Best Password Managers 2017

With a password manager, you won't need to remember unique, long, complex passwords for every online account. The software will remember it for you, strengthening your password security and minimizing your risk the next time there's a massive data breach. All you'll need to remember is the single "master" password to the password manager itself.

Credit: Rawpixel.com / ShutterstockCredit: Rawpixel.com / Shutterstock

Based on our extensive testing of seven services, focusing on user experience, platform support, security and overall performance, the best overall password manager is LastPass, which offers an ideal combination of ease of use, convenience and security.

Dashlane was a close runner-up, thanks to its nifty ability to reset all your passwords at once.

We also liked True Key's forward-looking biometric authentication, Keeper's simplicity and Sticky Password's user-friendliness, although each lacked features we consider essential.

Two other password managers are best suited for niche segments: 1Password for Mac users, and KeePass for tech-savvy users of Linux and other open-source software.

What to Look For

All seven password managers we've reviewed secure your data, both on your machine and in the cloud, with the toughest form of encryption in wide usage today. All have software for Windows, Mac OS X, Android and iOS. All have free options, though only KeePass is entirely free. All can be installed on an unlimited number of devices for a single (usually paid) account, and most can store an unlimited number of passwords.

All of the password managers we reviewed can also generate new, strong passwords for you (though not always on the mobile version), and some will alert you to the latest data breaches. Most offer a two-factor authentication option for master passwords.

Many offer to save your personal details, credit-card numbers and other frequently used information so that they can quickly fill out online forms for you. Finally, none can recover your master password for you if you forget it, although some let you reset that password to something else.

Cloud vs. Local Management

KeePass primarily stores the user's "vault" of passwords and other sensitive information locally, i.e. on one of the user's own devices. There's a security advantage to that, as none of the data has to ever reach the internet, but it can be a hassle to synchronize the vault with other devices.

Far more convenient are cloud-based password managers, which include LastPass, Dashlane, Keeper and True Key. These services keep encrypted copies of your vault on their own servers and make sure all your devices are always synced.

The risk, although it's small, is that one of the services could be compromised and your passwords released out into the wild. (LastPass has had a number of documented security issues, all since fixed.) Two other password managers, Sticky Password and 1Password, can work as either a device-based or cloud-based manager, although 1Password is now downplaying its local-storage option and will only sell it to you if you email the company directly.

How We Tested

We installed and used all seven password managers on a Windows 8 laptop, an iPad Mini and a Samsung Galaxy S6 Android smartphone. Additional testing was done on an iPhone 6s Plus, a OnePlus One Android smartphone and a Windows 10 laptop.

We took into consideration each service's ease of use, variety and usefulness of features, and its security practices, especially concerning two-factor authentication. Design was noted, but did not factor into our rankings, and price was considered only when two or more premium password managers were otherwise roughly equal.

LastPass

Dashlane

True Key

Keeper

Sticky Password

KeePass

1Password



Create a new thread in the Audio forum about this subject
10 comments
    Your comment
  • Paul Wagenseil
    0
  • publicq
    This article should be updated to include 1Password in the cloud-based managers. They do technically offer a standalone local vault product, but their main product is a cloud-based manager that offers easy syncing between devices (it's hard to even find the standalone version on their site anymore without doing some digging.)
    0
  • bb2015
    I use Password One on PC and phone, relatively easier to use than others.
    0
  • Honey8
    I was really hoping this might be more detailed and insightful.
    The review of 1password is out of date. At the end of Feb 2017, a month before this was published on march 30 2017, the developer AgileBits announced subscription based licensing with passwords etc to be synchronised and stored on the developers servers.

    There's almost nothing in this article that speaks to the relative security of these types of software.

    Nothing that addresses the security breaches that have impacted market leaders in the last few months and in the years prior.

    Nothing that addresses the security profile of online developer hosted systems vs achieving multi device synchronisation via iCloud, Dropbox or wifi.

    It's really just a checklist of marketing features.

    There is comment about 2FA without any suggestion that it's only relevant if you have to logon to the developers web site to get your passwords. It's authentication, it's got zip to do with encryption.

    There is no recognition of the demonstrated danger of poorly crafted browser plugins that password managers seem to rely upon. (See recent Tavis Ormandy findings)

    Tom's Guide .... how about a more detailed assessment as a follow up on this basic introduction paper? It would be really helpful.
    0
  • talbotrg
    Why was RoboForm excluded, it has the flexibility of syncing passwords across all your devices using a cloud-synced account.
    0
  • johnm719
    I am shocked at your comments about KeePass.

    First, opposite of what you claim, it is extremely as easy to use and extremely flexible as well. As a testimoney to this, it is simple enough that my sons, my daughters, and my extremely non-techincal wife all use Keepass and love it.

    Second, sync is not a problem. I have it sync with a free DropBox account so it is available on my cell phone, my pc, my laptop, etc. On my cell phone, I just go to DropBox, click on the keepass data file to open it, DropBox downloads the latest file if there is one, kicks off KeePass, and away I go.

    Even better, KeePass allows this sync via DropBox to be MORE secure than the others. Why? Because to open, keepass can require a combo of BOTH the password you type in, AND a local file with a very long 1k+ byte passcode. This local file never touches the internet. I will grant you that setting up this "dual-authentication" takes a small modicum of savvy, but the core strength is there to use. And it is fully explained in the manual, for those who will take a few moments to read it. The only savvy required is that you read a page explaining it.

    Its "AutoType" feature allows KeePass to work with virtually everything. It does the typing for you.

    As a testimony to its power and simplicity, my more inventive son dreamed up using it in for a very non-standard application. His job is renting apartments in at a very large complex. For a particular apartment style, he creates a KeePass entry that would normally just hold a username and password. But, since KeePass can save an arbitrarily large data base of user defined fields beyond just a username field and a password field, he creates fields AD1, AD2, AD3, etc. and types in slightly differently worded advertising text. He will then go onto Craig's List and have KeePass "Autotype" whichever AD he wants to post. This lets him easily and very quickly re-post a slightly changed AD to keep his AD near the top of the list, when people search Craig's List.

    What's not to like about all this! And it is totally free!!
    0
  • CJ_8__
    I've loved using Keeper for several years. It is easy to use, works on my phone, tablet, and laptop, and provides the kind of security I need. I give it a 10!
    0
  • DLE
    RoboForm has failed to keep up with Gmail's inane login process. I have more than one Gmail account, RoboForm has no way to get to a specific account and RoboForm/Gmail (not sure where most of the blame falls) insists on taking me to the last account I signed into.

    Do any of these "2017" Password Keepers allow me to go straight to the account I wanted to use, or at a minimum, take me to the Gmail "choose an account" screen consistently?
    0
  • totallynuss
    LastPass is $24 a year not $12. Why are you misleading your readers? Guess how angry I was when I went to sign up and was asked for double? Jerk!
    0
  • rgd1101
    Anonymous said:
    LastPass is $24 a year not $12. Why are you misleading your readers? Guess how angry I was when I went to sign up and was asked for double? Jerk!



    Because the article came out before the price got change.
    0