The 2 Best Password Managers of 2024 | Reviews by Wirecutter

Oct 17, 2024

By Max Eddy

Max Eddy is a writer who has covered privacy and security—including password managers, VPNs, security keys, and more—for over a decade.

After testing Apple’s new Passwords app, we stand by our current picks for most people. We’ve included more details in our “What about Apple Passwords?” section.

Everyone should use a password manager.

It’s the most important thing you can do—alongside two-factor authentication—to keep your online data safe.

We’ve evaluated dozens of paid and free password managers, and we’ve concluded that 1Password offers the best combination of features, compatibility, security, and ease of use.

You don’t have to pay for a good password manager, but if you can, 1Password is worth the $36 per year.

If you prefer free software, Bitwarden does everything you’ll need and doesn’t cost anything.

1Password offers attractive and straightforward apps. Newbies will like its plain-language security recommendations and colorful interface, while the technically inclined will appreciate its advanced features and security.

The free version of Bitwarden covers all the basics of a good password manager and doesn’t cost anything. But features like advanced security reports and encrypted file storage cost extra.

A password manager creates a unique password for every account, which helps protect you from data breaches.

Password managers automatically fill in the username and password details for you, simplifying and speeding up the login process.

You’ll be able to access passwords from anywhere, including different computers, tablets, and your phone.

Password managers are locked behind a single password, so make it hard to guess and use multi-factor authentication on your account.

1Password offers attractive and straightforward apps. Newbies will like its plain-language security recommendations and colorful interface, while the technically inclined will appreciate its advanced features and security.

1Password has easy-to-use, polished apps that work on Windows PCs, Macs, Chromebooks, iPhones, iPads, Android devices, and the major web browsers. The Watchtower feature helps you identify and change weak, reused, or compromised passwords, and 1Password walks you through correcting these problems in clear, digestible language. 1Password uses strong encryption and good security practices, which sometimes leads to tedious interactions.

Advertisement

The free version of Bitwarden covers all the basics of a good password manager and doesn’t cost anything. But features like advanced security reports and encrypted file storage cost extra.

The free version of Bitwarden gets the basics right and doesn’t cost a thing, but it lacks a few features that make 1Password such a standout option. Many of those features, such as password checkups and 1 GB of encrypted storage, are available with Bitwarden’s reasonably priced, $10-per-year premium plan. Bitwarden isn’t as polished overall and lacks the in-app guidance of 1Password, which makes it harder for beginners to get the hang of. But the free version of Bitwarden offers the core features you need in a password manager, including the ability to sync as many passwords as you want across as many devices as you own, support for software multi-factor (or two-factor) authentication, and sharing between two people with separate logins using a two-person organization. Bitwarden works on the same devices as 1Password, so you can use it with any computer, phone, tablet, or browser.

Regardless of the password manager you use, it’s important to protect your data with a strong master password—we have advice for how to do that below.

Advertisement

Wirecutter has been testing and recommending password managers since 2016.

Max Eddy is Wirecutter’s senior staff writer covering privacy and security. He previously worked at PCMag for 11 years, where he also wrote about password managers and other tools for improving personal security.

Thorin Klosowski has spent a decade writing about technology, with a focus on software for many of those years. He has written about privacy and security for the bulk of that time and has tested countless password managers.

Andrew Cunningham spent years testing, reviewing, and otherwise writing about computers, phones, operating systems, apps, and other gadgets for AnandTech, Ars Technica, and Wirecutter. He has been building, upgrading, and fixing PCs for more than 15 years, and he spent five of those years in IT departments buying and repairing laptops and desktops as well as helping people buy the best hardware and software for their needs.

Passwords are as annoying as they are necessary, and a good password manager can keep you secure while making it easier to juggle the sheer number of passwords you need to be a person on the internet. Using a password manager is one of the most important things you can do to protect yourself online, aside from using multi-factor authentication and keeping your operating system and web browser up to date. If any of your passwords are weak and easy to guess, if you reuse any of your passwords across multiple sites, or if the sites you use are ever hacked and your account is compromised, you risk losing access to your accounts and your data. In fact, if you reuse passwords, chances are good that your password is already out there. You can even check to see if your email address or password has been involved in a data breach.

Online security is for everyone. Our simple and affordable tips will show you how to drastically reduce your risks online.

