Best Password Managers 2018

Product Use case Rating
Dashlane Best Overall 9
LastPass Best Value 9
Keeper Best Security 8
Enpass Good Value 7
1Password 6
Zoho Vault 6

If you have a password manager, you won't need to remember a unique, long, complex password for each of your online accounts. The password manager will remember each password for you, strengthening your security and minimizing your risk the next time there's a massive data breach. The only password you'll need to remember is the single "master" password to the password manager itself.

Based on our extensive testing of seven services — in which we focused on user experience, platform support, security and overall performance — the best overall password managers are Dashlane and LastPass, which offer the ideal combinations of ease of use, convenience and security.

Dashlane has a well-designed desktop application, a tool that changes your passwords on hundreds of websites simultaneously, and has recently added a fully interactive website interface and support for Linux and Chrome OS. LastPass has the price advantage; its free version is unlimited and versatile, and its paid versions are inexpensive and full-featured.

We also liked Keeper's strong security and Enpass' flexibility, although each lacked certain conveniences.

Two other password managers are best suited for niche segments: 1Password for Mac and iOS users, and Zoho Vault for couples and small families who want to share passwords. The seventh password manager, RoboForm, is the oldest on the list, and while it does a competent job, it needs an overhaul before we can recommend it over any other product.

What to Look for in a Password Manager

All seven password managers we reviewed secure your data, both on your machine and in the cloud, with the toughest form of encryption in wide usage today. All have software for Windows, macOS, Android and iOS. All have free options, but none of them are entirely free.

All can be installed on an unlimited number of devices for a single (usually paid) account, store an unlimited number of passwords and generate new, strong passwords for you (though not always on the mobile version). Some alert you to the latest data breaches. Most offer a two-factor authentication option for master passwords.

Many offer to save your personal details, credit-card numbers and other frequently used information so that they can quickly fill out online forms for you. Finally, none can recover your master password for you if you forget it, although some let you reset that password to something else.

Best Overall: Dashlane

Dashlane has removed almost every reservation we had when we last reviewed it. It's added support for Linux, Chrome OS and the Microsoft Edge browser and has made its website interface truly interactive, matching LastPass in platform support and, with its excellent desktop software, surpassing its chief rival in interface flexibility.

Dashlane's killer feature is its bulk password changer, which can reset hundreds of your passwords at once, saving you time and worry in the event of a major data breach. The password manager is also well designed, easy to use and possibly the best at filling out your personal information in online forms. Dashlane's only drawback is the relatively high price of $40 per year for the paid version.

Best Value: LastPass

LastPass shares our Editor's Choice award with Dashlane because of its ease of use, support for all major platforms, wide range of features, variety of configurations and affordable ($24 per year) subscription. The free version of LastPass syncs across an unlimited number of devices and has almost as many features as the paid version. You don't need to install an application on your computer to use LastPass; instead, the software lives entirely in browser extensions and in a full-featured web interface.

Best Security: Keeper

Keeper ($30 per year for premium service) is fast and full-featured, has a robust web interface, stores files and documents of any kind, and offers perhaps the best security of any password manager. The trade-off for that enhanced security is a bit of inconvenience: Keeper chooses not to have a bulk password changer, and it won't let you create a PIN to quickly access the mobile app. If your phone can't read your fingerprint or your face, you'll have to enter the full master password every time.

Good Value: Enpass

Enpass is entirely free on the desktop and costs a one-time flat fee of $9.99 for Android, BlackBerry, iOS or Windows Phone. It handles all the basics quite well, but you'll have to sync your own devices via Dropbox or a similar service. (Some users might see that as a security advantage.)

The Enpass desktop interface is a bit spare, but functional; the mobile apps are sleek and handle biometric logins. Enpass says a local-sync feature is in the works, which would make the service ideal for users who are wary of putting their data online. Until then, though, Enpass isn't any better than the free version of LastPass.

1Password

1Password's Windows and Android versions have finally reached rough parity with their Mac and iOS equivalents, but many functions feel clunkier than they are on newer password managers. 1Password now asks new users to sign up for a $36 yearly cloud subscription, although for $65, Mac users can buy the older stand-alone application that lets them sync devices locally.

Only cloud subscribers can use 1Password's killer feature, a Travel Mode that deletes sensitive data from your devices (you'll get it back later) so that snooping border-control agents can't find it. 1Password also has great form-filling abilities, though it lacks true two-factor authentication.

Zoho Vault

Zoho Vault is part of a larger suite of paid enterprise tools, and the company makes the password manager free for individual personal use. (Group plans that can be used by families start at $12 per user per year.) You won't get consumer-friendly features such as personal-data form filling or a bulk password changer, but all of the essentials are in place and work smoothly.

The only drawbacks are that Zoho Vault sometimes trips over Google logins (there's a somewhat technical workaround) and that LastPass does even more for free as well.

