By Max Eddy
Max Eddy is a writer who has covered privacy and security—including password managers, VPNs, security keys, and more—for over a decade.
Everyone should use a password manager.
It’s the most important thing you can do—alongside two-factor authentication—to keep your online data safe.
We’ve evaluated dozens of paid and free password managers, and we’ve concluded that 1Password offers the best combination of features, compatibility, security, and ease of use.
You don’t have to pay for a good password manager, but if you can, 1Password is worth the $36 per year.
If you prefer free software, Bitwarden does everything you’ll need and doesn’t cost anything.
Everything we recommend
Top pick
1Password offers attractive and straightforward apps. Newbies will like its plain-language security recommendations and colorful interface, while the technically inclined will appreciate its advanced features and security.
Buying Options
You save $30 (50%)
You save $14 (47%)
Budget pick
The free version of Bitwarden covers all the basics of a good password manager and doesn’t cost anything. But features like advanced security reports and encrypted file storage cost extra.
Buying Options
What to know
- Unique passwords
A password manager creates a unique password for every account, which helps protect you from data breaches.
- Easier logins
Password managers automatically fill in the username and password details for you, simplifying and speeding up the login process.
- Works everywhere
You’ll be able to access passwords from anywhere, including different computers, tablets, and your phone.
- One password
Password managers are locked behind a single password, so make it hard to guess and use multi-factor authentication on your account.
Top pick
1Password offers attractive and straightforward apps. Newbies will like its plain-language security recommendations and colorful interface, while the technically inclined will appreciate its advanced features and security.
Buying Options
You save $30 (50%)
You save $14 (47%)
1Password has easy-to-use, polished apps that work on Windows PCs, Macs, Chromebooks, iPhones, iPads, Android devices, and the major web browsers. The Watchtower feature helps you identify and change weak, reused, or compromised passwords, and 1Password walks you through correcting these problems in clear, digestible language. 1Password uses strong encryption and good security practices, which sometimes leads to tedious interactions.
Advertisement
SKIP ADVERTISEMENTBudget pick
The free version of Bitwarden covers all the basics of a good password manager and doesn’t cost anything. But features like advanced security reports and encrypted file storage cost extra.
Buying Options
The free version of Bitwarden gets the basics right and doesn’t cost a thing, but it lacks a few features that make 1Password such a standout option. Many of those features, such as password checkups and 1 GB of encrypted storage, are available with Bitwarden’s reasonably priced, $10-per-year premium plan. Bitwarden isn’t as polished overall and lacks the in-app guidance of 1Password, which makes it harder for beginners to get the hang of. But the free version of Bitwarden offers the core features you need in a password manager, including the ability to sync as many passwords as you want across as many devices as you own, support for software multi-factor (or two-factor) authentication, and sharing between two people with separate logins using a two-person organization. Bitwarden works on the same devices as 1Password, so you can use it with any computer, phone, tablet, or browser.
Regardless of the password manager you use, it’s important to protect your data with a strong master password—we have advice for how to do that below.
Advertisement
SKIP ADVERTISEMENTThe research
- Why you should trust us
- Why you need a password manager
- How we picked
- How we tested
- The best password manager: 1Password
- A great free password manager: Bitwarden
- Making a good master password
- Why can’t you just use the Chrome or browser password manager?
- What about the Apple Passwords app?
- Is it safe to trust a password manager with all your passwords?
- The competition
- Frequently asked questions
- Sources
Why you should trust us
Wirecutter has been testing and recommending password managers since 2016.
Max Eddy is Wirecutter’s senior staff writer covering privacy and security. He previously worked at PCMag for 11 years, where he also wrote about password managers and other tools for improving personal security.
Thorin Klosowski has spent a decade writing about technology, with a focus on software for many of those years. He has written about privacy and security for the bulk of that time and has tested countless password managers.
Andrew Cunningham spent years testing, reviewing, and otherwise writing about computers, phones, operating systems, apps, and other gadgets for AnandTech, Ars Technica, and Wirecutter. He has been building, upgrading, and fixing PCs for more than 15 years, and he spent five of those years in IT departments buying and repairing laptops and desktops as well as helping people buy the best hardware and software for their needs.
Why you need a password manager
Passwords are as annoying as they are necessary, and a good password manager can keep you secure while making it easier to juggle the sheer number of passwords you need to be a person on the internet. Using a password manager is one of the most important things you can do to protect yourself online, aside from using multi-factor authentication and keeping your operating system and web browser up to date. If any of your passwords are weak and easy to guess, if you reuse any of your passwords across multiple sites, or if the sites you use are ever hacked and your account is compromised, you risk losing access to your accounts and your data. In fact, if you reuse passwords, chances are good that your password is already out there. You can even check to see if your email address or password has been involved in a data breach.
Password managers generate strong new passwords when you create accounts or change a password. They also store all of your passwords and, if you want, your credit card numbers, addresses, bank accounts, and other information in one place, secured with a single strong master password. All you need to remember is your master password, and your password manager can remember everything else, filling in your username and password for you whenever you log in to a site on your phone or computer. The best part is that once set up, a password manager makes your digital life easier, speeding up the login process and simplifying managing your online accounts. Getting started can be intimidating, but once you’ve done that, it’s a (mostly) painless experience.
Advertisement
SKIP ADVERTISEMENTHow we picked
For this guide, we’re focusing on the password managers that work best for individuals, rather than those intended for businesses to deploy and manage. To separate the great ones from the merely okay ones, we use the following criteria:
- Good protection for your passwords: You’re trusting your password manager with your entire digital existence, and your password manager should store your data securely. A good password manager needs to use strong encryption to protect your data on your computer, on your password manager’s server, and when your data is moving between the two. But those promises of security only go so far, so we require that any password managers we recommend participate in regular third-party security audits (preferably audits that they make public) and have a bug-bounty program. Security audits aren’t perfect—they offer just a snapshot of the software and infrastructure—but they are a signal of trust and transparency.
- Privacy: A password manager shouldn’t share data with third parties for advertising, so we check both the privacy policies and the mobile apps to confirm that they aren’t sharing data they aren’t supposed to.
- Unlimited password storage: Any paid password manager should be able to store an unlimited number of passwords and other records, and enough free ones offer unlimited storage that you shouldn’t settle for less.
- Sync between devices (and no limits on the number of devices you can use): You probably have more than one device that you use every day, between your home computer, your work computer, your phone, and your laptop. A good password manager should offer cloud syncing so that your passwords remain accessible anywhere on an unlimited number of devices.
- Compatibility: A great password manager runs on just about anything, regardless of what hardware and software you and your family use. Password managers should receive frequent updates, especially after large operating system changes, which helps plug any security holes and shows that the developers are regularly working on the app. We look at three different kinds of compatibility.
- Desktop and laptop compatibility: A password manager should have a Windows and macOS app that you can use to browse, add, and edit your information. We note Linux compatibility but don’t require it. Support for Chrome OS is generally covered by Chrome browser extensions.
- Web browser compatibility: We prefer those password managers that offer browser extensions for Chrome, Edge, Firefox, and Safari. The extensions are responsible for autofilling passwords and other forms, as well as for generating and saving new passwords when you change one or make a new account.
- iOS and Android compatibility: A password manager should have apps for both iOS and Android that are easy to use and capable of autofilling passwords in browser windows and within apps. The apps should walk you through the process of setting them up and giving them the permissions they need to work.
- Ease of setup and use: A password manager should make it easy to get started or to transition from using browser-based password autofill, as well as to set up all the apps and browser extensions required. And once you’ve set up your password manager, it should be easy (not annoying) to use when you need it.
- Tools to fix your security problems: Once your data is in your password manager, it should be able to identify weak, reused, and compromised passwords, and it should give you clear and easy-to-follow directions for changing them.
- Support for biometric logins: If your phone, tablet, or laptop has a fingerprint reader or face-scanning camera, you should be able to unlock your password manager with that, rather than a password or PIN, for convenience’s sake.
- Price: The paid password managers we evaluated usually cost between $10 and $60 per year for one person to use, though decent options are available for free. Password managers that offer family plans usually cover four or five people, so they’re generally a good deal even if your family has only two people. Although password managers often advertise a monthly subscription fee, the fees are typically billed yearly.
- Password sharing: A good password manager should make it easy for you to securely share login data with someone else you trust for accounts that multiple people may need to access—for example, sites for paying your family’s bills, or shared email and social media accounts for a small business. This feature is common in paid password managers but rare in free ones.
How we tested
After searching and consulting sites such as CNET, PCMag, Tom’s Guide, and Wired, we assembled a list of about 40 free and paid password managers. We dismissed most of them because they weren’t compatible with all of the operating systems and browsers we wanted or because they didn’t take part in third-party security audits.
In 2024, we tested 11 password managers: 1Password, Bitwarden, Dashlane, Enpass Premium, Keeper, mSecure, NordPass, Proton Pass, RoboForm Premium, Sticky Password, and Zoho Vault. We installed each of these password managers on a Windows PC, a Mac, an iPhone, and an Android phone.
Advertisement
SKIP ADVERTISEMENTThe best password manager: 1Password
Top pick
1Password offers attractive and straightforward apps. Newbies will like its plain-language security recommendations and colorful interface, while the technically inclined will appreciate its advanced features and security.
Buying Options
You save $30 (50%)
You save $14 (47%)
1Password offers the best combination of compatibility, ease of use, features, and price of any paid password manager we’ve tested. It has polished apps that work on just about any computer, tablet, phone, or web browser. We like how easy it is to identify and change weak, reused, or compromised passwords through the Watchtower feature, and we like how 1Password walks you through correcting those problems in clear, easy-to-follow language. The company has good security practices and uses strong encryption to protect passwords. 1Password costs $36 a year for individuals or $60 a year for families of two to five—on the high end of average for paid password managers—though it does offer free accounts for politicians and activists as well as journalists.
1Password is compatible with the most-used operating systems and browsers. Standalone apps for Windows, macOS, iOS, and Android all allow you to view and edit all the items in your vault. 1Password also has browser extensions for Chrome, Firefox, Brave, and Microsoft Edge that handle basic functions like autofilling passwords and creating new ones. If you use Safari on Mac, you need to download the desktop app, which includes the extension for Safari. We recommend downloading the desktop and mobile apps for your operating systems, along with the browser extensions for whatever web browsers you use. 1Password’s desktop apps for Windows and Mac are also far superior to what you get with Bitwarden, which requires the web app for features beyond password generation and search.
It’s easy to set up and use. We know that password managers can seem overwhelming to set up, but we think everyone should use them, not just the technologically savvy. 1Password does the best job of making it easy to incorporate a password manager into your daily habits with a user interface that’s simple to understand even for people who are new to a password manager. You can quickly view and change saved passwords and other information. Your default “vault” stores login information, credit card numbers, and data for autofilling forms. And if sorting items alphabetically or by tag isn’t good enough, you can create any number of vaults to organize your information (if you want to store logins for your personal accounts and work accounts separately, for example). This is especially important for 1Password Families or Business accounts, where you might want to share the contents of one vault with other 1Password users while keeping other vaults private.
All versions of 1Password and Bitwarden support logging in with your face or fingerprint, depending on what biometric authentication options your computer, phone, or tablet offers. We recommend using this feature on iOS and Android especially, where typing in a long master password multiple times a day will cost you time and annoy you. Both apps can replace iOS’s and Android’s built-in password-autofill features and can work in apps as well as on websites.
No password manager has a foolproof introduction that teaches you everything you need to know, but 1Password’s extensive support articles—which usually include large screenshots or video tutorials—make it a solid choice for people new to password managers. It’s easier to learn than most free options, including Bitwarden.
Password manager | Price (one person) | Family plan |
1Password | $36/year | $60/year for up to five people |
Bitwarden Premium | $10/year | $40/year for up to six people |
Dashlane Premium | $60/year | $90/year for up to 10 people |
Enpass Premium | $24/year | $36/year for up to six people |
Keeper | $35/year | $75/year for up to five people |
LastPass Premium | $36/year | $48/year for up to six people |
mSecure | $20/year | $60/year for up to four people |
NordPass Premium | $45/year | $90/year for up to six people |
Proton Pass | $24/year | $60/year for up to six people |
RoboForm Premium | $30/year | $48/year for up to five people |
Sticky Password | $40/year | $30/person/year |
Zoho Vault | Free | $11/person/year |
It's affordable for individuals and families. 1Password costs $36 a year for one person or $60 a year for families (regardless of whether your family has as few as two or as many as five people); it’s more expensive than some of our other finalists but about average for an excellent password manager. LastPass Premium costs the same amount for individuals but only $48 for families of up to six. Bitwarden’s free plan and $10-per-year Premium plan allow you to share with one other person for no extra cost, but if you want to share with more people than that, you need to sign up for a family plan for $40 a year. If you decide not to renew your 1Password account, you can still access your passwords, but you can’t create new ones.
When you set up a 1Password family plan, you put your passwords and other information in your shared vault instead of your personal vault to give access to everyone else on your plan. “Family organizers,” a group that includes the 1Password account that created your family’s account plus anyone they designate as a “family organizer,” can recover the accounts of other family members if they forget their master password or secret key, which is useful for helping kids or less technically inclined folks. 1Password recently added support for recovery codes, which can help ensure you don’t get locked out of your account. If you want your account shared after death, storing the Emergency Kit in a shared safe is the only way to do so.
1Password has strong security policies. By default, all of your information is backed up to 1Password’s servers; the data is protected under end-to-end 256-bit AES encryption, which means that no one but you can read it on 1Password’s servers (including 1Password employees) or when the data is in transit between 1Password’s servers and your device.
To protect your accounts, 1Password has users create a “Secret Key” in addition to a password. It’s a bit confusing at first, but 1Password says it allows the company to better secure your data and ensure attackers can’t steal the means to decrypt your vault from 1Password. (For details, you can read more about 1Password’s security model.) Annoyingly, you do have to enter the Secret Key each time you log in on a new device, but 1Password now allows you to scan a QR code on a device where you’re already logged in. You’ll still need to enter your password, however.
1Password is also transparent about addressing potential security issues. This summer, the company outlined how it dealt with a potential vulnerability brought to light by a researcher. This is how we want companies to behave when confronted with security issues.
1Password has comprehensive features that improve your online security. 1Password’s Watchtower feature—which is both a dedicated section of the app and a collective name for all the ways in which 1Password tries to protect your logins—identifies weak and reused passwords, passwords for websites that don’t use the secure HTTPS protocol, passwords for sites that have been hacked, passwords that are about to expire, and accounts for which two-factor authentication is available but has not been enabled. 1Password told us that Watchtower can also highlight sites in your vault that now offer passkey authentication. In all cases, the app offers straightforward directions for solving the problem. Bitwarden has a similar feature, called Vault Health Reports, that’s available only for paid subscribers.
Other handy 1Password features include 1 GB of secure online storage for sensitive files, such as scans of sensitive documents, and Travel Mode, which allows you to temporarily remove selected vaults from your device if you’re worried about your device being searched or stolen while you’re traveling. 1Password integrates with Privacy, a service for creating one-time-use credit cards, which is convenient when you’re shopping online at sites you’re not confident in or testing out subscription services you don’t want to auto-renew. It also allows you to securely share anything in your vault, including documents, even if the recipient doesn’t use 1Password. Recently, 1Password added the ability to store passkeys. Version 8 of 1Password added the ability to autofill passwords in desktop apps on both Windows and Mac. We were impressed with how seamless password creation and updating were in Safari on macOS.
Flaws but not dealbreakers
It’s the least awkward, but it’s still quirky. In our latest round of testing, 1Password sometimes struggled to recognize password fields on Android. No password manager we tested was free of these types of little peculiarities, though, and 1Password was less glitchy than most.
The quirks of 1Password start the second you prepare to install it. You can install just the browser extensions and get most of the basic features that people usually need, or you can also install the desktop apps and get advanced features for organization and benefits like Face ID or Windows Hello support. Or you can install both the extension and the desktop app, which is what we typically recommend, even though it can sometimes be difficult to know which one to use and when. Note that the 1Password app in the Mac App Store called 1Password 7 is quite old; if you want the latest version, you’ll have to download it directly from the developer’s website.
On iPhone and iPad, 1Password offers two methods to access your passwords, either through the Safari extension or the autofill menu. The Safari extension lets you interact with 1Password through the same small icon placed on the login field as it does on desktop, which is a little difficult to navigate on the smaller screen of an iPhone. Enabling both isn’t necessary and just adds confusion, so we recommend sticking with autofill. The same goes for Bitwarden, or any other third-party password manager you use.
Its security features can sometimes cause headaches. 1Password’s unusual Secret Key system is sure to confuse some people who are used to just needing a username and password. We think that the new QR setup code experience will help people setting up new devices, however. We also found that 1Password frequently locked itself and re-prompted us for authentication. It’s good security for a password manager to lock itself periodically, but we know that most people don’t want to use something that they find more irritating than helpful. You can easily change this behavior in 1Password’s settings, or you can enable biometric authentication to log in faster.
There’s no free version. 1Password’s features are worth paying for, but Bitwarden shows that it’s possible to offer a free password manager that leaves off a few features without feeling too restrictive. That said, we’ve concluded that 1Password more than justifies its expense.
A great free password manager: Bitwarden
Budget pick
The free version of Bitwarden covers all the basics of a good password manager and doesn’t cost anything. But features like advanced security reports and encrypted file storage cost extra.
Buying Options
If you don’t want to pay for a password manager, if the added features in 1Password aren’t appealing to you, or if you’d like to self-host your password manager, use Bitwarden. The free version of Bitwarden is missing a few features in comparison with 1Password, such as comprehensive password checkups, security-key support, and 1 GB of encrypted storage. But it has all the important features of a password manager: You can sync with as many devices as you want and store unlimited passwords, and the free account allows you to share password collections with one other person. And Bitwarden has the same wide-ranging compatibility as 1Password, so you can use it with just about any device. Bitwarden’s security protocol is similar to 1Password’s, so even if Bitwarden’s servers are compromised, your passwords are safe. Bitwarden now undergoes annual third-party security audits, similar to the repeated security audits 1Password does. If you’ve never used a password manager before, Bitwarden doesn’t teach you the basics as well as 1Password does, but its documentation is thorough and easy to search.
Password manager | Password limits | Device limits | Cloud sync/backup | Password sharing | Weak-password auditing |
Bitwarden Free | None | No | Yes | Share across two users | No |
Dashlane Free | 25 | Limited to use on one device | Yes | Unlimited | Yes |
LastPass Free | None | Limited to use on one type of device | Yes | Share individual passwords with one other account | Yes |
It’s widely supported across platforms. Bitwarden supports the same operating systems and browsers as 1Password does, including Windows , macOS , iOS, and Android. Bitwarden, like 1Password, supports logging in with your face or fingerprint, whichever method your device supports. It offers browser extensions for Chrome, Edge, Firefox, and several other browsers. Like 1Password, Bitwarden packs its Safari extension into the desktop app. You can also self-host Bitwarden, in which case it’ll never upload your password to the company’s servers, but setting that up is a complicated process.
It has clean, usable apps and extensions. Functionally, the Bitwarden extensions and desktop apps do the minimum we ask of a password manager: They store and generate passwords. They’re not as polished as 1Password’s apps, they don’t alert you about weak passwords when you log in (you can click an icon in the extension to check when you visit a login page, though), and they don’t support Bitwarden’s premium password-audit features (you need to use the web app for those). On top of that, free accounts don’t get any password reports aside from a data-breach report, which checks Have I Been Pwned? for your email address. To scan your accounts for breaches, reused passwords, exposed passwords, and unsecured websites, you need to visit the Bitwarden website and have a $10-per-year premium account.
By contrast, 1Password’s audit notes and suggestions are visible throughout its apps and don’t require you to visit the website. On free accounts, Bitwarden Send, a feature that lets you share encrypted files, is limited to text sharing, but on premium accounts you can share other files, as well. Both the free and premium versions of Bitwarden include built-in support for multiple email alias services, including our favorite, SimpleLogin and Fastmail. This integration allows you to create an email alias and password when creating new accounts, a feature that’s limited to Fastmail accounts in 1Password. Like 1Password, Bitwarden can also store passkeys.
It gives you pretty much everything you need from a password manager. The biggest features you’re likely to miss in the free version are password audits, the option to grant emergency access to a person you choose, the ability to send files securely, priority tech support, and the 1 GB of secure storage. If you’re new to password managers and you want to try Bitwarden, the service is worth the $10 for at least one year so you can improve any weak passwords you have right now. Unlike most free password managers, Bitwarden allows you to share a collection of passwords with one other Bitwarden user for free; you have to pay if you need to share with more people. This feature is handy if you want to share certain logins with a partner or roommate, for example, whether that’s for banking access or just your video-streaming account.
It doesn’t restrict the number of devices you can use or passwords you can store like other free password managers do. According to Bitwarden’s privacy policy, the company doesn’t sell or share any personal information for commercial purposes, (Bitwarden does gather some anonymized usage data, but it’s nothing we’re concerned about), though the free version does show you an ad for the premium account.
Cost | Sharing | Added features | |
Bitwarden Free | Free | Sharing between two people | Secure text sharing, email alias services, username breach report |
Bitwarden Premium | $10 per year per person | Sharing between two people | Everything included in Bitwarden Free and 1 GB encrypted file storage, emergency access, password hygiene and health reports, TOTP authenticator, priority customer support, secure file sharing |
Bitwarden Families | $40 per year | Sharing among six people | Everything included in Bitwarden Premium |
It has unique onboarding and support options. Bitwarden’s documentation has improved over the years, even introducing video tutorials, but 1Password still does a more comprehensive job of onboarding people who have never used a password manager before. Bitwarden does offer some tools that 1Password doesn’t, including occasional training events that walk you through the setup process and features. If you can’t attend, you can replay the event video. We think 1Password is easier to get the hang of using if you’ve never used a password manager before, but Bitwarden isn’t far behind.
Advertisement
SKIP ADVERTISEMENTMaking a good master password
The main benefit of using a password manager is that you need to remember only one password, instead of dozens, to access all of your accounts. But the one password you do need to keep track of—your master password—must be a good one.
The Cybersecurity and Infrastructure Security Agency recommends that passwords be at least 16 characters long or comprise five to seven individual words. 1Password suggests making a long but memorable password, perhaps composed of multiple random words with dashes, periods, or some other easy-to-remember punctuation in between. The password generators from 1Password and Bitwarden offer a handy way to make one of these passwords regardless of the software you use.
The argument for creating a memorable but unique password is that you can memorize it yourself without making it easy for others to guess; you should try to memorize your master password if at all possible. But in case of emergencies, you should also write it down on a physical piece of paper and put it somewhere safe—storing it digitally, especially using a cloud service like Dropbox, Google Drive, iCloud, or OneDrive, risks exposing it to hackers, which would defeat the purpose. 1Password even gives you a handy Emergency Kit printout on which you can write your account information, your secret key, and your password, along with a QR code you can scan when you set up 1Password on a new phone, tablet, or computer.
Of course, your master password shouldn’t be the only thing protecting your account. You should also protect your password manager by using two-factor authentication. An app such as Duo or a security key can secure your account further. When you log in, you’re asked to supply both your password and the second factor—either a code from an authentication app or a physical security key—before you can log in on a new device. This means that if someone gets your master password, they still won’t be able to log in to your account without the second factor. This extra step might sound like a pain, but it’s necessary only when you sign in from somewhere new—such as a new browser, laptop, or phone—so it doesn’t cause friction daily.
Why can’t you just use the Chrome or browser password manager?
Most web browsers offer to save your passwords for you, and some—including newer versions of Chrome, Firefox, and Safari— offer to generate new ones for you, just like a password manager. They can even alert you to password reuse and breaches.
Using your browser’s password storage is far better than doing nothing; most major browsers support some kind of syncing across devices, offer encryption and two-factor authentication for password data, and can fill in other forms for you. But using a standalone password manager has one primary benefit: It can work across multiple operating systems and browsers depending on what you prefer. Interoperability is improving (you can now save a password in Chrome and access it in Safari on mobile, for example), but browser-based password managers still sometimes work only in that browser, and if they do offer support across platforms, that feature tends to be awkward to use. But those restrictions can be a strength, too: Built-in password managers are often easier to use for newcomers, and since they’re integrated at a system or browser level, they are less clunky and require less setup than standalone software.
Good standalone password managers also include features not often found in browser-based password managers, such as mechanisms for easily sharing passwords with family members and friends when many people need to log in to a single site. And because the password managers we recommend include standalone apps as well as browser extensions, you can easily use a password manager to store other data, such as software product keys, addresses, bank account numbers, and credit card numbers (some browsers also offer to store these things for you; others don’t).
If you have been using your browser’s built-in mechanism for saving passwords and want to move on to a standalone password manager, both 1Password and Bitwarden can import saved passwords so you don’t need to start from scratch.
Advertisement
SKIP ADVERTISEMENTWhat about the Apple Passwords app?
You’ve long been able to use Apple’s Keychain to generate and manage passwords on your iPhone and Mac, but it was never easy to use and most people likely didn’t even know it was there. That’s changing in iOS 18 and macOS Sequoia with the new Passwords app.
Passwords has the polish and deep integration we’d expect from Apple. Your logins will automatically sync between all your Apple devices, and to Windows PCs with the iCloud for Windows app. (There’s no way to use Passwords on Android.) Passwords lets you easily group passwords together and share them with specific people—provided they’re using a new enough version of iOS or macOS.
Passwords handles passkeys in an interesting way. Passwords can store passkeys you create like any other password manager, but Apple says that the Passwords app will detect when a site enables passkeys and can “upgrade” your account to use this more secure password alternative. That’s great for security and ease of use, but it requires the people running the website to enable this feature, so even if passkeys are available you might not be automatically upgraded. This feature also isn’t unique to Apple. Yubico Vice President Derek Hanson, who oversees standards and alliances, explained that automatic upgrades are a soon-to-be released feature of the WebAuthn standard that powers passkeys and Apple is the first to implement it. It’s likely we’ll see other password managers adding similar features in the future.
The Passwords app is not without its quirks, however. If you want to change how your device autofills passwords or other behaviors, you’ll have to find the AutoFill & Passwords section in the Settings app. When you create a new login, Passwords generates and saves a new password, but you’ll have to go back into the app and add more information to turn it into a proper entry. Other password managers handle this more smoothly. We also found the instructions for adding new authenticator codes from a QR code were not clear (our advice: take a screenshot and long-press on the resulting image of the QR code in iOS; click and hold on the QR code in macOS).
