Search the Community

Keep your logins locked down with our favorite password management apps for PC, Mac, Android, iPhone, and web browsers. Password managers are the vegetables of the internet. We know they’re good for us, but most of us are happier snacking on the password equivalent of junk food. For nearly a decade, that’s been “123456” and “password”—the two most commonly used passwords on the web. The problem is, most of us don’t know what makes a good password and aren’t able to remember hundreds of them anyway. The safest (if craziest) way to store your passwords is to memorize them all. (Make sure they are long, strong, and secure!) Just kidding. That might work for Memory Grand Master Ed Cooke, but most of us are not capable of such fantastic feats. We need to offload that work to password managers, which offer secure vaults that can stand in for our memory. The best password manager offers convenience and, more importantly, helps you create better passwords, which makes your online existence less vulnerable to password-based attacks. Read our guide to VPN providers for more ideas on how you can upgrade your security, as well as our guide to backing up your data to make sure you don’t lose anything if the unexpected happens. Updated March 2025: We've updated our review of Dashlane based on recent testing, added NordPass back, and have more details on the status of passkey support. Why Not Use Your Browser? Most web browsers offer at least a rudimentary password manager. (This is where your passwords are stored when Google Chrome or Mozilla Firefox ask if you’d like to save a password.) This is better than reusing the same password everywhere, but browser-based password managers are limited. In recent years, Google has improved the password manager built into Chrome, and it's better than the rest, but it's still not as full-featured or widely supported as a dedicated password manager like those below. WIRED readers have also asked about Apple’s password manager, which syncs through iCloud and has some nice integrations with the Safari web browser. There’s nothing wrong with Apple’s system. It doesn’t have some of the nice extras you get with dedicated services, but it handles securing your passwords and syncing them between Apple devices. The main problem is that if you have any non-Apple devices, you won’t be able to sync your passwords to them. All in on Apple? Then this is a viable, free, built-in option worth considering. What Are Passkeys? A concerted effort to get rid of passwords began roughly two days after the password was invented. Passwords are a pain—you’ll get no argument here—but we don’t see them going away in the foreseeable future. The latest effort to eliminate the password comes from the FIDO Alliance, an industry group aimed at standardizing authentication methods online. Does this sound a little bit like the infamous xkcd 927? Yes, yes it does. But thanks to the monopolistic nature of devices, it might work this time. Apple supports the FIDO specs and coined the term passkeys, which has caught on. Passkeys are generated cryptographic keys managed by your device (usually your phone). They’re easy to create—you don’t need to do anything, your device handles the details. Your passkeys are stored on your device and protected by either biometrics or PINs. Since passkeys are generated key pairs instead of passwords, there's nothing to remember. If you are familiar with GPG keys, they're somewhat similar in that there's a public and private key; the website you want to log in to has a public key and sends it to your device. Your device compares that to the private key it has and you're signed in (or not if the keys don't match). While passkeys aren't a radical departure, they're still an improvement by virtue of being a preinstalled tool for people who aren't going to read this article and immediately sign up to use one of the services below. If millions of people suddenly stop using 12345678 as a password, that's a win for security. Almost all of the apps we've suggested here can store passkeys, which means you can store your passkeys right alongside your passwords. Our two favorites, Bitwarden and 1Password, can generate, save, store, and sync passkeys. You can even log in to Bitwarden using a passkey, which pretty much eliminates the need for a password at all. Once you have a passkey stored, it will automatically sync to all your devices the same way Bitwarden and 1Password sync your passwords. When you return to that site, your password manager will log you in using the passkey you generated. Think of passkeys as credit cards next to the cash (passwords) in your wallet. It's possible that one day passkeys will work everywhere and there will be no passwords, no password managers. In the mean time we think it's better to stick with a password manager, even if all you're doing with that manager is storing passkeys. Password Manager Perks (and Tips) A good password manager stores, generates, and updates passwords for you with the press of a button. If you’re willing to spend a few dollars a month, a password