1. Software and apps

The Best Password Managers

By Andrew Cunningham, Thorin Klosowski and Max Eddy
Updated
A close-up of the screen of a Macbook laptop on which the 1Password password manager app is being used.
Photo: Rozette Rago

Almost everyone should use a password manager. It’s the most important thing you can do—alongside two-factor authentication—to keep your online data safe. We’ve evaluated dozens of paid and free password managers, and we’ve concluded that 1Password offers the best combination of features, compatibility, security, and ease of use. You don’t have to pay for a good password manager, but if you can, 1Password is worth the $36 per year. If you prefer free software, Bitwarden does everything you’ll need and doesn’t cost anything.

Everything we recommend

Our pick

1Password offers attractive and straightforward apps. Newbies will like its plain-language security recommendations and colorful interface, while the technically inclined will appreciate its advanced features and security.

Budget pick

The free version of Bitwarden covers all the basics of a good password manager and doesn’t cost anything. But features like advanced security reports and encrypted file storage cost extra.

Buying Options

What to know


  • Unique passwords

    A password manager creates a unique password for every account, which helps protect you from data breaches.

  • Easier logins

    Password managers automatically fill in the username and password details for you, simplifying and speeding up the login process.

  • Works everywhere

    You’ll be able to access passwords from anywhere, including different computers, tablets, and your phone.

  • One password

    Password managers are locked behind a single password, so make it hard to guess and use multi-factor authentication on your account.

Our pick

1Password offers attractive and straightforward apps. Newbies will like its plain-language security recommendations and colorful interface, while the technically inclined will appreciate its advanced features and security.

1Password has easy-to-use, polished apps that work on Windows PCs, Macs, Chromebooks, iPhones, iPads, Android devices, and the major web browsers. The Watchtower feature helps you identify and change weak, reused, or compromised passwords, and 1Password walks you through correcting these problems in clear, digestible language. 1Password uses strong encryption and good security practices, which sometimes leads to tedious interactions.

Budget pick

The free version of Bitwarden covers all the basics of a good password manager and doesn’t cost anything. But features like advanced security reports and encrypted file storage cost extra.

Buying Options

The free version of Bitwarden gets the basics right and doesn’t cost a thing, but it lacks a few features that make 1Password such a standout option. Many of those features, such as password checkups and 1 GB of encrypted storage, are available with Bitwarden’s reasonably priced, $10-per-year premium plan. Bitwarden isn’t as polished overall and lacks the in-app guidance of 1Password, which makes it harder for beginners to get the hang of. But the free version of Bitwarden offers the core features you need in a password manager, including the ability to sync as many passwords as you want across as many devices as you own, support for software multi-factor (or two-factor) authentication, and sharing between two people with separate logins using a two-person organization. Bitwarden works on the same devices as 1Password, so you can use it with any computer, phone, tablet, or browser.

Regardless of the password manager you use, it’s important to protect your data with a strong master password—we have advice for how to do that below.

 

Wirecutter has been testing and recommending password managers since 2016.

Max Eddy is Wirecutter’s senior staff writer covering privacy and security. He previously worked at PCMag for 11 years, where he also wrote about password managers and other tools for improving personal security.

Thorin Klosowski has spent a decade writing about technology, with a focus on software for many of those years. He has written about privacy and security for the bulk of that time and has tested countless password managers.

Andrew Cunningham spent years testing, reviewing, and otherwise writing about computers, phones, operating systems, apps, and other gadgets for AnandTech, Ars Technica, and Wirecutter. He has been building, upgrading, and fixing PCs for more than 15 years, and he spent five of those years in IT departments buying and repairing laptops and desktops as well as helping people buy the best hardware and software for their needs.

Passwords are as annoying as they are necessary, and a good password manager can keep you secure while making it easier to juggle the sheer number of passwords you need to be a person on the internet. Using a password manager is one of the most important things you can do to protect yourself online, aside from using multi-factor authentication and keeping your operating system and web browser up to date. If any of your passwords are weak and easy to guess, if you reuse any of your passwords across multiple sites, or if the sites you use are ever hacked and your account is compromised, you risk losing access to your accounts and your data. In fact, if you reuse passwords, chances are good that your password is already out there. You can even check to see if your email address or password has been involved in a data breach.

Password managers generate strong new passwords when you create accounts or change a password. They also store all of your passwords and, if you want, your credit card numbers, addresses, bank accounts, and other information in one place, secured with a single strong master password. All you need to remember is your master password, and your password manager can remember everything else, filling in your username and password for you whenever you log in to a site on your phone or computer. The best part is that once set up, a password manager makes your digital life easier, speeding up the login process and simplifying managing your online accounts. Getting started can be intimidating, but once you’ve done that, it’s a (mostly) painless experience.

For this guide, we’re focusing on the password managers that work best for individuals, rather than those intended for businesses to deploy and manage. To separate the great ones from the merely okay ones, we use the following criteria:

  • Good protection for your passwords: You’re trusting your password manager with your entire digital existence, and your password manager should store your data securely. A good password manager needs to use strong encryption to protect your data on your computer, on your password manager’s server, and when your data is moving between the two. But those promises of security only go so far, so we require that any password managers we recommend participate in regular third-party security audits (preferably audits that they make public) and have a bug-bounty program. Security audits aren’t perfect—they offer just a snapshot of the software and infrastructure—but they are a signal of trust and transparency.
  • Privacy: A password manager shouldn’t share data with third parties for advertising, so we check both the privacy policies and the mobile apps to confirm that they aren’t sharing data they aren’t supposed to.
  • Unlimited password storage: Any paid password manager should be able to store an unlimited number of passwords and other records, and enough free ones offer unlimited storage that you shouldn’t settle for less.
  • Sync between devices (and no limits on the number of devices you can use): You probably have more than one device that you use every day, between your home computer, your work computer, your phone, and your laptop. A good password manager should offer cloud syncing so that your passwords remain accessible anywhere on an unlimited number of devices.
  • Compatibility: A great password manager runs on just about anything, regardless of what hardware and software you and your family use. Password managers should receive frequent updates, especially after large operating system changes, which helps plug any security holes and shows that the developers are regularly working on the app. We look at three different kinds of compatibility.
    • Desktop and laptop compatibility: A password manager should have a Windows and macOS app that you can use to browse, add, and edit your information. We note Linux compatibility but don’t require it. Support for Chrome OS is generally covered by Chrome browser extensions.
    • Web browser compatibility: We prefer those password managers that offer browser extensions for Chrome, Edge, Firefox, and Safari. The extensions are responsible for autofilling passwords and other forms, as well as for generating and saving new passwords when you change one or make a new account.
    • iOS and Android compatibility: A password manager should have apps for both iOS and Android that are easy to use and capable of autofilling passwords in browser windows and within apps. The apps should walk you through the process of setting them up and giving them the permissions they need to work.
  • Ease of setup and use: A password manager should make it easy to get started or to transition from using browser-based password autofill, as well as to set up all the apps and browser extensions required. And once you’ve set up your password manager, it should be easy (not annoying) to use when you need it.
  • Tools to fix your security problems: Once your data is in your password manager, it should be able to identify weak, reused, and compromised passwords, and it should give you clear and easy-to-follow directions for changing them.
  • Support for biometric logins: If your phone, tablet, or laptop has a fingerprint reader or face-scanning camera, you should be able to unlock your password manager with that, rather than a password or PIN, for convenience’s sake.
  • Price: The paid password managers we evaluated usually cost between $10 and $60 per year for one person to use, though decent options are available for free. Password managers that offer family plans usually cover four or five people, so they’re generally a good deal even if your family has only two people. Although password managers often advertise a monthly subscription fee, the fees are typically billed yearly.
  • Password sharing: A good password manager should make it easy for you to securely share login data with someone else you trust for accounts that multiple people may need to access—for example, sites for paying your family’s bills, or shared email and social media accounts for a small business. This feature is common in paid password managers but rare in free ones.

After searching and consulting sites such as CNET, PCMag, Tom’s Guide, and Wired, we assembled a list of about 40 free and paid password managers. We dismissed most of them because they weren’t compatible with all of the operating systems and browsers we wanted or because they didn’t take part in third-party security audits.

In 2024, we tested 11 password managers: 1Password, Bitwarden, Dashlane, Enpass Premium, Keeper, mSecure, NordPass, Proton Pass, RoboForm Premium, Sticky Password, and Zoho Vault. We installed each of these password managers on a Windows PC, a Mac, an iPhone, and an Android phone.

A smartphone showing the open home screen for the 1Password app.
Photo: Michael Hession

Our pick

1Password offers attractive and straightforward apps. Newbies will like its plain-language security recommendations and colorful interface, while the technically inclined will appreciate its advanced features and security.

1Password offers the best combination of compatibility, ease of use, features, and price of any paid password manager we’ve tested. It has polished apps that work on just about any computer, tablet, phone, or web browser. We like how easy it is to identify and change weak, reused, or compromised passwords through the Watchtower feature, and we like how 1Password walks you through correcting those problems in clear, easy-to-follow language. The company has good security practices and uses strong encryption to protect passwords. 1Password costs $36 a year for individuals or $60 a year for families of two to five—on the high end of average for paid password managers—though it does offer free accounts for politicians and activists as well as journalists.

1Password is compatible with the most-used operating systems and browsers. Standalone apps for Windows, macOS, iOS, and Android all allow you to view and edit all the items in your vault. 1Password also has browser extensions for Chrome, Firefox, Brave, and Microsoft Edge that handle basic functions like autofilling passwords and creating new ones. If you use Safari on Mac, you need to download the desktop app, which includes the extension for Safari. We recommend downloading the desktop and mobile apps for your operating systems, along with the browser extensions for whatever web browsers you use. 1Password’s desktop apps for Windows and Mac are also far superior to what you get with Bitwarden, which requires the web app for features beyond password generation and search.

A close-up of the screen of a Macbook laptop on which the 1Password password manager app is being used.
1Password’s apps are well designed and consistent across Windows, macOS, and supported browsers. Photo: Rozette Rago

It’s easy to set up and use. We know that password managers can seem overwhelming to set up, but we think everyone should use them, not just the technologically savvy. 1Password does the best job of making it easy to incorporate a password manager into your daily habits with a user interface that’s simple to understand even for people who are new to a password manager. You can quickly view and change saved passwords and other information. Your default “vault” stores login information, credit card numbers, and data for autofilling forms. And if sorting items alphabetically or by tag isn’t good enough, you can create any number of vaults to organize your information (if you want to store logins for your personal accounts and work accounts separately, for example). This is especially important for 1Password Families or Business accounts, where you might want to share the contents of one vault with other 1Password users while keeping other vaults private.

All versions of 1Password and Bitwarden support logging in with your face or fingerprint, depending on what biometric authentication options your computer, phone, or tablet offers. We recommend using this feature on iOS and Android especially, where typing in a long master password multiple times a day will cost you time and annoy you. Both apps can replace iOS’s and Android’s built-in password-autofill features and can work in apps as well as on websites.

No password manager has a foolproof introduction that teaches you everything you need to know, but 1Password’s extensive support articles—which usually include large screenshots or video tutorials—make it a solid choice for people new to password managers. It’s easier to learn than most free options, including Bitwarden.

A screenshot of the 1Password Watchtower feature.
1Password’s Watchtower feature makes detailed and straightforward security recommendations as you use the app. Image: Max Eddy/1Password

 

Password managerPrice (one person)Family plan
1Password$36/year$60/year for up to five people
Bitwarden Premium$10/year$40/year for up to six people
Dashlane Premium$60/year$90/year for up to 10 people
Enpass Premium$24/year$48/year for up to six people
Keeper$35/year$75/year for up to five people
LastPass Premium$36/year$48/year for up to six people
mSecure$20/year$60/year for up to four people
NordPass Premium$45/year$90/year for up to six people
Proton Pass$24/year$288/year for up to six people1
RoboForm Premium$24/year$48/year for up to five people
Sticky Password$40/year$30/person/year
Zoho VaultFree$11/person/year
Prices current as of January 3, 2024. Taxes not included. 1Proton Pass does not currently offer a family plan for just the password manager; this plan covers all the products in the Proton suite of services, including email, VPN, online storage, and others.