Password managers generate strong new passwords when you create accounts or change a password. They also store all of your passwords and, if you want, your credit card numbers, addresses, bank accounts, and other information in one place, secured with a single strong master password. All you need to remember is your master password, and your password manager can remember everything else, filling in your username and password for you whenever you log in to a site on your phone or computer. The best part is that once set up, a password manager makes your digital life easier, speeding up the login process and simplifying managing your online accounts. Getting started can be intimidating, but once you’ve done that, it’s a (mostly) painless experience.

Advertisement

For this guide, we’re focusing on the password managers that work best for individuals, rather than those intended for businesses to deploy and manage. To separate the great ones from the merely okay ones, we use the following criteria:

After searching and consulting sites such as CNET, PCMag, Tom’s Guide, and Wired, we assembled a list of about 40 free and paid password managers. We dismissed most of them because they weren’t compatible with all of the operating systems and browsers we wanted or because they didn’t take part in third-party security audits.

In 2024, we tested 11 password managers: 1Password, Bitwarden, Dashlane, Enpass Premium, Keeper, mSecure, NordPass, Proton Pass, RoboForm Premium, Sticky Password, and Zoho Vault. We installed each of these password managers on a Windows PC, a Mac, an iPhone, and an Android phone.

Advertisement

1Password offers attractive and straightforward apps. Newbies will like its plain-language security recommendations and colorful interface, while the technically inclined will appreciate its advanced features and security.

1Password offers the best combination of compatibility, ease of use, features, and price of any paid password manager we’ve tested. It has polished apps that work on just about any computer, tablet, phone, or web browser. We like how easy it is to identify and change weak, reused, or compromised passwords through the Watchtower feature, and we like how 1Password walks you through correcting those problems in clear, easy-to-follow language. The company has good security practices and uses strong encryption to protect passwords. 1Password costs $36 a year for individuals or $60 a year for families of two to five—on the high end of average for paid password managers—though it does offer free accounts for politicians and activists as well as journalists.

1Password is compatible with the most-used operating systems and browsers. Standalone apps for Windows, macOS, iOS, and Android all allow you to view and edit all the items in your vault. 1Password also has browser extensions for Chrome, Firefox, Brave, and Microsoft Edge that handle basic functions like autofilling passwords and creating new ones. If you use Safari on Mac, you need to download the desktop app, which includes the extension for Safari. We recommend downloading the desktop and mobile apps for your operating systems, along with the browser extensions for whatever web browsers you use. 1Password’s desktop apps for Windows and Mac are also far superior to what you get with Bitwarden, which requires the web app for features beyond password generation and search.

It’s easy to set up and use. We know that password managers can seem overwhelming to set up, but we think everyone should use them, not just the technologically savvy. 1Password does the best job of making it easy to incorporate a password manager into your daily habits with a user interface that’s simple to understand even for people who are new to a password manager. You can quickly view and change saved passwords and other information. Your default “vault” stores login information, credit card numbers, and data for autofilling forms. And if sorting items alphabetically or by tag isn’t good enough, you can create any number of vaults to organize your information (if you want to store logins for your personal accounts and work accounts separately, for example). This is especially important for 1Password Families or Business accounts, where you might want to share the contents of one vault with other 1Password users while keeping other vaults private.

All versions of 1Password and Bitwarden support logging in with your face or fingerprint, depending on what biometric authentication options your computer, phone, or tablet offers. We recommend using this feature on iOS and Android especially, where typing in a long master password multiple times a day will cost you time and annoy you. Both apps can replace iOS’s and Android’s built-in password-autofill features and can work in apps as well as on websites.

No password manager has a foolproof introduction that teaches you everything you need to know, but 1Password’s extensive support articles—which usually include large screenshots or video tutorials—make it a solid choice for people new to password managers. It’s easier to learn than most free options, including Bitwarden.

It's affordable for individuals and families. 1Password costs $36 a year for one person or $60 a year for families (regardless of whether your family has as few as two or as many as five people); it’s more expensive than some of our other finalists but about average for an excellent password manager. LastPass Premium costs the same amount for individuals but only $48 for families of up to six. Bitwarden’s free plan and $10-per-year Premium plan allow you to share with one other person for no extra cost, but if you want to share with more people than that, you need to sign up for a family plan for $40 a year. If you decide not to renew your 1Password account, you can still access your passwords, but you can’t create new ones.