RoboForm

RoboForm has been around since 1999 and, unfortunately, shows its age. At $20 per year, its premium version isn't expensive, and the service has excellent form filling and runs on a wide variety of platforms and browsers. But its website interface is still read-only, its desktop software can be confusing (the mobile apps are a little more user-friendly) and its functionality is limited. RoboForm needs an overhaul to compete with even the free version of LastPass.

How We Test Password Managers

We installed and used all seven password managers on a dual-boot Apple laptop running Windows 10 and macOS 10.12 Sierra, an iPad Pro 12.9, a Samsung Galaxy S8+ and a Google Pixel. The primary browser we used was Google Chrome on all platforms, but we also used Apple Safari on macOS and iOS.

We considered each service's ease of use, user interface, variety and usefulness of features, and security practices, especially concerning two-factor authentication. Price was considered only when two or more password managers were otherwise roughly equal.

Cloud vs. Local Management

1Password gives you an option to store and sync your "vault" of passwords and other sensitive information locally (in other words, only on your own devices) without using the service's cloud servers. There's a security advantage to that because none of the data will ever need to reach the internet, but it can be a hassle to synchronize all of your devices. (Enpass plans to add a similar local-sync feature, but for now, you'll have to sync your devices using third-party file-sharing services such as Dropbox or iCloud.)

Far more convenient are cloud-based password managers, which include LastPass, Dashlane, Keeper and Zoho Vault. (1Password's default mode is also cloud-based.) These services keep encrypted copies of your vault on their own servers, ensure all your devices are always synced and encrypt the transmissions between your devices and their servers.

The risk, though small, is that one of the cloud-based services could be compromised, and your passwords could be released out into the wild. (LastPass has had a number of documented security issues, all of which have been quickly fixed, and has not lost any passwords.) And whether it's local or cloud-synced, a password manager puts all your eggs in one basket, so to speak. But for most people, the demonstrable security benefits of using a password manager far outweigh the disadvantages.

Create a new thread in the Audio forum about this subject
28 comments
Comment from the forums
    Your comment
  • publicq
    This article should be updated to include 1Password in the cloud-based managers. They do technically offer a standalone local vault product, but their main product is a cloud-based manager that offers easy syncing between devices (it's hard to even find the standalone version on their site anymore without doing some digging.)
  • bb2015
    I use Password One on PC and phone, relatively easier to use than others.
  • Honey8
    I was really hoping this might be more detailed and insightful.
    The review of 1password is out of date. At the end of Feb 2017, a month before this was published on march 30 2017, the developer AgileBits announced subscription based licensing with passwords etc to be synchronised and stored on the developers servers.

    There's almost nothing in this article that speaks to the relative security of these types of software.

    Nothing that addresses the security breaches that have impacted market leaders in the last few months and in the years prior.

    Nothing that addresses the security profile of online developer hosted systems vs achieving multi device synchronisation via iCloud, Dropbox or wifi.

    It's really just a checklist of marketing features.

    There is comment about 2FA without any suggestion that it's only relevant if you have to logon to the developers web site to get your passwords. It's authentication, it's got zip to do with encryption.

    There is no recognition of the demonstrated danger of poorly crafted browser plugins that password managers seem to rely upon. (See recent Tavis Ormandy findings)

    Tom's Guide .... how about a more detailed assessment as a follow up on this basic introduction paper? It would be really helpful.
  • talbotrg
    Why was RoboForm excluded, it has the flexibility of syncing passwords across all your devices using a cloud-synced account.
  • johnm719
    I am shocked at your comments about KeePass.

    First, opposite of what you claim, it is extremely as easy to use and extremely flexible as well. As a testimoney to this, it is simple enough that my sons, my daughters, and my extremely non-techincal wife all use Keepass and love it.

    Second, sync is not a problem. I have it sync with a free DropBox account so it is available on my cell phone, my pc, my laptop, etc. On my cell phone, I just go to DropBox, click on the keepass data file to open it, DropBox downloads the latest file if there is one, kicks off KeePass, and away I go.

    Even better, KeePass allows this sync via DropBox to be MORE secure than the others. Why? Because to open, keepass can require a combo of BOTH the password you type in, AND a local file with a very long 1k+ byte passcode. This local file never touches the internet. I will grant you that setting up this "dual-authentication" takes a small modicum of savvy, but the core strength is there to use. And it is fully explained in the manual, for those who will take a few moments to read it. The only savvy required is that you read a page explaining it.

    Its "AutoType" feature allows KeePass to work with virtually everything. It does the typing for you.

    As a testimony to its power and simplicity, my more inventive son dreamed up using it in for a very non-standard application. His job is renting apartments in at a very large complex. For a particular apartment style, he creates a KeePass entry that would normally just hold a username and password. But, since KeePass can save an arbitrarily large data base of user defined fields beyond just a username field and a password field, he creates fields AD1, AD2, AD3, etc. and types in slightly differently worded advertising text. He will then go onto Craig's List and have KeePass "Autotype" whichever AD he wants to post. This lets him easily and very quickly re-post a slightly changed AD to keep his AD near the top of the list, when people search Craig's List.

