The sheer number of apps and services each of us use on a daily or weekly basis is headache-inducing when you think about all of the login credentials and passwords that entails. It’s why many people use the same password, or a variation of it, multiple times. While convenient in the near term, it’s a dangerous security risk in the long run.
A single data breach containing your account credentials could provide would-be bad actors with everything they’d need to gain access to your social media, email or, even worse, online bank accounts.
The solution? Use a password manager. Instead of reusing passwords or keeping a document that stores all of your account logins, a password manager will securely store your information and even generate then autofill complex passwords on your behalf.
We’ve been testing some of the most well-known password managers, with solutions ranging from free and built into your phone to paid offerings that include file storage and secure messaging apps. And while the free options are tempting because they don’t cost anything, you’re better off investing in your personal security. After our thorough testing and analysis, one option clearly rose above the rest:
Best password manager: 1Password offers the complete package
- With robust filling features that include integration across nearly every platform and browser extension, along with a seamless setup process and an intuitive suite of apps, 1Password is our choice for best password manager. It’s reasonably priced with a total cost of $35.88 for one user or $59.88 for up to a family of five when billed annually. There’s not much that the creators of 1Password didn’t think of adding to the service, and after our testing, it’s the clear winner.
The cat’s already out of the bag. 1Password offers the total package: security, usability, features and pricing. It starts at just $2.99 a month for one user or protects up to a family of five for $4.99 a month.
After signing up for your account, which includes the option for a free 30-day trial, you can download an app or a browser extension. The apps and extensions are used to create, fill and store your complex passwords, so you don’t have to worry about remembering them. Better yet, every major operating system is supported, including macOS, Windows, Linux, Chrome OS and even those who stick to the command line.
Browser extensions include support for Chrome, Edge, Firefox, Brave and Safari. There’s even an app, called 1Password X, that lives in your browser if you use Chrome, Firefox, Edge or Brave.
You have full control over how complex the password is in terms of length and amount of numbers and symbols, or you can pick a memorable password that strings together a series of words.
For online accounts that use two-factor authentication (2FA), which adds an extra layer of protection by requiring your username, password and then a randomly generated code typically delivered via text or mobile app (you really should turn this on for all accounts that allow it), 1Password will store your one-time passwords and autofill them in the proper text field when available. With the exception of Keeper, we found competing services either required us to download a secondary app or didn’t support 2FA codes at all.
The process for telling 1Password to fill in your credentials depends on which platform you’re using. For example, on a Mac, the keyboard shortcut of the Command and “” key will open the app. On Windows, it’s the Control and “” key.
On iOS, you can use the systemwide autofill feature that displays your login as a shortcut just above your keyboard. Depending on the version of Android you’re using, 1Password either shows up at the top of the keyboard or you have to trigger it with a long-press in the text field, then selecting Autofill.
1Password can be opened from anywhere within each platform, be it apps or in any browser, and will automatically fill in your username and password and, if you have your 2FA code added, it will either copy it to the clipboard for you to manually paste when prompted or it will autofill it for you as well.
Included with each 1Password account is extra storage for keeping personal documents, like photos of your driver’s license or social security card, along with any other private files you want to have access to at all times but don’t want to store in your typical cloud storage service.
You can turn on Watchtower, an optional feature that will analyze your usernames and passwords, letting you know how many passwords are considered weak and should be changed, and list how many have been reused across your various accounts. Additionally, 1Password will check your various account details against known leaks posted on the website haveibeenpwned.com. If your details are detected, 1Password will let you know and suggest changing your login info.
As for keeping your 1Password account secure, the company encrypts your data with three different keys, each of which have to be used in order to unlock all of your passwords and banking information inside. A hacker would need access to your encrypted data, and then they’d need to know your master password — what you use to unlock the 1Password app when fingerprint sensors or facial recognition is unavailable — and your secret key. The secret key is a complex string of 26 letters and numbers that’s linked to your account. For those nervous about storing all your most private details on 1Password’s services, you can read more about 1Password’s approach to keeping your information secure on its blog, and take comfort in the fact that (knock on wood) the company has yet to suffer from any sort of hack or data breach. Of course, no company or service is immune to attacks. LastPass suffered a breach of its own in 2015, but the attackers were unable to gain access to user vaults.
