Quick Links

The majority of people use very weak passwords and reuse them on different websites. How are you supposed to use strong, unique passwords on all the websites you use? The solution is a password manager.

Password managers store your login information for all the websites you use and help you log into them automatically. They encrypt your password database with a master password --- the master password is the only one you have to remember.

Don't Reuse Passwords!

Password reuse is a serious problem because of the many password leaks that occur each year, even on large websites. When your password leaks, malicious individuals have an email address, username, and password combination they can try on other websites. If you use the same login information everywhere, a leak at one website could give people access to all your accounts. If someone gains access to your email account in this way, they could use password-reset links to access other websites, like your online banking or PayPal account.

To prevent password leaks from being so damaging, you need to use unique passwords on every website. These should also be strong passwords -- long, unpredictable passwords that contain numbers and symbols.

Many people have hundreds of accounts to keep track of. Even the average person likely has dozens of different accounts and passwords. Remembering a unique strong password for each account is nearly impossible without resorting to some sort of trick. The ideal trick is a password manager that generates secure, random passwords for you and remembers them, so you don't have to.

Let's talk about the elephant in the room: LastPass has had a major breach, and we recommend switching if you're still using it. We still recommend you use a password manager because the alternative is remembering a long list of strong, unique passwords everywhere---something that's basically impossible unless you have a photographic memory. (We dream of a passwordless future where none of this is necessary, too. The tech industry may one day soon replace passwords with passkeys.)

Signing in to Zoom in Google Chrome with 1Password.
Signing in to Zoom in Google Chrome with 1Password.

What Using a Password Manager is Like

A password manager will take a load off your mind, freeing up brain power for doing productive things rather than remembering a long list of passwords.

When you use a password manager and need to log into a website, you will first visit that website normally. Instead of typing your password into the website, you type your master password into the password manager, which automatically fills the appropriate login information into the website. (If you're already logged into your password manager, it will automatically fill the data for you). You don't have to think about what email address, username, and password you used for the website -- your password manager does the dirty work for you.

The best password managers can also sync to your phone, giving you access to your passwords on the go. They can unlock your password vault with the biometric unlock mechanisms built into your phone, whether that's facial recognition or a fingerprint. They work in the browser apps you use on your phone, whether that's Safari, Chrome, or another browser of your choice.

If you're creating a new account, your password manager will offer to generate a secure random password for you, so you don't have to think about that, either. It can also be configured to automatically fill information like your address, name, and email address into web forms.

Signing in to ExpressVPN with 1Password in Google Chrome on Windows.

Why Browser-Based Password Managers Aren't Ideal

Web browsers -- Chrome, Safari, Edge, Firefox, and others -- all have integrated password managers. We recommend against using your browser's built-in password manager. Each browser's built-in password manager can't compete with dedicated password managers. They've become better over time---Chrome's built-in password manager is surprisingly capable, for example.

However, they're not the most flexible---you're stuck using a specific browser on all your devices, for example, whereas you might want to run different browsers on your phone and computer. They often lack features like strong random password generation and a scanning tool that warns you when you have duplicated or leaked passwords. A dedicated password manager also has a more powerful interface.

The Dashlane web app

Related: Why You Shouldn't Use Your Web Browser's Password Manager

97b13cee-3
Looking for a Great Password Manager? Check out Keeper Security

Keeper is the answer to your password woes with an easy-to-use app, cross-platform service, and loads of convenient features.

The Best Password Managers to Use

A variety of password managers are available, but a few stand out as the best options. Each is a solid option, and which you prefer will depend on what's more important to you:

1Password: If you're willing to spend a few bucks a month, you can't go wrong with 1Password. it's an incredibly slick, easy-to-use, and powerful password manager. it works everywhere, with apps for everything from Windows and Mac to Android, iPad, and iPhone. 1Password offers browser extensions for Google Chrome, Apple Safari, Mozilla Firefox, Microsoft Edge, and Brave. 1Password even offers a desktop Linux app as well as a command-line interface for Windows, Mac, and Linux. You can easily share passwords between accounts, especially if you set up a family. 1Password offers a 14-day free trial and costs $2.99 per month for an individual or $4.99 per month for an entire family of up to 5 people. For more details, check out our 1Password review.

Bitwarden: While we do love 1Password, Bitwarden is a unique option. Bitwarden is an open-source application that's completely free. You can use it without spending a dime. You could even self-host your own Bitwarden server to sync your data. Bitwarden does have an optional paid subscription, which is the cheapest in the business---it costs just $10 for an entire year and gives you access to more advanced two-factor authentication tools and other features. For more details on Bitwarden, check out our Bitwarden review. We loved it but noted that the interface is a bit more clunky and old-school compared to something like 1Password or Dashlane.

Dashlane: This password manager is a little newer than the alternative, but it's packed with great features and offers slick apps for almost every platform. It even has an automatic "one-click" password changer that can change your passwords on lots of websites in just a few clicks, saving you time. Dashlane is completely free to use on a single device, but you'll have to upgrade to premium to sync passwords between devices. Dashlane offers a plan bundled with a VPN, too. Check out our Dashlane review for a more in-depth look at this password manager.

KeePassXC: Cloud-based password management isn't for everyone. Some people just aren't comfortable with a cloud-based password manager, and that's fine. KeePassXC is a popular desktop application for managing your passwords, but there are also browser extensions and mobile apps for KeePass. KeePassXC stores your passwords on your computer so you remain in control of them -- it's even open-source, so you could audit its code if you wanted to. The downside is that you're responsible for your passwords, and you'll have to sync them between your devices manually. Some people use a syncing solution like Dropbox to sync the KeePass database between their devices. For more information, check out how KeePassXC compares to Bitwarden.

Getting Started With Your Password Manager

The first big decision you will need to make with a password manager is choosing your master password. This master password controls access to your entire password manager database, so you should make it particularly strong -- it's the only password you'll need to remember, after all. You may want to write down the password and store it somewhere safe after choosing it, just in case -- for example, if you're really serious, you could store your master password in a vault at the bank. You can change this password later, but only if you remember it -- if you lose your master password, you won't be able to view your saved passwords. This is essential, as it ensures no one else can view your secure password database without the master password.

After installing a password manager, you will likely want to start changing your website passwords to more secure ones. 1Password offers the 1Password Watchtower, which identifies the weak and duplicate passwords you should focus on changing. Dashlane has a Security Dashboard built right in, and it will help you figure out which passwords might need to be changed.

1Password Watchtower report

Password managers also allow you to store other types of data in a secure form -- everything from credit card numbers to secure notes. All data you store in a password manager is encrypted with your master password.

Password managers can even help against phishing, as they fill account information into websites based on their web address (URL). If you think you're on your bank's website and your password manager doesn't automatically fill your login information, it's possible that you're on a phishing website with a different URL, often using a typosquatting domain.