It's affordable for individuals and families. 1Password costs $36 a year for one person or $60 a year for families (regardless of whether your family has as few as two or as many as five people); it’s more expensive than some of our other finalists but about average for an excellent password manager. LastPass Premium costs the same amount for individuals but only $48 for families of up to six. Bitwarden’s free plan and $10-per-year Premium plan allow you to share with one other person for no extra cost, but if you want to share with more people than that, you need to sign up for a family plan for $40 a year. If you decide not to renew your 1Password account, you can still access your passwords, but you can’t create new ones.

When you set up a 1Password family plan, you put your passwords and other information in your shared vault instead of your personal vault to give access to everyone else on your plan. “Family organizers,” a group that includes the 1Password account that created your family’s account plus anyone they designate as a “family organizer,” can recover the accounts of other family members if they forget their master password or secret key, which is useful for helping kids or less technically inclined folks. 1Password doesn’t have any sort of emergency-access feature in cases where you or another family member cannot access their account; if you want your account shared after death, storing the Emergency Kit in a shared safe is the only way to do so.

1Password has strong security policies. By default, all of your information is backed up to 1Password’s servers; the data is protected under end-to-end 256-bit AES encryption, which means that no one but you can read it on 1Password’s servers (including 1Password employees) or when the data is in transit between 1Password’s servers and your device. Additionally, you need to present your master password and a “Secret Key” each time you set up a new device. This is a little tedious, but 1Password says it allows the company to better secure your data and ensure attackers can’t steal the means to decrypt your vault from 1Password. (For details, you can read more about 1Password’s security model.)

1Password has comprehensive features that improve your online security. 1Password’s Watchtower feature—which is both a dedicated section of the app and a collective name for all the ways in which 1Password tries to protect your logins—identifies weak and reused passwords, passwords for websites that don’t use the secure HTTPS protocol, passwords for sites that have been hacked, passwords that are about to expire, and accounts for which two-factor authentication is available but has not been enabled. 1Password told us that Watchtower can also highlight sites in your vault that now offer passkey authentication. In all cases, the app offers straightforward directions for solving the problem. Bitwarden has a similar feature, called Vault Health Reports, that’s available only for paid subscribers.

Other handy 1Password features include 1 GB of secure online storage for sensitive files, such as scans of sensitive documents, and Travel Mode, which allows you to temporarily remove selected vaults from your device if you’re worried about your device being searched or stolen while you’re traveling. 1Password integrates with Privacy, a service for creating one-time-use credit cards, which is convenient when you’re shopping online at sites you’re not confident in or testing out subscription services you don’t want to auto-renew. It also allows you to securely share anything in your vault, including documents, even if the recipient doesn’t use 1Password. Recently, 1Password added the ability to store passkeys. Version 8 of 1Password added the ability to autofill passwords in desktop apps on both Windows and Mac with its Quick Access tool, which simplifies logging in to all sorts of software.

Flaws but not dealbreakers

It’s the least awkward, but it’s still quirky. In our latest round of testing, 1Password sometimes struggled to recognize password fields on Android. No password manager we tested was free of these types of little peculiarities, though, and 1Password was less glitchy than most.

The quirks of 1Password start the second you prepare to install it. You can install just the browser extensions and get most of the basic features that people usually need, or you can also install the desktop apps and get advanced features for organization and benefits like Face ID or Windows Hello support. Or you can install both the extension and the desktop app, which is what we typically recommend, even though it can sometimes be difficult to know which one to use and when.

On iPhone and iPad, 1Password offers two methods to access your passwords, either through the Safari extension or the autofill menu. The Safari extension lets you interact with 1Password through the same small icon placed on the login field as it does on desktop, which is a little difficult to navigate on the smaller screen of an iPhone. Enabling both isn’t necessary and just adds confusion, so we recommend sticking with autofill. The same goes for Bitwarden, or any other third-party password manager you use.

Its security features can sometimes cause headaches. 1Password’s requirement of a Secret Key and a password to set up a new device is annoying, and we also found that 1Password frequently locked itself and re-prompted us for authentication. When it locks depends on the device, but logging in several times a day can be a pain. It’s good security for a password manager to lock itself periodically, but we know that most people don’t want to use something that they find more irritating than helpful. You can easily change this behavior in 1Password’s settings, or you can enable biometric authentication to log in faster.

There’s no free version. 1Password’s features are worth paying for, but Bitwarden shows that it’s possible to offer a free password manager that leaves off a few features without feeling too restrictive. That said, we’ve concluded that 1Password more than justifies its expense.

A close-up of the screen of a Macbook laptop on which the Bitwarden password manager app is being used.
Photo: Rozette Rago

Budget pick

The free version of Bitwarden covers all the basics of a good password manager and doesn’t cost anything. But features like advanced security reports and encrypted file storage cost extra.

Buying Options

If you don’t want to pay for a password manager, if the added features in 1Password aren’t appealing to you, or if you’d like to self-host your password manager, use Bitwarden. The free version of Bitwarden is missing a few features in comparison with 1Password, such as comprehensive password checkups, security-key support, and 1 GB of encrypted storage. But it has all the important features of a password manager: You can sync with as many devices as you want and store unlimited passwords, and the free account allows you to share password collections with one other person. And Bitwarden has the same wide-ranging compatibility as 1Password, so you can use it with just about any device. Bitwarden’s security protocol is similar to 1Password’s, so even if Bitwarden’s servers are compromised, your passwords are safe. Bitwarden now undergoes annual third-party security audits, similar to the repeated security audits 1Password does. If you’ve never used a password manager before, Bitwarden doesn’t teach you the basics as well as 1Password does, but its documentation is thorough and easy to search.

Password managerPassword
limits
Device
limits
Cloud
sync/backup
Password
sharing
Weak-password
auditing
Bitwarden FreeNoneNoYesShare across two usersNo
Dashlane Free25Limited to use on one deviceYesUnlimitedYes
LastPass FreeNoneLimited to use on one type of deviceYesShare individual passwords with one other accountYes
Compared with other free password managers, Bitwarden has the best combination of features, with no limit on the number of devices.

It’s widely supported across platforms. Bitwarden supports the same operating systems and browsers as 1Password does, including Windows , macOS , iOS, and Android. Bitwarden, like 1Password, supports logging in with your face or fingerprint, whichever method your device supports. It offers browser extensions for Chrome, Edge, Firefox, and several other browsers. Like 1Password, Bitwarden packs its Safari extension into the desktop app. You can also self-host Bitwarden, in which case it’ll never upload your password to the company’s servers, but setting that up is a complicated process.

A screenshot of the Bitwarden password manager app, displaying the saved passwords for the Best Buy website.
Bitwarden’s desktop apps are less useful than 1Password’s but still give you options to manage and organize accounts.

It has clean, usable apps and extensions. Functionally, the Bitwarden extensions and desktop apps do the minimum we ask of a password manager: They store and generate passwords. They’re not as polished as 1Password’s apps, they don’t alert you about weak passwords when you log in (you can click an icon in the extension to check when you visit a login page, though), and they don’t support Bitwarden’s premium password-audit features (you need to use the web app for those). On top of that, free accounts don’t get any password reports aside from a data-breach report, which checks Have I Been Pwned? for your email address. To scan your accounts for breaches, reused passwords, exposed passwords, and unsecured websites, you need to visit the Bitwarden website and have a $10-per-year premium account.

By contrast, 1Password’s audit notes and suggestions are visible throughout its apps and don’t require you to visit the website. On free accounts, Bitwarden Send, a feature that lets you share encrypted files, is limited to text sharing, but on premium accounts you can share other files, as well. Both the free and premium versions of Bitwarden include built-in support for multiple email alias services, including our favorite, SimpleLogin and Fastmail. This integration allows you to create an email alias and password when creating new accounts, a feature that’s limited to Fastmail accounts in 1Password. Like 1Password, Bitwarden can also store passkeys.

It gives you pretty much everything you need from a password manager. The biggest features you’re likely to miss in the free version are password audits, the option to grant emergency access to a person you choose, the ability to send files securely, priority tech support, and the 1 GB of secure storage. If you’re new to password managers and you want to try Bitwarden, the service is worth the $10 for at least one year so you can improve any weak passwords you have right now. Unlike most free password managers, Bitwarden allows you to share a collection of passwords with one other Bitwarden user for free; you have to pay if you need to share with more people. This feature is handy if you want to share certain logins with a partner or roommate, for example, whether that’s for banking access or just your video-streaming account.

