The Beginner’s Guide to Choosing the Best Password Manager
Last Updated:
Over the past decade, I’ve tried practically every password manager under the sun.
From the big names everyone’s heard of to the obscure open-source tools only us geeks use.
I’ve been working on this review for the past 5 months, ever since my article on password safety back in April.
My goal?
To help YOU choose the absolute best password manager for your needs.
I looked at everything – from security to ease-of-use to unique standout features.
And now, after months of testing, I’m finally ready to share my results with you.
Let’s dive in!
How I Tested and Compared
To find the real standouts, I got hands-on with 7 popular password managers:
- NordPass
- 1Password
- Dashlane
- Bitwarden
- RoboForm
- Keeper
- LastPass
I focused on these key criteria:
- Security: encryption strength, zero-knowledge architecture, 2FA options, security audits
- Reputation: company history, breaches/incidents, independent audits
- Ease of use: interface design, cross-platform support, setup process
- Unique features: secure sharing, emergency access, Dark Web monitoring
- Value: free vs paid plans, family options, money-back guarantees
To really put these password managers through their paces, I:
- Bought subscriptions to paid services
- Installed each one from scratch on a Windows PC, MacBook, iPhone, and Android
- Imported my massive stash of 500+ passwords from old backups
- Spent weeks using each app for all my daily logins
- Put features like password generation and form filling to the test
- Shared logins with family to try collaborative options
- Dug into security white papers and audit reports
It was a TON of work, but it means you can trust these recommendations are based on thorough, real-world experience.
LastPass?
In my book, trust is HARD earned and easily lost.
One breach and your most sensitive data could be plastered all over the dark web.
LastPass used to be one of the biggest names—look at what happened to them:
- 2015 breach exposed user emails and master passwords (thankfully users with MFA were safe) (Source)
- 2021 privacy concerns about trackers in Android app (Source)
- 2022 source code stolen in significant breach (Source)
- 2023 hackers used stolen data to access customer vault backups (Source)
That’s a serious trust issue.
Personally, I’d steer clear of LastPass.
And if you or anyone you know is still using it – forward them this article ASAP!
So Who Can You Trust?
On the flip side, the other major players have maintained much better track records:
- RoboForm – 23 years and counting with ZERO breaches!
- 1Password – 18 years, also with a squeaky clean record (despite hack attempts).
- NordPass – No known breaches. In-house security team discovered 10 billion pieces of exposed user data online. (Source)
Bitwarden, Dashlane, and RoboForm have had some minor flaws discovered (like autofill vulnerabilities), but no major user data breaches.
ProtonPass is a promising newcomer but lacks a needs time to build trust. Their parent company Proton has a strong reputation though.
There’s even been reports of it storing usernames/passwords as plaintext in memory. (source)
Bugs like that are never good, but their response was handled well.
To be fair, a clean past doesn’t guarantee an unbreachable future – any provider can suffer from a zero-day exploit or rogue employee.
But a strong track record is the best indicator we have.
Bottom line—1Password & NordPass get top marks for trust.
The others aren’t bad, but a few dings keep them out of the top tier.
But it’s good to be aware of each company’s history and make your own risk assessment.
Security is EVERYTHING
When it comes to password managers, security is EVERYTHING.
All the bells and whistles in the world don’t mean squat if your password manager has leaks like a sieve!
The good news:
All the password managers I tested use industry-standard AES-256 encryption.
That’s the same encryption used by banks and the military.
But I dug deeper and looked for that extra level of security. Things like:
- Zero-knowledge architecture (even the company can’t access your passwords)
- Two-factor authentication (2FA) options
- Security audits by reputable third parties
- Bug bounty programs
- Published security whitepapers detailing their practices
After poring over the details, a few stood out from the pack on security:
- NordPass uses next-gen XChaCha20 encryption on top of the standard AES-256.
- 1Password has a unique “Secret Key” feature and a “Travel Mode” for crossing borders.
- Bitwarden lets you self-host your password vault on your own server
But they all take security seriously with support for multi-factor authentication, biometrics, and passkeys.
At the end of the day, I’d feel safe trusting any of these top contenders with my precious passwords.
Open Source vs. Closed Source
This one is a bit geeky, but important for some folks.
Open source software means the code is publicly available for anyone to inspect.
The idea is that this transparency leads to better security, since flaws are more likely to be caught.
Closed source (or proprietary) software keeps their code private.
They argue this makes it harder for hackers to find vulnerabilities.
It’s a philosophical debate.
Among the password managers I tested:
- Bitwarden is fully open source. Code is available for anyone to audit.
- Proton Pass (from the makers of Proton Mail) is also open source.
- The rest are closed source. But NordPass and 1Password have passed independent audits confirming their zero-knowledge architecture.
- Dashlane has acquired a certification, but hasn’t completed the same level of audits.
There’s no right answer here.
Open source is great for transparency, but closed source doesn’t mean insecure.
Personally, I give a slight edge to open source, but I wouldn’t rule out a password manager JUST because they’re closed source—as long as they’re transparent in other ways.
Ease of Use
Look, if a password manager is a pain to use, you won’t use it. Period.
It should be simple, intuitive, and stay out of your way.
Some, like 1Password and NordPass, have clearly put a TON of thought into their user experience.
Everything just feels polished and intuitive.
Others, like Bitwarden and RoboForm, are a bit dated.
Fine for power users but not the most approachable.
Dashlane made the odd choice to remove their desktop app entirely.
Now it’s browser-only. I found that frustrating, but you may not mind.
My favorites in terms of user-friendliness:
- 1Password: Great, clean, simple design across the board.
- NordPass: Easy to use for all levels, with a simple menu and neatly categorized features.
If ease of use is your top priority, you can’t go wrong with either of these.
Dark Web Monitoring
And when they do, your passwords can end up for sale on the shadowy parts of the internet known as the Dark Web.
Some password managers help mitigate this risk by actively monitoring the Dark Web for your email address and usernames.
If they find a match, they alert you right away so you can change that password.
The standouts here:
- 1Password Watchtower – keeps an eye out for any of your logins popping up where they shouldn’t
- NordPass Data Breach Scanner – checks for exposed emails AND credit cards (super useful)
- Dashlane Dark Web Monitoring – doesn’t use HaveIBeenPwned; has its own database of 12 BILLION records (up to 5 accounts)
Keeper has “BreachWatch” but it’s an add-on that costs extra. No thanks.
It’s a nice bonus feature that gives extra peace of mind.
Of course, you can (and should) use tools like HaveIBeenPwned too.
Secure Password Sharing
Most of these password managers I tested allow some form of secure sharing.
However, pay attention to how they implement sharing:
- 1Password allows you to share with anyone, even if they don’t have a 1Password account. Very flexible.
- NordPass and Dashlane require the recipient to also have an account with their service. A bit more restrictive.
Consider your specific sharing needs when evaluating these.
Common Features
While they each have their specialties, I’m happy to report that all the password managers I tested nail the fundamentals:
- Easy import/export to help you switch providers
- Strong password generators to help you up your password game
- Autofill functionality to streamline your logins
- Password health analysis to identify weak or reused passwords
- Secure notes for storing sensitive non-password info
- Emergency access options in case you get hit by a bus
Dashlane used to offer an emergency access feature but (bizarrely) removed it. Yet another odd choice from them.
Honestly, you can’t go wrong with any of them here.
It’s all about the little details and your specific needs.
Unique Features
While all the password managers I tested cover the basics well, some offer unique features that set them apart:
- 1Password: Privacy.com integration for generating virtual credit cards, “Travel Mode” for crossing borders safely, Watchtower for security alerts
- NordPass: Native email aliasing, ocr scanning, very low cost for family plans (up to 6 accounts)
- Proton Pass: Native email aliasing feature, fully open source
- Bitwarden: Open source, can self-host for total control, cheapest for individuals (less than $1/month)
- RoboForm: One-click logins, Master Password restore using iOS biometrics
- Dashlane: includes a VPN (though it’s pretty basic)
- Keeper: KeeperChat private messenger
None of these are make-or-break essential, in my opinion.
But they’re certainly nice value-adds that could tip the scales for you.
I’m particularly fond of 1Password’s Travel Mode and Watchtower myself.
Best Bang for Your Buck
You can find password managers ranging from 100% free to over $50/year.
On average, expect to pay around $25-30 per year for an individual plan.
Here are some key takeaways on pricing:
- NordPass, ProtonPass and Bitwarden have totally free plans that cover the basics
- Bitwarden is a crazy good deal at just $10/year for individuals. Their free plan is very capable too.
- Dashlane is the most expensive at $60/year. Ouch.
- 1Password, Dashlane, and Keeper are all in the $35-45/year range
- NordPass is a relative bargain at just $22.68/year
In terms of free vs paid, here’s my take: For something as important as your passwords, it’s worth paying for if you can afford it.
You get more features, enhanced security, and priority support.
That said, if cost is a major barrier, Bitwarden’s free plan is extremely generous and impressive.
You won’t feel like a second-class user at all.
So that’s the route I’d go if I was on a tight budget.
My Top 3 Picks
After extensive testing and a borderline unhealthy amount of overthinking, here are my top three password manager picks:
- 1Password earns my highest recommendation overall. It checks all the boxes: security, ease of use, features, support, reputation…
- NordPass: A very close second. Slightly better priced than 1Password with top-notch security. If you’re on a bit of a budget, this is a fantastic choice.
- Bitwarden: The best free option by far. Also great if you’re technically inclined and value open source. But prepare for a less polished experience compared to the top two.
The other options I tested are all solid, but these three really stand out.
You truly can’t go wrong with any of them.
Just PLEASE don’t use LastPass!
If you found this guide helpful, I’d hugely appreciate you bookmarking it and sharing it with anyone who values their online security.
Common Concerns
What if my password manager gets hacked?
It would certainly be bad, but not catastrophic.
All your data is encrypted with a key derived from your master password.
As long as you use a strong master password (make it long!), hackers would only get useless gibberish.
And the top password managers I recommend have never suffered a major breach.
Isn’t storing all my passwords in one place a huge risk?
I understand the hesitation, but it’s actually MUCH riskier to use weak, repeated passwords scattered everywhere.
Password managers are the most secure and convenient way to use strong, unique passwords on every site.
Don’t let the perfect be the enemy of the good!
How do YOU store your master password?
Personally, I use an extra long master passphare made up of random words.
I have it memorized, but I also keep a backup in a secure location.
Some people even split it in half and store in separate secure locations for extra protection.
Thank you, Sir, for all the work you put into this.
Sounds very thorough and reasonable. It really helps me to make up my mind on which program to get. Thanks.
Most of my accounts require me to change passwords from time to time. they ask if I've forgotten my password, but I have not. I assume they do this "for my own good", but I find it disingenuous to infer this. Will password managers create new passwords automatically ?
I use Norton 360. If I use one of your top 3 password managers, will it override the Norton ???
Hi Robert, Using a dedicated password manager like 1Password, NordPass, or Bitwarden alongside Norton 360 shouldn't cause any conflicts. If you decide to use any of these I recommend disabling Norton's password manager and use a standalone app like 1Password instead. This keeps things simple.
Which one of these password managers does not have the ability for the company or the government to "backdoor" into it? Should they desire to get into all of your passwords.
Robert, All these options I recommended employ a "zero-knowledge" architecture. This means your password vault is encrypted on your device before it reaches their servers. Even if the company wanted to, they can't access your passwords since they don't have the encryption key. Furthermore, as I've said in the article both 1Password and NordPass have undergone independent security audits to verify their zero-knowledge implementations. While no system is 100% foolproof, these audits provide a high degree of assurance. And my recommendation If you're extremely privacy-conscious, go with Bitwarden and self-host.
Hi Phil, password managers do have built-in password generators that can create strong, unique passwords automatically when you need to change them. When a site prompts you to update your password, simply open your password manager, generate a new password, and save it. The password manager will remember it for you.