Passwords are a terrible system. Lots of people use the same old insecure passwords for every account—and yet, they still manage to forget them all the time. Really, the only good passwords are the ones that are so long and complex you can barely type them accurately, let alone remember them. And that’s why you need a password manager.
As a tech journalist, I’ve been covering password security for more than a decade. I even wrote my dissertation for my BSc. in Psychology on the underlying reasons people can’t recognize secure passwords. I’ve advocated for password managers at every opportunity I’ve had, and even convinced some of my family members to start using them. It’s safe to say, this is a category that I care a bit too much about.
So I spent a few extra days testing every viable password manager on the market, and here are the five best.
The best password managers
Why is password security important?
Ok, everyone gets that good passwords protect your account, but from what? Well, data breaches are way more common than you’d think. Just last year, Jaguar Land Rover, more than 20 airports across Europe, SalesLoft, and dozens of other companies collectively lost billions of data records, including plenty of information that can be used to commit fraud or identity theft.
Breachsense tracks data breaches. As I write this in the middle of the month, there have already been hundreds of data breaches around the world this month.
While some of these cyber attacks are hacks that exploit technological vulnerabilities or denial of service attacks, frequently they’re attacks that target people and their passwords.
Verizon’s annual Data Breach Investigation Report found that 60% of incidents involved some kind of human element, whether it was falling for a phishing email, using a weak password, reusing a password that had previously been compromised, or otherwise making a password security error.
And that’s just on the enterprise side of things. If you use a bad password with your email account, online investment account, or other important service, it isn’t your employer’s money or data that can get stolen—it’s yours.
According to a Dashlane report from a few years ago, somewhere around 1 in 7 of the passwords saved in Dashlane has been exposed in a data breach—and something like half of all passwords are reused. Those are the statistics for people who actively use a password manager—what do you think they’re like for regular people? And given the number of data breaches since 2024, the stats are likely to be even worse. It’s hard to overstate how bad the password situation is right now. Thankfully, passkeys, which we’ll look at in more detail later, fix some issues. They haven’t been adopted as quickly as I’d like and they don’t replace passwords entirely, but we are starting to see them more widely available.
Honestly, I suspect that the reason most people aren’t constantly being hacked and losing access to their accounts is that ransomware groups and other bad actors are too busy targeting enterprises with weak security to focus on the little guys. But just because no one has yet bothered to steal all your digital information, doesn’t mean you should hang out a sign saying “hack me” and use a bad password. Instead, you should use a strong password and good password security so that all your information stays safe, even if someone decides to try to steal it.
I’d also be very concerned about how AI can change this. Bad actors are already using LLMs, and these kinds of powerful AI models plus automation advances can really change the cost calculus of who to target.
(For what it’s worth, as a mildly public writer, I experience people trying to break into my social media and email accounts at least a few times a month.)
Why you need a password manager
If you can’t trust yourself to think up and then remember a long, complex, and unique password for every site you use—and you can’t—then you need a password manager. It’s the only reliable way to have a strong, unique password for every single online account you have. And if you’re anything like me, that’s a lot of passwords. Recent data suggests that the average person has around 250 accounts that require a password in their personal and professional life. (While people willing to use a password manager probably have more accounts than average, even people who are barely online still have dozens of accounts.)
Password managers fix a lot of the problems with passwords for you. All you have to do is remember a single secure master password, and it takes care of the rest:
It automatically creates strong and unique passwords that are more secure than the “clever” algorithms the human brain comes up with.
It fills your passwords in automatically when you go to log in to your online accounts.
It sends you data breach notifications, telling you to change your passwords if they’ve been compromised.
It detects weak passwords and offers suggestions for how to make them stronger.
It alerts you if you have reused passwords across your various accounts.
It gives you access to other security features like two-factor authentication, without having to worry about downloading extra apps or having your cell phone nearby.
In terms of online security, password managers can be legitimately life-changing.
How do password managers work?
Password managers all work in more or less the same way:
They create an encrypted file (or vault), where they store all of your usernames, passwords, and other details.
Every time you sign up for a new account, they create a strong, unique password for it.
They automatically (or almost automatically) fill in your passwords whenever there’s a login box on a website that you have a password stored for.