It doesn’t restrict the number of devices you can use or passwords you can store like other free password managers do. According to Bitwarden’s privacy policy, the company doesn’t sell or share any personal information for commercial purposes, (Bitwarden does gather some anonymized usage data, but it’s nothing we’re concerned about), though the free version does show you an ad for the premium account.

CostSharingAdded features
Bitwarden FreeFreeSharing between two peopleSecure text sharing, email alias services, username breach report
Bitwarden Premium$10 per year per personSharing between two peopleEverything included in Bitwarden Free and 1 GB encrypted file storage, emergency access, password hygiene and health reports, TOTP authenticator, priority customer support, secure file sharing
Bitwarden Families$40 per yearSharing among six peopleEverything included in Bitwarden Premium
Though many people won’t need to upgrade beyond the free version of Bitwarden, the fees for the paid versions are reasonable.

It has unique onboarding and support options. Bitwarden’s documentation has improved over the years, even introducing video tutorials, but 1Password still does a more comprehensive job of onboarding people who have never used a password manager before. Bitwarden does offer some tools that 1Password doesn’t, including occasional training events that walk you through the setup process and features. If you can’t attend, you can replay the event video. We think 1Password is easier to get the hang of using if you’ve never used a password manager before, but Bitwarden isn’t far behind.

The main benefit of using a password manager is that you need to remember only one password, instead of dozens, to access all of your accounts. But the one password you do need to keep track of—your master password—must be a good one.

The Cybersecurity and Infrastructure Security Agency recommends that passwords be at least 16 characters long or comprise five to seven individual words. 1Password suggests making a long but memorable password, perhaps composed of multiple random words with dashes, periods, or some other easy-to-remember punctuation in between. The password generators from 1Password and Bitwarden offer a handy way to make one of these passwords regardless of the software you use.

A screenshot of the strong password generator screen in 1Password.
1Password’s Strong Password Generator can help you come up with a strong but memorable master password.

The argument for creating a memorable but unique password is that you can memorize it yourself without making it easy for others to guess; you should try to memorize your master password if at all possible. But in case of emergencies, you should also write it down on a physical piece of paper and put it somewhere safe—storing it digitally, especially using a cloud service like Dropbox, Google Drive, iCloud, or OneDrive, risks exposing it to hackers, which would defeat the purpose. 1Password even gives you a handy Emergency Kit printout on which you can write your account information, your secret key, and your password, along with a QR code you can scan when you set up 1Password on a new phone, tablet, or computer.

Of course, your master password shouldn’t be the only thing protecting your account. You should also protect your password manager by using two-factor authentication. An app such as Authy or a security key can secure your account further. When you log in, you’re asked to supply both your password and the second factor—either a code from an authentication app or a physical security key—before you can log in on a new device. This means that if someone gets your master password, they still won’t be able to log in to your account without the second factor. This extra step might sound like a pain, but it’s necessary only when you sign in from somewhere new—such as a new browser, laptop, or phone—so it doesn’t cause friction daily.

Most web browsers offer to save your passwords for you, and some—including newer versions of Chrome, Firefox, and Safari— offer to generate new ones for you, just like a password manager. They can even alert you to password reuse and breaches.

Using your browser’s password storage is far better than doing nothing; most major browsers support some kind of syncing across devices, offer encryption and two-factor authentication for password data, and can fill in other forms for you. But using a standalone password manager has one primary benefit: It can work across multiple operating systems and browsers depending on what you prefer. Interoperability is improving (you can now save a password in Chrome and access it in Safari on mobile, for example), but browser-based password managers still sometimes work only in that browser, and if they do offer support across platforms, that feature tends to be awkward to use. But those restrictions can be a strength, too: Built-in password managers are often easier to use for newcomers, and since they’re integrated at a system or browser level, they are less clunky and require less setup than standalone software.

Good standalone password managers also include features not often found in browser-based password managers, such as mechanisms for easily sharing passwords with family members and friends when many people need to log in to a single site. And because the password managers we recommend include standalone apps as well as browser extensions, you can easily use a password manager to store other data, such as software product keys, addresses, bank account numbers, and credit card numbers (some browsers also offer to store these things for you; others don’t).

If you have been using your browser’s built-in mechanism for saving passwords and want to move on to a standalone password manager, both 1Password and Bitwarden can import saved passwords so you don’t need to start from scratch.