The team at 1Password has built the complete package when it comes to an app and service that keeps your personal information safe and secure. The apps are quick to get up and running, and the ease of use takes the headache out of using a password manager.
How we tested
After searching the web for password managers, both free and paid, along with researching which had the best reviews, we decided on our testing pool. Compatibility across platforms via specific apps, a website or a browser extension was a must here as well.
With each of these services, we created an account and set it up as brand new so we could note any nuances and gauge the difficulty of the setup process. In terms of password creation, we thoroughly tested adding an account and creating new passwords via our own complex idea or by using the password generator component. We also tracked how quickly that password appeared to be uploaded and available in the secure cloud.
And if you’re like us and might be migrating from a different password service, we tried importing our current library (accounts and passwords) into the new service. We also used each of these as our daily drivers for a bit.
- Setup and installation: As we created our account and started the journey with each service, we paid close attention to how long it took and how easy it was to set up.
- Password library: This was an umbrella category and covered all things password-related. From importing previously saved ones to syncing across devices and even creating a password on the fly.
- Apps: Being able to access your password manager from any device with ease while also having it be secured was critical. Here we examined the interfaces across services as well as the platforms apps were available for.
- Security: Close attention was paid to how many layers of security were in front of seeing our actual passwords. If it was an app, we noted if it supported face or fingerprint recognition. We also looked at whether secret keys are required and if the service offered dark web monitoring.
How we rated
Below you’ll see how we rated each of the categories listed above and the subcategories that fall underneath them. Setup and the password libraries were each rated the highest at 30.
- Setup and installation had a maximum of 30 points.
- Password library had a maximum of 30 points: adding new (10), importing from other services (10) and syncing across devices (10).
- Apps had a maximum of 20 points: platforms or extensions (10) and ease of use (10).
- Security had a maximum of 20 points: monitoring of hacks and leaks (10) and account security (10).
Other password managers we tested
LastPass is a common name in the password manager realm, and for good reason. It offers a free plan that, unlike its competitors, has more features than Apple or Google’s offerings but not everything you get from a paid service (including its own). Where LastPass fell short of our top pick was in its apps and extensions. The mobile apps are good, but also the only place we could figure out where to generate a password. The apps aren’t very user-friendly, lacking features like autocopying a generated password so it’s easy to enter it when creating a new account.
Keeper offers a wide range of apps and extensions, supporting multiple platforms, and is easy to get up and running. Storing 2FA codes is built in, making it simple to keep all of your information in one place. Keeper’s plans range widely in price because the company adds more services for higher-priced tiers. For example, the base plan gives you the basics: password management and device sync. If you want more advanced features, like BreachWatch Dark Web Monitoring or secure file storage, you’ll have to pay more per month. Ultimately, the overall design and usability of Keeper is what held it back from being our top pick. The interface isn’t always intuitive and easy to use, particularly on a computer. And to get feature parity of the 1Password plan, you’re going to pay a bit more with Keeper, which also includes KeeperChat Private Messenger, an app you can only use with fellow Keeper subscribers.
If you spend all of your time inside Apple’s ecosystem of Safari, iPhone and iPad, then this free offering is a good fit for you. You can’t import or export any of your passwords, but there’s literally no setup or extra steps you need to take to start using it. Just fill in a password in an app or Safari on your iPhone, and iCloud Keychain will ask if you want to save it. Start signing up for a new account, and it will suggest a strong password. There are two main problems with iCloud Keychain as your main password manager: It’s limited to Apple products, which also means you have to use Safari as your browser on a computer. With the recent release of iOS 14, Apple recently added a tool that identifies compromised or weak passwords, and lets you know when they need to be changed, a feature the service has been lacking.
Google also has a password manager of its own, built directly into Android and the Chrome web browser. What makes this solution different from Apple’s is that it’s not just limited to Android and Chrome, thanks to a recent update on iOS. Google added the ability to access your passwords saved in Chrome anywhere in iOS, such as apps or even in Safari, allowing you to fill in information outside of Google’s ecosystem. But even then, you’re still limited to using Google on your Mac or Windows PC. Google also provides a tool to scan your credentials to see if they’re included in any sort of data breach and will suggest making a change if so.
Read more from CNN Underscored’s hands-on testing: