Everyone Needs a Password Manager
This year, World Password Day falls on Star Wars Day. May the fourth be with you! Celebrate by changing all your simple passwords to strong ones, with different ones for every secure site. If that doesn't sound like fun, consider getting some help. First, install a password manager. Second, get all your existing passwords into it. Third, little by little fix all your weak and duplicate passwords. You'll be ready to celebrate when World Password Day rolls around again on May 3, 2018 (which is also National Chocolate Custard Day).
For your own sanity and security, install a password manager and change all of your passwords so every single one is different, and every single one is long and hard to crack. Until our Internet culture evolves into some post-password Nirvana, everybody needs a password manager, from the most carefree Web surfers to the NSA's security wonks. There are plenty of good choices. All the commercial password managers listed here earned 3.5 stars or better. Strapped for cash? We've rounded up free password managers separately.
The Password Basics
The typical password manager installs as a browser plug-in to handle password capture and replay. When you log in to a secure site, it offers to save your credentials. When you return to that site, it offers to automatically fill in those credentials. And, if you've saved multiple logins for the same site, the password manager offers you multiple account login options. Most also offer a browser toolbar menu of saved logins, so you can go straight to a saved site and log in automatically.
Some products detect password-change events and offer to update the existing record. Some even record your credentials during the process of signing up for a new secure website. On the flip side, a password manager that doesn't include password capture and replay automation needs to offset that lack with significant other assets.
Getting all of your existing passwords into the password manager is a good first step. Next, you need to identify the weak and duplicate passwords and replace them with tough ones. Many password managers flag weak and duplicate passwords, and some offer help with the update process. The very best ones can automate the password-change process for you.
When you create a new secure account or update a weak password, you don't want to strain your brain trying to come up with something strong and unique. Why bother? You don't have to remember it. All but one of our top-rated products include a built-in password generator. Make sure your generated passwords are at least 16 characters long; all too many products default to a shorter length.
Entering a password like @2a&[email protected] on your smartphone's tiny keyboard can be tough. Fortunately, almost all of our top password managers can sync across all of your Windows, Mac, Android, and iOS devices. A few even let you authenticate on iOS or Android with your fingerprint rather than typing the master password. Most include some form of two-factor authentication, be it biometric, SMS-based, Google Authenticator, or something else entirely.
Fill Forms Automatically
Since most password managers can auto-fill stored credentials, it's just a small step for them to automatically fill in personal data on Web forms—first and last name, email address, phone number, and so on. Most of the top-rated products include a Web form-filling component. The breadth and flexibility of their personal data collections vary, as does their accuracy when matching Web form fields with their stored items. Even if they miss a field or two, the ones they do fill are ones you don't have to type. Think about how many sites you go to that want all the same information; this feature is a huge time-saver.
Some websites offer to save your address, credit card details, and so on, for convenience. If you accept that offer, you've put your personal data at risk. Who knows if the site is storing your deets securely? Just let the password manager fill the form each time. It's safer.
Different products handle form filling in their own ways. Some immediately fill all recognized fields, some wait for you to click in a field, some pop up and ask what you'd prefer. You'll even find products that offer your choice of credit cards using realistic images with the correct color and bank logo!
Advanced Password-Management Features
Given that all these products take care of basic password management tasks, how can one product stand out from the pack? One handy advanced feature is managing passwords for applications, not just websites. Another is provision of a secure browser, designed to protect sensitive transactions and invoked automatically when you visit a financial site. And of course automating the password change process is a big plus.
As noted, these top products let you sync your passwords across all of your devices. Some of them also include a built-in mechanism for securely sharing passwords with other users. Some let you share a login without making the password visible, some let you revoke sharing, and with some the sharing goes both ways—that is, if the recipient makes a change it will change the original.
On a grimmer note, what happens to your secure accounts after you've died? A few products include some provision for a digital legacy, a method to transfer your logins to a trusted individual in the event of your death or incapacity.
What's Not Here
As I mentioned, every product in the chart above earned at least a 3.5-star rating. Those with three stars are still good, but they're not quite up there with the very best. Less than three stars is just not enough to make the cut. If you're looking for a particular password manager that isn't in this table, I have probably reviewed it, but found it wanting in some way. Note that the blurbs below include everything with a three-star rating or better.
Authentic8 Silo took 3.5 stars, and it does manage passwords, but password management isn't its main purpose.
You also won't find any free password managers here, because they have their own, separate roundup. LastPass 4.0 and LogMeOnce Password Management Suite Premium 5.2 are our Editors' Choice free password managers.
The Top Password Management Software
Veteran password manager LastPass 4.0 Premium offers an impressively comprehensive set of features. Slick and polished Dashlane 4 also boasts a ton of features, even some that LastPass lacks. Sticky Password Premium handles essential tasks better than most, and a portion of every purchase goes to help an endangered species. And LogMeOnce Password Management Suite Ultimate justifies its incredibly long name with an incredibly long list of features, some not found in any competing products. But even the products not named as Editors' Choice have their merits; you may prefer one of them. As mentioned, all of the products listed below earned at least three stars.
%displayPrice% at %seller% It's hard to believe, but Dashlane 4 is even slicker and easier to use than its predecessor. It fully supports seven languages now, and can automatically change passwords on 500 websites. This very capable password manager earns a rare five stars. Read the full review
%displayPrice% at %seller% LastPass 4.0 Premium builds on the excellent free version's features, adding enhanced multifactor authentication, application password management, and password sharing groups. Read the full review
%displayPrice% at %seller% With innovative features like selfie-based two-factor authentication and built-in anti-theft, LogMeOnce Password Management Suite Ultimate 5.2 is the most feature-rich password manager around. Read the full review
%displayPrice% at %seller% Sticky Password Premium does everything you'd expect from a password manager and more. If you choose the unusual no-cloud Wi-Fi sync, your passwords never leave your home network. Read the full review
%displayPrice% at %seller% Keeper Password Manager & Digital Vault 10 syncs your passwords and files across all platforms, and it's built from the ground up with security as its main focus. Read the full review
%displayPrice% at %seller% Password Boss Premium v2.0 handles all basic password management tasks and includes advanced features, such as secure sharing and password inheritance. It's definitely worth a look. Read the full review
%displayPrice% at %seller% AgileBits 1Password 6 syncs passwords and personal data across all your devices. It isn't as automated as most competing products, but other than that it's a slick, easy-to-use utility. Read the full review
%displayPrice% at %seller% RoboForm 8 Everywhere adds new features like digital inheritance and secure file sharing to the venerable RoboForm's password management and form filling capabilities, but it hasn't quite caught up with the top products. Read the full review
%displayPrice% at %seller% Authentic8 Silo completely insulates your browser from malicious websites and also manages your passwords. You can use it on Windows, Mac, Ubunto, or iOS (iPad only). Read the full review
%displayPrice% at %seller% RoboForm Desktop 7 has hardly changed in the last four years, while the password-manager market has evolved. It's still quite effective, but lacks some features we've come to expect. Read the full review
%displayPrice% at %seller% True Key by Intel Security handles all the basic tasks of a password manager, with a strong focus on multi-factor authentication; it lacks many advanced features, offered by the competition, however. Read the full review
%displayPrice% at %seller% Zoho Vault does everything a password manager must, though it lacks form filling and has a few other minor limitations. If you don't need multi-user features, you can use it for free. Read the full review
%displayPrice% at %seller% Password manager F-Secure KEY has an attractive, cross-platform user interface, but its features are limited, even when compared with some free competitors. Read the full review
%displayPrice% at %seller% Intuitive Password 5.0 works on any platform and in any modern browser, with no installation required. However, it lacks the automation that makes other password managers so easy to use. Read the full review
%displayPrice% at %seller% Kaspersky Password Manager (Multi-Platform) includes the basics of password management and syncs across all your devices. However, it just can't match the rich feature set of the best competing products. Read the full review
%displayPrice% at %seller% Password Genie 5.2 performs its essential password-management tasks admirably and syncs across as many devices as your licenses permit. However, the best password managers do quite a bit more. Read the full review
%displayPrice% at %seller% SplashData SplashID 8.1 stores your passwords and other personal data and syncs across all your devices, but it isn't as automated as most other password managers. Read the full review
%displayPrice% at %seller% Trend Micro Password Manager 3.7 performs all the basic features of a password manager, but lacks two-factor authentication, secure password sharing, and other advanced features found in the best products. Read the full review