Protecting all of your passwords with a strong master password is convenient, but what happens if your password manager’s servers are compromised and your data is stolen?

Both 1Password and Bitwarden are transparent about their security models and what they’re doing to keep your data safe even in the event of a hack. Both use 256-bit AES encryption to make your data unreadable to anyone without your master password, whether your data is stored on your personal phone or computer, stored on 1Password’s or Bitwarden’s servers, or in transit between your devices and the servers. Both also claim to have a “zero-knowledge” security model, where no one working for 1Password or Bitwarden can ever see your master password, so no employee (and no one who has broken into their systems) could decrypt your data and see it even if they had access to it. 1Password routinely subjects itself to third-party security audits to make sure that its systems are secure and that it follows security best practices. Bitwarden does security audits every year, completing its most recent audit in 2023. Both 1Password and Bitwarden also interact with security researchers through public bug-bounty programs.

Using a password manager that stores data in the cloud comes with some inherent risk, but we think 1Password and Bitwarden manage it well. If you absolutely must keep your passwords stored locally, KeePassXC may be a good fit.

The privacy policies of 1Password and Bitwarden lay out what information the companies gather and in what circumstances third parties might be involved. We didn’t see anything that gave cause for concern. Both companies told us directly, and state in their documentation, that they will not sell or share customer data for commercial purposes.

1Password and Bitwarden both support generating multi-factor authentication codes for your logins—storing what’s called TOTP codes just like a standalone authentication app would—but we do not recommend using this feature in your password manager. Although the feature provides some convenience by autofilling the code for you, the result is that if an intruder gains access to your password manager, they can also get into all your accounts. You should enable multi-factor authentication for the password manager itself, so you might as well use that same authenticator app (or security key) for the rest of your authentication needs.

A Proton Pass desktop app is now available for Windows, and the company says it plans to launch macOS and Linux apps soon. We previously dismissed Proton Pass partly for its lack of platform support, so we plan to reevaluate it when the desktop apps are available.

LastPass Free was once an easy recommendation, but in December 2022, LastPass announced a data breach that exposed encrypted password vaults along with personal details, including names, email addresses, IP addresses, phone numbers, and some billing information. Account passwords weren’t exposed, but hackers can theoretically access password vaults by guessing master passwords. If a master password is weak, that exposure could happen quickly. The breach was so bad that security experts recommended that anyone who uses LastPass change all their passwords and consider moving to another password manager. In February 2023, the company revealed that an attacker had also gained access to a LastPass employee’s home computer, snagging the employee’s password for a corporate vault in the process. This doesn’t affect the already bad state of customer accounts, but it does make the company look even worse. Since then, the company has changed some policies to improve the security of vault data.

Dashlane Premium is as polished as 1Password and also has a free version, but that version is limited to one device, and most people have multiple devices. At $60 a year, Dashlane’s most popular plan is expensive; the $90-a-year family plan that covers up to 10 people is a better deal, but that’s still $30 more annually than 1Password’s family plan.

Keeper and NordPass have many of the same paid features as 1Password does, but we found both apps less intuitive to use than 1Password. The pricing plans of both are confusing, relying on annual discounts or doling out specific features piecemeal. Proton Pass has a polished interface, but has few features and currently does not support Safari. Zoho Vault is especially intriguing because it’s completely free for one person, but we found it was overly complicated and clearly intended for enterprise use. And although we found Enpass Premium too complex for most people, it’s an intriguing option for anyone who wants to keep control of their password manager data.

We dismissed most other password managers for lacking one or more features, such as not participating in third-party security audits or not supporting one or more of our desired operating systems. That list includes Ascendo DataVault Password Manager, Avira Password Manager Pro, Bitdefender Password Manager, eWallet, F-Secure ID Protection, LogMeOnce, McAfee True Key, mSecure, Norton Password Manager, oneSafe, Password Boss, Password Safe, RoboForm Premium, SaferPass Premium, SplashID Pro, and Sticky Password.

This article was edited by Caitlin McGarry.

Should I use the two-factor authentication codes my password manager provides?

1Password and Bitwarden both support storing two-factor authentication codes, but we don’t recommend using that feature. If a snoop or intruder does somehow access your password manager, they would then also get into all the accounts with two-factor authentication enabled. You should enable two-factor authentication to protect your password manager account anyway, so you might as well use that same 2FA app (or key) for the rest of your authentication needs.