    What's not to like about all this! And it is totally free!!
  • CJ_8__
    I've loved using Keeper for several years. It is easy to use, works on my phone, tablet, and laptop, and provides the kind of security I need. I give it a 10!
  • DLE
    RoboForm has failed to keep up with Gmail's inane login process. I have more than one Gmail account, RoboForm has no way to get to a specific account and RoboForm/Gmail (not sure where most of the blame falls) insists on taking me to the last account I signed into.

    Do any of these "2017" Password Keepers allow me to go straight to the account I wanted to use, or at a minimum, take me to the Gmail "choose an account" screen consistently?
  • totallynuss
    LastPass is $24 a year not $12. Why are you misleading your readers? Guess how angry I was when I went to sign up and was asked for double? Jerk!
  • rgd1101
    Anonymous said:
    LastPass is $24 a year not $12. Why are you misleading your readers? Guess how angry I was when I went to sign up and was asked for double? Jerk!



    Because the article came out before the price got change.
  • labuschin
    You need to get your facts straight (You published this article on Jul 21, 2017 according to yourself). 1Password has two factor authentication (either for login to it and for using saved logins for services). Also the Android version is very useful, it fills passwords in every app, you can manage your logins completely from the app and its performance is absolutely okay.
  • hanskra
    Good but now BAD: lost all my passwords

    I had to change my Master Password prior to loosing face recognition. All went fine, till I tried to find a password. Revealing the password is BLANK. ALL passwords are BLANK. not a single character to be seen.

    Customer service in India was useless and escslated. They said they research my "unique" problem. Not a sound or emsil since. No customer service. None. Only words

    Therefore trust your passwords to anyone but NOT TO TRUEKEY.

    If they fix their mess I will repost. I hope soon, it HAS been a week since I lost all fingers crossed.
  • slave_driver
    I am afraid I am not very comfortable with most of these choices. While I am sure their servers are very secure, the platform that most of these are using (Web Extensions) has been hacked numerous times.

    Last Pass has been hacked at least 3 times.

    I may be old school, but for me there is something wrong if the only way you can interact with your personal information is by using a web browser.

    Browsers are inherently insecure.

    I would prefer a password manager that operated outside of web browsers and interacted with the browser in a limited fashion.

    I also find it interesting that this article shows last pass for having support for all major browsers... how about browsers like Waterfox, Vivaldi, Slimjet

    I was never impressed with google chrome and it seems all the browsers now are trying to emulate it.
    Firefox seems to be moving backward, adding features I don't want and getting rid of features I liked.

    Now with IE fading and Edge is there for what?

    Yeah! No! I'll want a password manager that operates outside a web browser thank you.
  • n7.narcosis
    Thank you for this great article! After many years of using 1Password, first on my iPhone and then on my windows pc (was it only 2014 this was available - seems much longer) have decided to try LastPass after your recommendation. The problem with 1Password is my frustrating experience with Chrome add-ins/extension which is just so unreliable! It regularly fails to load and then regularly fails to enter log in details when it does load. App on HTC android work phone is also pretty useless - but that could just be the phone constantly needing to be authorised after every app update.

    Thanks again.
  • cosmicpea
    It doesn't work with the new Firefox and even when I rolled FF back a couple of versions now Lastpass refuses to remember my email address, and also refuses to remember my settings. Every single time I go to my vault I have to manually skip the tour and reconfigure the page view.

    It no longer works well, if at all, on multiple gmail addresses. I have to manually enter my user name and then click, click, click to get the thing to pop up and give me option to choose account. Sometimes I can't get it come up at all and have to enter my password manually. Way to go Lastpass. Let's defeat the purpose of a password manager.

    It no longer works with Chrome OS -- but one savvy user in the Chrome Store pointed people to a link from a legacy version. Fine, but I can't update it. There have been complaints dating back to the last Chrome OS update and they still haven't fixed it.

    I would have to say at this point Lasspass is almost a total fail. But nothing else works with a Chromebook. I will revert to the free version but no way am I paying $24/year for this.
  • tfl
    Finally a review _not_ sponsored by Agilebits (1Password). Thanks.
  • mholden
    Hi Paul, When I search for "password manager" in the iPhone App Store, the first app listed is Datavault by Ascendo. It's number 3 for Mac. Any reason you didn't consider it for your review?
  • s.hollabaugh
    Edward Snowden said that Dropbox is not secure and doesn't care about your privacy. He said to avoid Dropbox.
  • therealwireball
    Bitwarden seems like a drop-in replacement for Lastpass, judging by my experience with importing my passwords from lastpass to bitwarden.
  • one9712745
    If only need to save passwords & urls, just use ms word and save & password protect. & transfer to device if necessary. Super cheap.