accounts. I'd say online security is worth the fee, but it's understandable that not everyone agrees.
1Password pricing: $36/year for a Personal account; $60/year for Families with up to five accounts. Monthly plan available once you onboard.
If you're looking for a 1Password alternative, NordPass and Keeper are also solid choices, though neither yet supports passkeys, and I found they didn't offer as great a user experience as 1Password.
Best free password manager
Bitwarden is the best free password manager. It's the only app I tested that offered almost everything I wanted in a password manager as part of a free plan with no big caveats. It's a little less polished than 1Password, but it's no less effective at keeping your online accounts safe. Passkey support is supposedly on the way too.
Bitwarden is open-source (so its security credentials are easy to verify) and available for Windows, macOS, iOS, Android, and Linux. Its browser support is even better: there are extensions for Google Chrome, Safari, Firefox, Microsoft Edge, Opera, Vivaldi, Brave, and even Tor Browser.
One quirk of Bitwarden is that, by default, it doesn't automatically suggest or fill in your login details when a page loads—you have to use a keyboard shortcut. If you want to change that, in the browser extension, click Settings > Options and then check Enable Auto-fill on Page Load and set Default Auto-fill Setting for Login Items to Auto-fill on Page Load.
Similarly, it's not quite as good as 1Password for auto-detecting and saving new logins as you create them. Instead, the best process is to click the browser extension and then click Add a Login. Then fill in the login details, click the Generate Password icon, then click Save before filling all the information into the account creation form. (That way, you won't accidentally forget to save a password.)
In addition to offering a great free plan, Bitwarden's $10 per year Premium Account is well worth a look. It adds features like Vault Health Reports (which let you know about weak or leaked passwords), 1GB of encrypted file storage, and more advanced two-factor authentication options like support for hardware keys.
Bitwarden pricing: Free for all important features; Premium Account at $10/year for password health reports, encrypted file storage, and a few other nice-to-have features.
Best full internet security app that's also a password manager
Dashlane is as good and easy to use as 1Password and Bitwarden, but it has a few extra security features available on some plans that aren't necessary for most people—though they're certainly nice to have.
Dashlane is available for iOS and Android. The desktop apps were recently discontinued, so access on Windows, macOS, and Linux is through the fully featured web app and Google Chrome, Safari, Microsoft Edge, and Firefox browser extensions.
I especially liked Dashlane's Password Health score. While it doesn't do anything different than 1Password's Watchtower, the way it presents the overall quality of your passwords as a percentage is incredibly clear. There's the added motivation to improve the score, which you can do by updating your passwords to better, more secure options. Dashlane also automatically monitors the Dark Web for your various email address to let you know if any of your personal information has been compromised in a hacked database. (Mine was from nine separate hacks.)
Dashlane is a powerful password manager, but the $6.49/month (or $60/year) Premium plan also includes a VPN service, so you can browse a bit more privately or access region-locked content while you travel. If you otherwise pay for a VPN, it could save you a good bit of money over paying for both 1Password and your VPN of choice. For example, I pay €5/month (~$5.40) for Mullvad VPN, but I get 1Password for free as a journalist. If I paid for both, it would cost me around $100/year. (With that said, Mullvad is an expensive VPN with a lot more privacy protection than Dashlane's VPN partner, Hotspot Shield, so it's not a straight-up comparison.)
Dashlane also offers a free account, but it's limited to one device. It's nice if you want to explore Dashlane, but it's not really a usable password management option for most people.
Dashlane pricing: Free for a single device; from $3.49/month for Advanced.
Best password manager for Apple users
iCloud Keychain comes built into Macs, iPhones, and iPads—it's really just a part of the operating system and a way to sync your passwords and credit card details between all your Apple devices in a suitably seamlessly Apple-like way. But it's also available on Windows through the iCloud for Windows app, which allows you to use the iCloud Passwords browser extension for Google Chrome and Microsoft Edge. Strangely, the one popular combo that it doesn't support is using Google Chrome with a Mac.
For simplicity's sake, I'm going to work on the assumption that anyone considering using iCloud Keychain is a fairly typical Apple user with an Apple ID, iPhone, Mac, and maybe an iPad. I'm also going to assume they use Safari—mostly because it's the best browser anyway. In this case, you'll barely notice you're using iCloud Keychain. (It's not that anyone else can't use iCloud Keychain, but a non-Apple user will have a slightly more complicated setup and might run into issues.)
When you go to log in to any website (or app that supports it), you'll be prompted to use FaceID or TouchID—and then just be logged in. When you create a new account, a secure password will be automatically generated and saved. If you pay for iCloud+ (which is what Apple now calls its iCloud storage subscriptions), you'll even have the option to have Apple obscure your email address for extra privacy. Similarly, iCloud Keychain supports passkeys.
With everything happening so seamlessly, it's easy to miss that iCloud Keychain has a load of extra features. You can securely share passwords with other Apple users, it can automatically detect weak or compromised passwords, and you can even set up auto-filling two-factor authentication codes. Strangely, it doesn't have an app. Everything is just tucked away in System Preferences > Passwords (on a Mac) or Settings > Passwords (on iPhones and iPads).
For Apple users who are happy to sit back and let iCloud Keychain handle everything, it's actually hard to beat. It's incredibly secure, easy to use, and has all the features most people need. It's only if you want to take a more active role in managing your passwords, want to better share them with other people, or otherwise want an app that lets you see everything nicely in one place that you need something like 1Password or Bitwarden.
iCloud Keychain Price: Free with an Apple ID; iCloud+ starts at $0.99/month with 50GB of storage and Hide My Email.
Why can't I use the Google password manager?
Google has a password manager that's built into Android and Chrome—and it's absolutely fine. It supports passkeys, can check for compromised passwords, and works nicely if you just stick to Android and Chrome. It just isn't as powerful, easy to use, or widely compatible as the dedicated password managers on this list. Plus, both iCloud Keychain and Bitwarden are better if price is a concern.
What about LastPass?
LastPass was once the other big name in password management. Unfortunately, over the past few years, there have been a number of major issues.
Between August and December of 2022, LastPass suffered two major data breaches that resulted in customer vaults being stolen (mine among them). Theoretically, the vaults are still encrypted, but the hackers now have unlimited time to brute force them offline. No password in any of the stolen vaults should be considered safe unless you had two-factor authentication turned on—and even then, I've changed all my affected passwords.
As well as failing to protect its users' passwords, I've found that LastPass has offered an increasingly poor user experience over the last few years. Up until 2021, LastPass had the best free plan of any password manager, to the point that very few people needed to subscribe to its premium offerings. But that changed, and it wasn't handled especially well. With one month's notice, LastPass limited all free accounts to one device type. You could either access your passwords on your computers or on your mobile devices, but not both. Existing users' passwords were essentially being held hostage unless they signed up for a paid plan.
Taken together, the loss of user data and poor customer service make LastPass impossible to include on this list. If you still use it and love it, I can't force you to move services—but please change all your passwords.
Please use a password manager
Identity theft and data leaks are too common and online accounts too valuable to just leave things up to your default browser. A good password manager is an investment in your security—and one I'd encourage you to make.
This article was originally published in October 2015 by Jesse Plautz. The most recent update was in February 2023.