In order to access all this, they have you use one master password (or a passkey).
There are two different kinds of password manager, though.
A password manager with cloud storage means that all your data is stored in the cloud. The benefit here, of course, is that it can work across all your devices, so you can use the same system on your computer as you do on your phone or tablet (and you can even access your passwords on someone else’s device). As long as other security concerns are addressed, it’s the best option for most people—so all the apps on this list use cloud storage.
A password manager with a local file means that the vault is stored on your device. Some of them let you sync it through a cloud storage app, but it’s up to you. In theory, only storing your passwords locally makes them more secure as hackers would need access to your device to get them. However, the extra management required isn’t worth it for most users—especially if you’re tempted to reuse a password or create an insecure one because your vault isn’t on your smartphone.
Password best practices
The best password manager will do most of the heavy lifting for you when it comes to password best practices, but it’s still worth keeping a few things in mind for the times when you do create your own passwords, like when you’re coming up with your master password:
Use complex passwords. For any site where you’re still using your middle name (or the word
password), go into your password manager and have it come up with a new one for you.Use long passwords. Make your passwords as long as the site will allow. Ideally, that’s at least 16 characters, but some websites have odd password rules that you’ll have to follow. If you can use 64 characters, go for it.
Use different passwords for every account. Unique is what you’re after. Remember, if a password is leaked, it’s leaked for every account you use it on, not just the account that was breached.
Use all sorts of characters (not just letters). Add numbers and symbols into your passwords. If, for some reason, a site won’t let you do that, it’s still better to use a random string of letters (created by your password manager) than to come up with your own.
Use lots of words. Longer passwords are more secure than shorter ones, and one of the easiest ways to make them longer is to use real words. The key here is that your password really has to be long. The best way to come up with a good master password is to combine three or four words with a few numbers and special symbols to make something that’s at least 20 characters long. Of course, a password manager can give you 20 characters of gibberish, which is even better, but words aren’t something to avoid.
Don’t use personal information. Your middle name, your dog’s name, your birthday—leave those out of your passwords.
Add multi-factor authentication to the process. Whether it’s getting texted a code or using an authenticator app, two-factor authentication can help you double down on your security.
And, of course, use a password manager—which takes care of all of that for you.
What makes the best password manager?
There are dozens of password managers available. For this article, I considered almost 40 of them, and—to be blunt—a lot of them are bad. Either their security is lacking (or can’t be verified), they’re only available on a limited number of platforms, or they’re just plain awful to use.
But because there are so many apps to choose from, we don’t have to settle for bad—or even mediocre. I was able to set a really high bar and only include the apps that cleared it. To make this list, apps had to:
Be available on different platforms. Your passwords should be accessible to you everywhere, not confined to one device. The best password manager needs to work with at least one desktop and one mobile platform, and preferably everywhere. This ruled out password managers that rely on local storage, but as I explained above, I think the convenience of cloud storage is worth it for most people as it means using secure passwords is easy.
Generate secure passwords and 2FA codes—and auto-fill them. In other words, the apps had to be complete password managers that handled everything, not glorified spreadsheets. Once you enter your master password (or use a biometric unlock), you should be automatically logged in to your accounts with, at most, a click or a keyboard shortcut. Also, the apps had to make creating and saving new accounts simple and as automatic as possible.
Support additional security features, like security audits, data breach notifications, and passkeys. The best password manager not only makes it so you can use secure passwords, but it also continuously protects you. This means apps that let you know if you’re using a weak—or hacked—password, help you update and change bad passwords, and otherwise make securing your online life easier. Passkeys are now widely available enough that support is mandatory for inclusion on this list.
Be transparent about how passwords are encrypted and secured (and, ideally, third-party audited). Security by obscurity doesn’t work. Instead, the best password managers are very clear about what technologies they use to keep data safe. Some are open source, some are audited by third-party security companies, and some are just incredibly clear about how they work. But I’m confident that all these picks offer incredible security—and will continue to do so.
Nice to use, reliable, and just plain good. Logging in to accounts is something you do every day, so you’ll be forced to interact with your password manager a lot. If it’s annoying to use, poorly designed, or just bad, it’s going to get annoying fast. I have a really low threshold when it comes to bad app experiences, so the highest praise I can offer these picks is that I would happily use any one of them on a daily basis—there are very few apps I’ll say that about.
Of course, all of my picks also offer lots of other features, from credit card auto-filling and secure notes to sharing passwords with family and private document storage. These are all fully-featured apps. The criteria above were the minimum requirements to make this list, not an exhaustive list of features.
Each secure password manager on this list has both personal plans for regular users and business or enterprise plans for companies. I focused on the personal plans, but I’m confident that the business plans will offer the same level of ease of use and security if you’re looking for the best password manager for your business. (For example, plenty of large businesses use 1Password for their teams.)
How I tested the password managers
How we evaluate and test apps
Our best apps roundups are written by humans who’ve spent much of their careers using, testing, and writing about software. Unless explicitly stated, we spend dozens of hours researching and testing apps, using each app as it’s intended to be used and evaluating it against the criteria we set for the category. We’re never paid for placement in our articles from any app or for links to any site—we value the trust readers put in us to offer authentic evaluations of the categories and apps we review. For more details on our process, read the full rundown of how we select apps to feature on the Zapier blog.
I’ve been using and testing password management apps for more than 15 years. For this article, I started by making a list of all the apps that could possibly be considered fully-featured password managers and then checked to see if they met my minimum criteria listed above. Many apps failed out at this stage for any number of reasons, the most common being a lack of transparency about their security processes.
Of the 10 or so apps that made the initial cut, over the course of several days, I tried each one on at least two devices and used them to generate passwords, log in to my accounts, and generally just manage my passwords. I’ve been updating this list for five years now, so have put quite a lot of time into all the different options. Of the almost 40 apps I started with, there were only five I felt were worthy of inclusion on this list. Here they are.
The best password managers at a glance
Best for | Standout feature | Pricing | |
|---|---|---|---|
Most people | Easy to use across devices | $48/year for Personal account; $72/year for Families | |
A free password manager | Generous free plan with no big caveats | Free for important features; $20/year for Premium Account | |
A full internet security suite | Additional security features like encrypted email | Free for most features; from $36/year for Plus | |
A full internet security tool that’s been around a while | Additional security features like VPN | Free for a single device with up to 25 passwords; from $60/year for Premium | |
Apple users | Seamless integration with Apple devices | Free with an Apple ID; Cloud+ plans starting at $0.99/month |
Best password manager for most people
1Password
1Password pros:
1Password cons:
1Password is one of the biggest names in password management, and I’d say it’s the best option for most people prepared to pay for a password manager. It’s easy to use, incredibly secure, and widely available, with all your passwords syncing across all your devices.
Although 1Password started out as a Mac exclusive almost 20 years ago, it’s now available for Windows, macOS, Android, iOS, Linux, pretty much every browser, and even as a command line interface. That Mac app polish still shows, though, at least most of the time. It’s overall just a nice, modern app to use—no matter what your platform of choice is.
1Password is based around the idea of “vaults.” Each vault contains your passwords, credit card details, crypto wallets, API keys, and other auto-fill information like addresses, as well as up to 1GB of secure notes and documents. You can set up individual vaults for your personal and professional lives (I have one just for all the logins I create while writing these kinds of Zapier articles, for example), and if you’re on a Families or Team plan, securely share them with other people.
Where 1Password stands out most is how easy it is to use. Password managers have long been built by nerds, for nerds. Unfortunately, with the way online security is going, everyone needs to be able to use secure passwords—not just the most technical-minded. 1Password nails the basics and guides you through every step of setting up secure passwords.
Take Watchtower. It’s the section of 1Password that assesses your ongoing password security. It tells you if any of your passwords are compromised in a hack, are weak, or are duplicates. It also tells you if there are any sites with two-factor authentication that you haven’t enabled yet. All this info is presented clearly without any overdramatic warnings, so you can do something about it. 1Password is incredibly transparent about its security and has shifted to fully supporting passkeys.
The biggest downside to 1Password is that there’s no free option (unless you’re a journalist or politician): it costs $48 per year for one account or $72 per year for up to five family accounts as long as you pay in advance. I’d say online security is worth the fee, but it’s understandable that not everyone agrees.
1Password pricing: From $4.99/month for a Personal account (or $48/year); $7.99/month for Families with up to 5 accounts.
If you’re looking for a 1Password alternative, NordPass, RoboForm, and Keeper are also solid choices. I just didn’t find them as nice to use, as fully featured, or as good a value—but if you like them, they all check the security box.
Best free password manager
Bitwarden
Bitwarden pros:
Bitwarden cons:
Bitwarden is the best free password manager. It’s the only app I tested that offered almost everything I wanted in a password manager as part of a free plan with no big caveats. It’s a little less polished than 1Password, but it’s no less effective at keeping your online accounts safe. Passkey support is also included on the free plan.
Bitwarden is open source (so its security credentials are easy to verify) and available for Windows, macOS, iOS, Android, the command line, and Linux. Its browser support is even better: there are extensions for Google Chrome, Safari, Firefox, Microsoft Edge, Opera, Vivaldi, Brave, DuckDuckGo, and even Tor Browser.
Bitwarden isn’t as nice to use as 1Password, but that seems like a pretty fair trade-off given how secure and usable it is. A pixel-perfect interface is a bonus when it comes to password managers, but keeping your passwords safe and making it simple to use secure passwords are non-negotiables.
In addition to offering a great free plan, Bitwarden’s $20 per year Premium Account is well worth a look. It adds features like Vault Health Reports (which let you know about weak or leaked passwords), 5GB of encrypted file storage, and more advanced two-factor authentication options—and it allows you to generate two-factor codes to log in to your other accounts.
Bitwarden pricing: Free for all important features; Premium Account at $19.80/year for password health reports, encrypted file storage, and a few other nice-to-have features.
Best password manager with full internet security features
Proton Pass
Proton Pass pros:
Proton Pass cons:
While it’s the new kid on the block when it comes to password managers, Proton is a well respected security company based out of Switzerland—which has some of the strictest data security laws in the world. It has an encrypted mail service, an encrypted cloud storage and document service, a VPN, and as of a few years ago, a password manager.
And really, that’s the pitch here. Proton has always been serious about security, so it’s no surprise that Proton Pass is open source and uses 256-bit AES encryption. Not only is it as secure as any of the best password managers, but anyone with the code chops can dig in and confirm it.
And then there’s the ecosystem. Proton Pass works with your Proton Mail account so you can generate hidden emails for logins. There’s secure document storage and the VPN. There’s dark web monitoring, passkey support, and apps for every major system and browser. If you want to go all in on security, it’s a great way to do it.
What are the downsides? Well, Proton Pass is the newest password manager on the list. In theory, there could be some undiscovered bugs and vulnerabilities that someone would have already found in an older password manager. I don’t think that’s an especially valid concern at this point, but it’s a good security rule to be conscious of.
Secondly, the full Proton package is pricey. There’s a surprisingly solid free plan with sync across all your devices that only lacks a few key features like 2FA integration and item history. After that, Pass Plus is $4.99/month or $36/year and includes 10GB of storage and custom email domains. But it’s the Proton Unlimited plan at $12.99/month (or $120/year) that actually makes the most sense to me. It includes all the premium mail features, 500GB of secure storage, a VPN, and all of Proton Pass’s features. It’s the complete security service.
Proton Pass pricing: Free plan; from $4.99/month for Proton Pass Plus. All features available on the Proton Unlimited plan at $12.99/month.
Best password manager with full internet security features that has been around a while
Dashlane
Dashlane pros:
A few more security features than most password managers, including a VPN
Very clear Password Health score
Dashlane cons:
Dashlane is as good and easy to use as 1Password and Bitwarden, but it has a few extra security features that aren’t necessary for most people—though they’re certainly nice to have if you don’t mind paying its higher subscription fee. ProtonPass packs a few more in, but if you don’t want to swap your email account around, Dashlane is pretty compelling too. (Especially since it’s been around for a few years longer. Longevity goes a long way when it comes to security.)
Dashlane is available for iOS and Android, and the Safari extension comes bundled with a macOS app. The other desktop apps were discontinued a few years back, so access on Windows and Linux is through the fully-featured web app and Google Chrome, Microsoft Edge, Brave, and Firefox browser extensions.
I especially liked Dashlane’s Password Health score. While it doesn’t do anything different than 1Password’s Watchtower, the way it presents the overall quality of your passwords as a percentage is incredibly clear. There’s the added motivation to improve the score, which you can do by updating your passwords to better, more secure options. Dashlane also automatically monitors the Dark Web for your various email addresses to let you know if any of your personal information has been compromised in a hacked database. (Mine was from nine separate hacks.)
While Dashlane is a powerful, secure, and super easy-to-use password manager that may or may not warrant its $60/year price tag to you, it’s important to note that it also includes a VPN service, so you can browse a bit more privately or access region-locked content while you travel. If you otherwise pay for a VPN, Dashlane could be a good deal instead of paying for both 1Password and your VPN of choice. For example, I pay €5/month (~$5.50) for Mullvad VPN, but I get 1Password for free as a journalist. If I paid for both, it would cost me around $120/year. (With that said, Mullvad is an expensive VPN with a lot more privacy protection than Dashlane’s VPN partner, Hotspot Shield, so it’s not a straight-up comparison.)
Dashlane pricing: From $60/year for Premium that includes a VPN.
Best password manager for Apple products
Apple Passwords (formerly iCloud Keychain)
Apple Passwords pros:
Built into all Apple products, and works seamlessly across devices
Works in the background, but also has nice extra features
iCloud Keychain cons:
Apple Passwords has been a native Mac and iOS password management app for a couple of years, though some of its quirks are still there. To make things confusing, the password syncing feature is still called iCloud Keychain, but you can now manage everything through the Passwords app rather than a Settings pane. There’s even the option of a menu bar app.
iCloud Keychain/Passwords comes built into Macs, iPhones, and iPads—it’s really just a part of the operating system and a way to sync your passwords and credit card details between all your Apple devices in a suitably seamlessly Apple-like way. It’s also available on Windows through the iCloud for Windows app, which allows you to use the iCloud Passwords browser extension for Google Chrome and Microsoft Edge. Thankfully, the popular combo of using Google Chrome with a Mac is supported through that same browser extension, though the user experience isn’t quite as smooth as it is with Safari.
The best thing about Apple Passwords is that you barely notice you’re using it (at least if you’re a typical Apple user with an iPhone and Mac who uses Safari). When you go to log in to any website (or app that supports it), you’ll be prompted to use FaceID or TouchID—and then just be logged in. When you create a new account, a secure password will be automatically generated and saved. If you pay for iCloud+ (which is what Apple now calls its iCloud storage subscriptions), you’ll even have the option to have Apple obscure your email address for extra privacy. Similarly, iCloud Keychain supports passkeys.
But now, with the Passwords app, you can actually manage your passwords in one handy location. It’s easy to view passwords, create new logins, find 2FA verification codes, see your compromised passwords, and securely share passwords with other Apple users. You can even set up groups with trusted friends and family members to share passwords and passkeys automatically.
For Apple users who are happy to sit back and let Passwords/iCloud Keychain (this naming convention is awful) handle everything, it’s actually hard to beat. It’s incredibly secure, easy to use, and has all the features most people need. Now that there’s finally a real app, it’s an even better prospect for Apple users. You really only need something like 1Password or Bitwarden if you want to take an even more active role in managing your passwords. Or, of course, if you want to easily use devices or browsers that aren’t inside Apple’s walled garden.
iCloud Keychain Price: Free with an Apple ID; iCloud+ starts at $0.99/month with 50GB of storage and Hide My Email.
Should I use Google password manager?
Google has a password manager that’s built into Android and Chrome—and it’s absolutely fine. It supports passkeys, can check for compromised passwords, and works nicely if you just stick to Android and Chrome. It just isn’t as powerful, easy to use, or widely compatible as the dedicated password managers on this list. Plus, both Apple Passwords and Bitwarden are better if price is a concern.
What about LastPass password manager?
LastPass was once the other big name in password management. Unfortunately, over the past few years, there have been a number of major issues.
Between August and December of 2022, LastPass suffered two major data breaches that resulted in customer vaults being stolen (mine among them). Theoretically, the vaults are still encrypted, but the hackers now have unlimited time to brute force them offline. And brute force them they have—the biggest targets have been in crypto, where between $250 and $500 million have been stolen. No password in any of the stolen vaults can be considered safe unless you had two-factor authentication turned on—and even then, I’ve changed all my affected passwords.
Worst of all, it’s generally agreed upon that LastPass’s response to the breach was abysmal. The company made excuses, blamed users, and offered little meaningful advice to affected customers. The only real change was that people with master passwords shorter than 12 characters were forced to update them to something more secure.
As well as failing to protect its users’ passwords, I’ve found that LastPass has offered an increasingly poor user experience over the last few years. Up until 2021, LastPass had the best free plan of any password manager, to the point that very few people needed to subscribe to its premium offerings. But that changed, and it wasn’t handled especially well. With one month’s notice, LastPass limited all free accounts to one device type. You could either access your passwords on your computers or on your mobile devices, but not both. Existing users’ passwords were essentially being held hostage unless they signed up for a paid plan.
Taken together, the loss of user data, the handling of the aftermath, and the already poor customer service make LastPass impossible to include on this list. I test it again every year, but it will take a lot for me to be convinced that anything should change. The CEO is starting to make the right noises in his latest interviews, but I still don’t think that’s sufficient evidence that LastPass is worth recommending. If you still use it and love it, I can’t force you to move services—but I can beg you to change all your passwords.
Passkeys: the end of passwords?
Despite all password managers do to make passwords secure, there are still some big underlying problems that can’t be fixed—the system was developed in the 1960s when researchers were sharing time on room-sized computers. Even the most secure passwords can be leaked in a database hack, and social engineering attacks like phishing can bypass two-factor authentication.
To that end, the FIDO Alliance (which includes Google, Apple, Amazon, Microsoft, American Express, Mastercard, Visa, and many others) has developed a new system called passkeys that rely on public-key cryptography.
In essence, when you sign up for a new account with a passkey, your browser, device, or password manager will create a pair of cryptographic keys: a public key that’s shared with the service you’re signing up for and a private key that it stores securely on your own device. Because of the mathematical relationship between your public key and your private key, your public key can be truly public, and your account will still stay secure. But the public key can also be used to confirm that your device has the correct private key for access. It’s a one-way code.
When you log in with your passkey, your device verifies your identity—either with a PIN or a biometric lock like FaceID or TouchID—and then confirms with the service that you have the correct private key using a single-use token. This means that your passkey can’t be intercepted in any way, and you don’t have to remember a unique password for every service.
It has the potential to be a great system, and support for it is slowly spreading—especially among large tech companies. Apple and Google both support passkeys in Safari and Chrome, respectively, and all the password managers on this list have implemented them to some degree or other. Unfortunately, while Google, WordPress, PayPal, and even Best Buy allow you to replace your password with a passkey, they still aren’t as widely supported as I’d like. 1Password lists just 247 sites and services (up from 221 last year) that allow you to create them, including its own passkey demo site.
The worst criticism of passkeys is that most implementations of passkeys are different and confusing. Dan Goodin of Ars Technica describes them as a “jumble of competing workflows, appearances, and capabilities that can vary greatly depending on the particular site, OS, and browser (or browser agents such as native iOS or Android apps).” What app you use to create a passkey determines a lot, and every operating system, browser, and password manager is competing to be that app. In my experience, this is starting to change. I’m now moving new accounts over to passkeys and am switching more important accounts when I’m feeling brave.
Whatever way you look at it, password managers are even more important than ever as passwords just aren’t going away very quickly and passkeys need even more infrastructure to work.
Please use a password manager
Using a password manager isn’t just about making your life easier—though it absolutely does that. It also increases your online security by many orders of magnitude. Identity theft and data leaks are too common and online accounts too valuable to just leave things up to your default browser.
Any of the five options above will serve you well, so head on over to the one that suits you best, and get started. Finding the best password manager is an investment in your security—and one I’d encourage you to make.
Related reading:
This article was originally published in October 2015 by Jesse Plautz. The most recent update was in March 2026.