When you set up a 1Password family plan, you put your passwords and other information in your shared vault instead of your personal vault to give access to everyone else on your plan. “Family organizers,” a group that includes the 1Password account that created your family’s account plus anyone they designate as a “family organizer,” can recover the accounts of other family members if they forget their master password or secret key, which is useful for helping kids or less technically inclined folks. 1Password recently added support for recovery codes, which can help ensure you don’t get locked out of your account. If you want your account shared after death, storing the Emergency Kit in a shared safe is the only way to do so.

1Password has strong security policies. By default, all of your information is backed up to 1Password’s servers; the data is protected under end-to-end 256-bit AES encryption, which means that no one but you can read it on 1Password’s servers (including 1Password employees) or when the data is in transit between 1Password’s servers and your device.

To protect your accounts, 1Password has users create a “Secret Key” in addition to a password. It’s a bit confusing at first, but 1Password says it allows the company to better secure your data and ensure attackers can’t steal the means to decrypt your vault from 1Password. (For details, you can read more about 1Password’s security model.) Annoyingly, you do have to enter the Secret Key each time you log in on a new device, but 1Password now allows you to scan a QR code on a device where you’re already logged in. You’ll still need to enter your password, however.

1Password is also transparent about addressing potential security issues. This summer, the company outlined how it dealt with a potential vulnerability brought to light by a researcher. This is how we want companies to behave when confronted with security issues.

Everyone should use a password manager. Our expert walks you through how to set up and take advantage of the features in our favorite, 1Password.

1Password has comprehensive features that improve your online security. 1Password’s Watchtower feature—which is both a dedicated section of the app and a collective name for all the ways in which 1Password tries to protect your logins—identifies weak and reused passwords, passwords for websites that don’t use the secure HTTPS protocol, passwords for sites that have been hacked, passwords that are about to expire, and accounts for which two-factor authentication is available but has not been enabled. 1Password told us that Watchtower can also highlight sites in your vault that now offer passkey authentication. In all cases, the app offers straightforward directions for solving the problem. Bitwarden has a similar feature, called Vault Health Reports, that’s available only for paid subscribers.

Other handy 1Password features include 1 GB of secure online storage for sensitive files, such as scans of sensitive documents, and Travel Mode, which allows you to temporarily remove selected vaults from your device if you’re worried about your device being searched or stolen while you’re traveling. 1Password integrates with Privacy, a service for creating one-time-use credit cards, which is convenient when you’re shopping online at sites you’re not confident in or testing out subscription services you don’t want to auto-renew. It also allows you to securely share anything in your vault, including documents, even if the recipient doesn’t use 1Password. Recently, 1Password added the ability to store passkeys. Version 8 of 1Password added the ability to autofill passwords in desktop apps on both Windows and Mac. We were impressed with how seamless password creation and updating were in Safari on macOS.

It’s the least awkward, but it’s still quirky. In our latest round of testing, 1Password sometimes struggled to recognize password fields on Android. No password manager we tested was free of these types of little peculiarities, though, and 1Password was less glitchy than most.

The quirks of 1Password start the second you prepare to install it. You can install just the browser extensions and get most of the basic features that people usually need, or you can also install the desktop apps and get advanced features for organization and benefits like Face ID or Windows Hello support. Or you can install both the extension and the desktop app, which is what we typically recommend, even though it can sometimes be difficult to know which one to use and when. Note that the 1Password app in the Mac App Store called 1Password 7 is quite old; if you want the latest version, you’ll have to download it directly from the developer’s website.

On iPhone and iPad, 1Password offers two methods to access your passwords, either through the Safari extension or the autofill menu. The Safari extension lets you interact with 1Password through the same small icon placed on the login field as it does on desktop, which is a little difficult to navigate on the smaller screen of an iPhone. Enabling both isn’t necessary and just adds confusion, so we recommend sticking with autofill. The same goes for Bitwarden, or any other third-party password manager you use.

Its security features can sometimes cause headaches. 1Password’s unusual Secret Key system is sure to confuse some people who are used to just needing a username and password. We think that the new QR setup code experience will help people setting up new devices, however. We also found that 1Password frequently locked itself and re-prompted us for authentication. It’s good security for a password manager to lock itself periodically, but we know that most people don’t want to use something that they find more irritating than helpful. You can easily change this behavior in 1Password’s settings, or you can enable biometric authentication to log in faster.