Our picks are better. We can’t recommend the Passwords app above 1Password or Bitwarden, but that doesn’t mean it’s a bad password manager. If you’re all in on Apple devices and aren’t interested in getting yet another app, Passwords is perfectly fine. It’s also an easy way to start securing your online life with stronger passwords and passkeys. If you find yourself needing something more powerful, our picks will be there.
Is it safe to trust a password manager with all your passwords?
Protecting all of your passwords with a strong master password is convenient, but what happens if your password manager’s servers are compromised and your data is stolen?
Both 1Password and Bitwarden are transparent about their security models and what they’re doing to keep your data safe even in the event of a hack. Both use 256-bit AES encryption to make your data unreadable to anyone without your master password, whether your data is stored on your personal phone or computer, stored on 1Password’s or Bitwarden’s servers, or in transit between your devices and the servers. Both also claim to have a “zero-knowledge” security model, where no one working for 1Password or Bitwarden can ever see your master password, so no employee (and no one who has broken into their systems) could decrypt your data and see it even if they had access to it. 1Password routinely subjects itself to third-party security audits to make sure that its systems are secure and that it follows security best practices. Bitwarden does security audits every year, completing its most recent audit in 2023. Both 1Password and Bitwarden also interact with security researchers through public bug-bounty programs.
Using a password manager that stores data in the cloud comes with some inherent risk, but we think 1Password and Bitwarden manage it well. If you absolutely must keep your passwords stored locally, KeePassXC may be a good fit.
The privacy policies of 1Password and Bitwarden lay out what information the companies gather and in what circumstances third parties might be involved. We didn’t see anything that gave cause for concern. Both companies told us directly, and state in their documentation, that they will not sell or share customer data for commercial purposes.
1Password and Bitwarden both support generating multi-factor authentication codes for your logins—storing what’s called TOTP codes just like a standalone authentication app would—but we do not recommend using this feature in your password manager. Although the feature provides some convenience by autofilling the code for you, the result is that if an intruder gains access to your password manager, they can also get into all your accounts. You should enable multi-factor authentication for the password manager itself, so you might as well use that same authenticator app (or security key) for the rest of your authentication needs.
Advertisement
SKIP ADVERTISEMENTThe competition
LastPass Free was once an easy recommendation, but in December 2022, LastPass announced a data breach that exposed encrypted password vaults along with personal details, including names, email addresses, IP addresses, phone numbers, and some billing information. Account passwords weren’t exposed, but hackers can theoretically access password vaults by guessing master passwords. If a master password is weak, that exposure could happen quickly. The breach was so bad that security experts recommended that anyone who uses LastPass change all their passwords and consider moving to another password manager. In February 2023, the company revealed that an attacker had also gained access to a LastPass employee’s home computer, snagging the employee’s password for a corporate vault in the process. This doesn’t affect the already bad state of customer accounts, but it does make the company look even worse. Since then, the company has changed some policies to improve the security of vault data.
Dashlane Premium is as polished as 1Password and also has a free version, but that version is limited to one device, and most people have multiple devices. At $60 a year, Dashlane’s most popular plan is expensive; the $90-a-year family plan that covers up to 10 people is a better deal, but that’s still $30 more annually than 1Password’s family plan.
Proton offers a password manager called Proton Pass alongside its family of privacy-focused products that also includes email, online storage, and the best free VPN we’ve tested. The service has improved greatly with expanded support for desktop apps as well as browsers, email aliases, form-filling personal details, a family plan, and a reduced price. Proton Pass has a surprisingly feature-rich free plan, but still lacks the advanced tools of our top picks.
Keeper and NordPass have many of the same paid features as 1Password does, but we found both apps less intuitive to use than 1Password. The pricing plans of both are confusing, relying on annual discounts or doling out specific features piecemeal. Zoho Vault is especially intriguing because it’s completely free for one person, but we found it was overly complicated and clearly intended for enterprise use. And although we found Enpass Premium too complex for most people, it’s an intriguing option for anyone who wants to keep control of their password manager data.
We dismissed most other password managers for lacking one or more features, such as not participating in third-party security audits or not supporting one or more of our desired operating systems. That list includes Ascendo DataVault Password Manager, Avira Password Manager Pro, Bitdefender Password Manager, eWallet, F-Secure ID Protection, LogMeOnce, McAfee True Key, mSecure, Norton Password Manager, oneSafe, Password Boss, Password Safe, RoboForm Premium, SaferPass Premium, SplashID Pro, and Sticky Password.
This article was edited by Caitlin McGarry.
Additional reporting for this guide was contributed by former Wirecutter editor Thorin Klosowski.
Frequently asked questions
Should I use the two-factor authentication codes my password manager provides?