Can I use a password manager with a YubiKey?

Usually, yes. Both 1Password and Bitwarden Premium accounts support security keys as a second factor for login.

Are “suggested passwords” safe?

Yes. Suggested passwords are randomly generated, so it’s very unlikely that someone could guess them. Both of our picks allow you to set up different rules for password creation—such as what sorts of characters to include or whether to use real words—but the default settings are secure enough for most people. However, if one of your suggested passwords is swept up in a data breach, you should still change it.

Doesn’t prefilling passwords mean that anyone at my computer can log in to my accounts?

That’s true only if you unlock your password manager and then walk away from your computer. Password managers are generally designed to “lock” after a period of inactivity, requiring your master password before they’ll work again.

You can also avoid the problem by locking your computer whenever you walk away from it. You can do so by putting your computer to sleep, or by pressing the Windows+L (on Windows) or Control+Shift+Power (on MacBooks) keyboard shortcut.

Can I access my passwords on a public computer?

Yes. 1Password and Bitwarden both have web apps that you can log in to from anywhere—they don’t support the same convenient autofill capabilities as the browser extensions, but they do provide easy access to your passwords and any other information you have stored. Remember to log out of them when you’re done using the public computer.

Does a password manager work on my iPhone or Android phone?

Yes. Most password managers with iOS and Android apps can autofill usernames and passwords both on websites and in apps, replacing (or augmenting) the built-in autofill features in those operating systems. You can find directions for setting this up in 1Password on iOS and Android, as well as directions for Bitwarden on iOS and Android.

What if I forget my master password?

A good password manager is designed so that a person who doesn’t know your master password will never be able to get into your account and access your data—and that includes yourself. Make sure to write down your master password (and we mean actually write it down, with pen and paper) and store it somewhere safe to prevent this from happening.

If you have forgotten your master password, your options depend on which password manager you’re using. In Bitwarden, you need to delete your entire account and start again from scratch. 1Password gives you a couple of other options, including resetting your master password from another family member’s account. If you do need to start from scratch, the process is annoying and time-consuming, but it isn’t the end of the world—you’ll need to reset every password on every site you use, but once you’ve done that, you’ll be back where you started.

Can I share passwords with a family member?

A 1Password family plan allows family members to share different vaults, so you can share some logins (for paying bills or managing finances, for example) but not others (for personal email or sites you use for work, say). Bitwarden offers the same features for less money, though it’s less user-friendly; you need to set up an “organization” to create and share password vaults. A two-person organization is free, while larger organizations cost $3 per month per person.

How do password managers work with passkeys?

Passkeys are a new secure authentication technology, endorsed by Apple, Google, and Microsoft, that is designed to replace passwords. That might lead you to think the days of password managers are numbered, but that isn’t the case. For one thing, passkeys are very new and still aren’t widely supported. For another, you need a place to store your passkeys, and several password managers—including 1Password and Bitwarden—now let you do just that. You can even log in to a Bitwarden account with a passkey, and the same feature is currently available in beta on 1Password.

  1. Sarah Brown, What if 1Password gets hacked?, 1Password Blog, April 8, 2020

  2. Kyle Spearrin, Bitwarden Upholds High Security Standards with Annual Third-Party Audits, The Bitwarden Blog, February 28, 2023

  3. Bitwarden Security Paper (PDF), Bitwarden, October 2020

  4. 1Password Security Design (PDF), 1Password, October 25, 2023

Meet your guides

Andrew Cunningham

Andrew Cunningham is a former senior staff writer on Wirecutter's tech team. He has been writing about laptops, phones, routers, and other tech since 2011. Before that he spent five years in IT fixing computers and helping people buy the best tech for their needs. He also co-hosts the book podcast Overdue and the TV podcast Appointment Television.

Thorin Klosowski

Thorin Klosowski is the former editor of privacy and security topics at Wirecutter. He has been writing about technology for over a decade, with an emphasis on learning by doing—which is to say, breaking things as often as possible to see how they work. For better or worse, he applies that same DIY approach to his reporting.

Max Eddy

Further reading

Edit
Dismiss