There’s no free version. 1Password’s features are worth paying for, but Bitwarden shows that it’s possible to offer a free password manager that leaves off a few features without feeling too restrictive. That said, we’ve concluded that 1Password more than justifies its expense.

The free version of Bitwarden covers all the basics of a good password manager and doesn’t cost anything. But features like advanced security reports and encrypted file storage cost extra.

If you don’t want to pay for a password manager, if the added features in 1Password aren’t appealing to you, or if you’d like to self-host your password manager, use Bitwarden. The free version of Bitwarden is missing a few features in comparison with 1Password, such as comprehensive password checkups, security-key support, and 1 GB of encrypted storage. But it has all the important features of a password manager: You can sync with as many devices as you want and store unlimited passwords, and the free account allows you to share password collections with one other person. And Bitwarden has the same wide-ranging compatibility as 1Password, so you can use it with just about any device. Bitwarden’s security protocol is similar to 1Password’s, so even if Bitwarden’s servers are compromised, your passwords are safe. Bitwarden now undergoes annual third-party security audits, similar to the repeated security audits 1Password does. If you’ve never used a password manager before, Bitwarden doesn’t teach you the basics as well as 1Password does, but its documentation is thorough and easy to search.

It’s widely supported across platforms. Bitwarden supports the same operating systems and browsers as 1Password does, including Windows , macOS , iOS, and Android. Bitwarden, like 1Password, supports logging in with your face or fingerprint, whichever method your device supports. It offers browser extensions for Chrome, Edge, Firefox, and several other browsers. Like 1Password, Bitwarden packs its Safari extension into the desktop app. You can also self-host Bitwarden, in which case it’ll never upload your password to the company’s servers, but setting that up is a complicated process.

It has clean, usable apps and extensions. Functionally, the Bitwarden extensions and desktop apps do the minimum we ask of a password manager: They store and generate passwords. They’re not as polished as 1Password’s apps, they don’t alert you about weak passwords when you log in (you can click an icon in the extension to check when you visit a login page, though), and they don’t support Bitwarden’s premium password-audit features (you need to use the web app for those). On top of that, free accounts don’t get any password reports aside from a data-breach report, which checks Have I Been Pwned? for your email address. To scan your accounts for breaches, reused passwords, exposed passwords, and unsecured websites, you need to visit the Bitwarden website and have a $10-per-year premium account.

By contrast, 1Password’s audit notes and suggestions are visible throughout its apps and don’t require you to visit the website. On free accounts, Bitwarden Send, a feature that lets you share encrypted files, is limited to text sharing, but on premium accounts you can share other files, as well. Both the free and premium versions of Bitwarden include built-in support for multiple email alias services, including our favorite, SimpleLogin and Fastmail. This integration allows you to create an email alias and password when creating new accounts, a feature that’s limited to Fastmail accounts in 1Password. Like 1Password, Bitwarden can also store passkeys.

It gives you pretty much everything you need from a password manager. The biggest features you’re likely to miss in the free version are password audits, the option to grant emergency access to a person you choose, the ability to send files securely, priority tech support, and the 1 GB of secure storage. If you’re new to password managers and you want to try Bitwarden, the service is worth the $10 for at least one year so you can improve any weak passwords you have right now. Unlike most free password managers, Bitwarden allows you to share a collection of passwords with one other Bitwarden user for free; you have to pay if you need to share with more people. This feature is handy if you want to share certain logins with a partner or roommate, for example, whether that’s for banking access or just your video-streaming account.

It doesn’t restrict the number of devices you can use or passwords you can store like other free password managers do. According to Bitwarden’s privacy policy, the company doesn’t sell or share any personal information for commercial purposes, (Bitwarden does gather some anonymized usage data, but it’s nothing we’re concerned about), though the free version does show you an ad for the premium account.

It has unique onboarding and support options. Bitwarden’s documentation has improved over the years, even introducing video tutorials, but 1Password still does a more comprehensive job of onboarding people who have never used a password manager before. Bitwarden does offer some tools that 1Password doesn’t, including occasional training events that walk you through the setup process and features. If you can’t attend, you can replay the event video. We think 1Password is easier to get the hang of using if you’ve never used a password manager before, but Bitwarden isn’t far behind.

Advertisement

The main benefit of using a password manager is that you need to remember only one password, instead of dozens, to access all of your accounts. But the one password you do need to keep track of—your master password—must be a good one.

The Cybersecurity and Infrastructure Security Agency recommends that passwords be at least 16 characters long or comprise five to seven individual words. 1Password suggests making a long but memorable password, perhaps composed of multiple random words with dashes, periods, or some other easy-to-remember punctuation in between. The password generators from 1Password and Bitwarden offer a handy way to make one of these passwords regardless of the software you use.

The argument for creating a memorable but unique password is that you can memorize it yourself without making it easy for others to guess; you should try to memorize your master password if at all possible. But in case of emergencies, you should also write it down on a physical piece of paper and put it somewhere safe—storing it digitally, especially using a cloud service like Dropbox, Google Drive, iCloud, or OneDrive, risks exposing it to hackers, which would defeat the purpose. 1Password even gives you a handy Emergency Kit printout on which you can write your account information, your secret key, and your password, along with a QR code you can scan when you set up 1Password on a new phone, tablet, or computer.

Of course, your master password shouldn’t be the only thing protecting your account. You should also protect your password manager by using two-factor authentication. An app such as Duo or a security key can secure your account further. When you log in, you’re asked to supply both your password and the second factor—either a code from an authentication app or a physical security key—before you can log in on a new device. This means that if someone gets your master password, they still won’t be able to log in to your account without the second factor. This extra step might sound like a pain, but it’s necessary only when you sign in from somewhere new—such as a new browser, laptop, or phone—so it doesn’t cause friction daily.

Most web browsers offer to save your passwords for you, and some—including newer versions of Chrome, Firefox, and Safari— offer to generate new ones for you, just like a password manager. They can even alert you to password reuse and breaches.

Using your browser’s password storage is far better than doing nothing; most major browsers support some kind of syncing across devices, offer encryption and two-factor authentication for password data, and can fill in other forms for you. But using a standalone password manager has one primary benefit: It can work across multiple operating systems and browsers depending on what you prefer. Interoperability is improving (you can now save a password in Chrome and access it in Safari on mobile, for example), but browser-based password managers still sometimes work only in that browser, and if they do offer support across platforms, that feature tends to be awkward to use. But those restrictions can be a strength, too: Built-in password managers are often easier to use for newcomers, and since they’re integrated at a system or browser level, they are less clunky and require less setup than standalone software.

Good standalone password managers also include features not often found in browser-based password managers, such as mechanisms for easily sharing passwords with family members and friends when many people need to log in to a single site. And because the password managers we recommend include standalone apps as well as browser extensions, you can easily use a password manager to store other data, such as software product keys, addresses, bank account numbers, and credit card numbers (some browsers also offer to store these things for you; others don’t).

If you have been using your browser’s built-in mechanism for saving passwords and want to move on to a standalone password manager, both 1Password and Bitwarden can import saved passwords so you don’t need to start from scratch.

Advertisement

You’ve long been able to use Apple’s Keychain to generate and manage passwords on your iPhone and Mac, but it was never easy to use and most people likely didn’t even know it was there. That’s changing in iOS 18 and macOS Sequoia with the new Passwords app.

Passwords has the polish and deep integration we’d expect from Apple. Your logins will automatically sync between all your Apple devices, and to Windows PCs with the iCloud for Windows app. (There’s no way to use Passwords on Android.) Passwords lets you easily group passwords together and share them with specific people—provided they’re using a new enough version of iOS or macOS.

Passwords handles passkeys in an interesting way. Passwords can store passkeys you create like any other password manager, but Apple says that the Passwords app will detect when a site enables passkeys and can “upgrade” your account to use this more secure password alternative. That’s great for security and ease of use, but it requires the people running the website to enable this feature, so even if passkeys are available you might not be automatically upgraded. This feature also isn’t unique to Apple. Yubico Vice President Derek Hanson, who oversees standards and alliances, explained that automatic upgrades are a soon-to-be released feature of the WebAuthn standard that powers passkeys and Apple is the first to implement it. It’s likely we’ll see other password managers adding similar features in the future.

The Passwords app is not without its quirks, however. If you want to change how your device autofills passwords or other behaviors, you’ll have to find the AutoFill & Passwords section in the Settings app. When you create a new login, Passwords generates and saves a new password, but you’ll have to go back into the app and add more information to turn it into a proper entry. Other password managers handle this more smoothly. We also found the instructions for adding new authenticator codes from a QR code were not clear (our advice: take a screenshot and long-press on the resulting image of the QR code in iOS; click and hold on the QR code in macOS).

Our picks are better. We can’t recommend the Passwords app above 1Password or Bitwarden, but that doesn’t mean it’s a bad password manager. If you’re all in on Apple devices and aren’t interested in getting yet another app, Passwords is perfectly fine. It’s also an easy way to start securing your online life with stronger passwords and passkeys. If you find yourself needing something more powerful, our picks will be there.

Protecting all of your passwords with a strong master password is convenient, but what happens if your password manager’s servers are compromised and your data is stolen?

Both 1Password and Bitwarden are transparent about their security models and what they’re doing to keep your data safe even in the event of a hack. Both use 256-bit AES encryption to make your data unreadable to anyone without your master password, whether your data is stored on your personal phone or computer, stored on 1Password’s or Bitwarden’s servers, or in transit between your devices and the servers. Both also claim to have a “zero-knowledge” security model, where no one working for 1Password or Bitwarden can ever see your master password, so no employee (and no one who has broken into their systems) could decrypt your data and see it even if they had access to it. 1Password routinely subjects itself to third-party security audits to make sure that its systems are secure and that it follows security best practices. Bitwarden does security audits every year, completing its most recent audit in 2023. Both 1Password and Bitwarden also interact with security researchers through public bug-bounty programs.

Using a password manager that stores data in the cloud comes with some inherent risk, but we think 1Password and Bitwarden manage it well. If you absolutely must keep your passwords stored locally, KeePassXC may be a good fit.

The privacy policies of 1Password and Bitwarden lay out what information the companies gather and in what circumstances third parties might be involved. We didn’t see anything that gave cause for concern. Both companies told us directly, and state in their documentation, that they will not sell or share customer data for commercial purposes.

1Password and Bitwarden both support generating multi-factor authentication codes for your logins—storing what’s called TOTP codes just like a standalone authentication app would—but we do not recommend using this feature in your password manager. Although the feature provides some convenience by autofilling the code for you, the result is that if an intruder gains access to your password manager, they can also get into all your accounts. You should enable multi-factor authentication for the password manager itself, so you might as well use that same authenticator app (or security key) for the rest of your authentication needs.

Advertisement

LastPass Free was once an easy recommendation, but in December 2022, LastPass announced a data breach that exposed encrypted password vaults along with personal details, including names, email addresses, IP addresses, phone numbers, and some billing information. Account passwords weren’t exposed, but hackers can theoretically access password vaults by guessing master passwords. If a master password is weak, that exposure could happen quickly. The breach was so bad that security experts recommended that anyone who uses LastPass change all their passwords and consider moving to another password manager. In February 2023, the company revealed that an attacker had also gained access to a LastPass employee’s home computer, snagging the employee’s password for a corporate vault in the process. This doesn’t affect the already bad state of customer accounts, but it does make the company look even worse. Since then, the company has changed some policies to improve the security of vault data.

Dashlane Premium is as polished as 1Password and also has a free version, but that version is limited to one device, and most people have multiple devices. At $60 a year, Dashlane’s most popular plan is expensive; the $90-a-year family plan that covers up to 10 people is a better deal, but that’s still $30 more annually than 1Password’s family plan.

Proton offers a password manager called Proton Pass alongside its family of privacy-focused products that also includes email, online storage, and the best free VPN we’ve tested. The service has improved greatly with expanded support for desktop apps as well as browsers, email aliases, form-filling personal details, and a reduced price. Proton Pass has a surprisingly feature-rich free plan, but still lacks the advanced tools of our top picks and doesn’t offer an affordable family plan.

Keeper and NordPass have many of the same paid features as 1Password does, but we found both apps less intuitive to use than 1Password. The pricing plans of both are confusing, relying on annual discounts or doling out specific features piecemeal. Zoho Vault is especially intriguing because it’s completely free for one person, but we found it was overly complicated and clearly intended for enterprise use. And although we found Enpass Premium too complex for most people, it’s an intriguing option for anyone who wants to keep control of their password manager data.

We dismissed most other password managers for lacking one or more features, such as not participating in third-party security audits or not supporting one or more of our desired operating systems. That list includes Ascendo DataVault Password Manager, Avira Password Manager Pro, Bitdefender Password Manager, eWallet, F-Secure ID Protection, LogMeOnce, McAfee True Key, mSecure, Norton Password Manager, oneSafe, Password Boss, Password Safe, RoboForm Premium, SaferPass Premium, SplashID Pro, and Sticky Password.

This article was edited by Caitlin McGarry.

Additional reporting for this guide was contributed by former Wirecutter editor Thorin Klosowski.

1Password and Bitwarden both support storing two-factor authentication codes, but we don’t recommend using that feature. If a snoop or intruder does somehow access your password manager, they would then also get into all the accounts with two-factor authentication enabled. You should enable two-factor authentication to protect your password manager account anyway, so you might as well use that same 2FA app (or key) for the rest of your authentication needs. (Note that Bitwarden now offers a stand alone 2FA app.)

Usually, yes. Both 1Password and Bitwarden Premium accounts support security keys as a second factor for login.

Yes. Suggested passwords are randomly generated, so it’s very unlikely that someone could guess them. Both of our picks allow you to set up different rules for password creation—such as what sorts of characters to include or whether to use real words—but the default settings are secure enough for most people. However, if one of your suggested passwords is swept up in a data breach, you should still change it.

That’s true only if you unlock your password manager and then walk away from your computer. Password managers are generally designed to “lock” after a period of inactivity, requiring your master password before they’ll work again.

You can also avoid the problem by locking your computer whenever you walk away from it. You can do so by putting your computer to sleep, or by pressing the Windows+L (on Windows) or Control+Shift+Power (on MacBooks) keyboard shortcut.

Yes. 1Password and Bitwarden both have web apps that you can log in to from anywhere—they don’t support the same convenient autofill capabilities as the browser extensions, but they do provide easy access to your passwords and any other information you have stored. Remember to log out of them when you’re done using the public computer.

Yes. Most password managers with iOS and Android apps can autofill usernames and passwords both on websites and in apps, replacing (or augmenting) the built-in autofill features in those operating systems. You can find directions for setting this up in 1Password on iOS and Android, as well as directions for Bitwarden on iOS and Android.

A good password manager is designed so that a person who doesn’t know your master password will never be able to get into your account and access your data—and that includes yourself. Make sure to write down your master password (and we mean actually write it down, with pen and paper) and store it somewhere safe to prevent this from happening.

If you have forgotten your master password, your options depend on which password manager you’re using. In Bitwarden, you need to delete your entire account and start again from scratch. 1Password gives you a couple of other options, including resetting your master password from another family member’s account or using a recovery code. Both of these options need to be set up before you have an emergency, so take the time to do that. If you do need to start from scratch, the process is annoying and time-consuming, but it isn’t the end of the world—you’ll need to reset every password on every site you use, but once you’ve done that, you’ll be back where you started.

A 1Password family plan allows family members to share different vaults, so you can share some logins (for paying bills or managing finances, for example) but not others (for personal email or sites you use for work, say). Bitwarden offers the same features for less money, though it’s less user-friendly; you need to set up an “organization” to create and share password vaults. A two-person organization is free, while larger organizations cost $3 per month per person.

Passkeys are a new secure authentication technology, endorsed by Apple, Google, and Microsoft, that is designed to replace passwords. That might lead you to think the days of password managers are numbered, but that isn’t the case. For one thing, passkeys are very new and still aren’t widely supported. For another, you need a place to store your passkeys, and several password managers—including 1Password and Bitwarden—now let you do just that. You can even log in to a Bitwarden account with a passkey, and the same feature is currently available in beta on 1Password.

Sarah Brown, What if 1Password gets hacked?, 1Password Blog, April 8, 2020

Kyle Spearrin, Bitwarden Upholds High Security Standards with Annual Third-Party Audits, The Bitwarden Blog, February 28, 2023

Bitwarden Security Paper (PDF), Bitwarden, October 2020

1Password Security Design (PDF), 1Password, October 25, 2023

Max Eddy

Max Eddy is a senior staff writer at Wirecutter specializing in security and privacy. He was previously lead security analyst at PC Magazine.

by Ivy Liscomb

From password managers to backup software, here are the apps and services everyone needs to protect themselves from security breaches and data loss.

by Max Eddy

A physical security key helps you protect your online accounts, and Yubico still makes the best one.

by James Austin

1Password remembers all of your online logins so that you don’t have to.

by Thorin Klosowski

Everyone should use a password manager. Our expert walks you through how to set up and take advantage of the features in our favorite, 1Password.

Advertisement