1Password and Bitwarden both support storing two-factor authentication codes, but we don’t recommend using that feature. If a snoop or intruder does somehow access your password manager, they would then also get into all the accounts with two-factor authentication enabled. You should enable two-factor authentication to protect your password manager account anyway, so you might as well use that same 2FA app (or key) for the rest of your authentication needs. (Note that Bitwarden now offers a stand alone 2FA app.)
Can I use a password manager with a YubiKey?
Usually, yes. Both 1Password and Bitwarden Premium accounts support security keys as a second factor for login.
Are “suggested passwords” safe?
Yes. Suggested passwords are randomly generated, so it’s very unlikely that someone could guess them. Both of our picks allow you to set up different rules for password creation—such as what sorts of characters to include or whether to use real words—but the default settings are secure enough for most people. However, if one of your suggested passwords is swept up in a data breach, you should still change it.
Doesn’t prefilling passwords mean that anyone at my computer can log in to my accounts?
That’s true only if you unlock your password manager and then walk away from your computer. Password managers are generally designed to “lock” after a period of inactivity, requiring your master password before they’ll work again.
You can also avoid the problem by locking your computer whenever you walk away from it. You can do so by putting your computer to sleep, or by pressing the Windows+L (on Windows) or Control+Shift+Power (on MacBooks) keyboard shortcut.
Can I access my passwords on a public computer?
Yes. 1Password and Bitwarden both have web apps that you can log in to from anywhere—they don’t support the same convenient autofill capabilities as the browser extensions, but they do provide easy access to your passwords and any other information you have stored. Remember to log out of them when you’re done using the public computer.
Does a password manager work on my iPhone or Android phone?
Yes. Most password managers with iOS and Android apps can autofill usernames and passwords both on websites and in apps, replacing (or augmenting) the built-in autofill features in those operating systems. You can find directions for setting this up in 1Password on iOS and Android, as well as directions for Bitwarden on iOS and Android.
What if I forget my master password?
A good password manager is designed so that a person who doesn’t know your master password will never be able to get into your account and access your data—and that includes yourself. Make sure to write down your master password (and we mean actually write it down, with pen and paper) and store it somewhere safe to prevent this from happening.
If you have forgotten your master password, your options depend on which password manager you’re using. In Bitwarden, you need to delete your entire account and start again from scratch. 1Password gives you a couple of other options, including resetting your master password from another family member’s account or using a recovery code. Both of these options need to be set up before you have an emergency, so take the time to do that. If you do need to start from scratch, the process is annoying and time-consuming, but it isn’t the end of the world—you’ll need to reset every password on every site you use, but once you’ve done that, you’ll be back where you started.
Can I share passwords with a family member?
A 1Password family plan allows family members to share different vaults, so you can share some logins (for paying bills or managing finances, for example) but not others (for personal email or sites you use for work, say). Bitwarden offers the same features for less money, though it’s less user-friendly; you need to set up an “organization” to create and share password vaults. A two-person organization is free, while larger organizations cost $3 per month per person.
How do password managers work with passkeys?
Passkeys are a new secure authentication technology, endorsed by Apple, Google, and Microsoft, that is designed to replace passwords. That might lead you to think the days of password managers are numbered, but that isn’t the case. For one thing, passkeys are very new and still aren’t widely supported. For another, you need a place to store your passkeys, and several password managers—including 1Password and Bitwarden—now let you do just that. You can even log in to a Bitwarden account with a passkey, and the same feature is currently available in beta on 1Password.
Sources
Sarah Brown, What if 1Password gets hacked?, 1Password Blog, April 8, 2020
Kyle Spearrin, Bitwarden Upholds High Security Standards with Annual Third-Party Audits, The Bitwarden Blog, February 28, 2023
Bitwarden Security Paper (PDF), Bitwarden, October 2020
1Password Security Design (PDF), 1Password, October 25, 2023
Further reading
Back Up and Secure Your Digital Life
by Ivy Liscomb
From password managers to backup software, here are the apps and services everyone needs to protect themselves from security breaches and data loss.
The Best Security Key for Multi-Factor Authentication
by Max Eddy
A physical security key helps you protect your online accounts, and Yubico still makes the best one.
Our Favorite Password Manager Remembers All of Your Logins So You Don’t Have To
by James Austin
1Password remembers all of your online logins so that you don’t have to.
How to Get the Most Out of 1Password
by Thorin Klosowski
Everyone should use a password manager. Our expert walks you through how to set up and take advantage of the features in our favorite, 1Password.
Advertisement
SKIP ADVERTISEMENT