manager can sync your passwords across all of your devices. Here’s how they work. Only one password to remember: To access all of your passwords, you only have to remember one password. When you type that into the password manager, it unlocks the vault containing all of your actual passwords. Only needing to remember one password is great, but it means there’s a lot riding on that password. Make sure it’s a good one. If you’re having trouble coming up with that one password to rule them all, check out our guide to better password security. You might also consider using the Diceware method for generating a strong master password. Apps and extensions: Most password managers are full systems, rather than a single piece of software. They consist of apps or browser extensions for each of your devices (Windows, Mac, Android phones, iPhone, and tablets), which have tools to help you create secure passwords, safely store them, and evaluate the security of your existing passwords. All that information is then sent to a central server where your passwords are encrypted, stored, and shared between devices. Fixing compromised passwords: While password managers can help you create more secure passwords and keep them safe from prying eyes, they can’t protect your password if the website itself is breached. That doesn’t mean they don’t help in this scenario though. All the cloud-based password managers we discuss offer tools to alert you to potentially compromised passwords. Password managers also make it easier to quickly change a compromised password and search through your credentials to ensure you didn’t reuse any compromised passwords. You should disable auto form-filling: Some password managers will automatically fill in and even submit web forms for you. This is super convenient, but for additional security, we suggest you disable this feature. Automatically filling forms in the browser has made password managers vulnerable to attacks in the past. For this reason, some, like 1Password, require you to opt into this feature. We suggest you do not. Don’t panic about hacks: Software has bugs, even your password manager. The question is not what to do if it becomes known that your password manager has a flaw, but what you do when it becomes known that your password manager has a flaw. The answer is, first, don’t panic. Normally bugs are found, reported, and fixed before they’re exploited in the wild. Even if someone does manage to gain access to your password manager’s servers, you should still be fine. All of the services we list store only encrypted data, and none of them store your encryption key, meaning all an attacker gets from compromising their servers is encrypted data. Best for Most People Bitwarden Photograph: Bitwarden Bitwarden (9/10, WIRED Recommends) is secure, open source, and free with no limits. The applications are polished and user-friendly, making the service the best choice for most users. Did I mention it’s open source? That means the code that powers Bitwarden is freely available for anyone to inspect, seek out flaws, and fix. In theory, the more eyes on the code, the more airtight it becomes. Bitwarden was also audited for 2023 by a third party to ensure it’s secure. You can install it on a local server for easy self-hosting if you prefer to run your own cloud. There are apps for Android, iOS, Windows, macOS, and Linux, as well as extensions for all major web browsers. Bitwarden also supports Windows Hello and Touch ID on its desktop apps for Windows and macOS, giving users the added security of those biometric authentication systems. The web interface (which I frequently use) recently underwent a redesign, which makes it much cleaner and easier to use. Bitwarden supports passwordless authentication, meaning you can log in with a one-time code, biometric authentication, or a security key. Bitwarden also has excellent support for passkeys, including the ability to log into Bitwarden with a passkey, which means you don't need to use your username or password even to open your vault. There’s also some extras, like a feature to securely share files (called Bitwarden Send), an authenticator app (paid only), and an extremely active and helpful community. I like Bitwarden’s semi-automated password fill-in tool. If you visit a site you’ve saved credentials for, Bitwarden’s browser icon shows the number of saved credentials from that site. Click the icon, and it will ask which account you want to use and then automatically fill in the login form. This makes it easy to switch between usernames and avoid the pitfalls of autofill. If you simply must have your fully automated form-filling feature, Bitwarden supports that as well. Bitwarden offers paid upgrade accounts. The cheapest of the bunch, Bitwarden Premium, is $10 per year. That gets you 1 GB of encrypted file storage and two-factor authentication with devices like YubiKey, FIDO U2F, and Duo, plus a password hygiene and vault health report. You also get priority customer support with a paid account. After signing up, download the app for Windows, macOS, Android, iOS, or Linux. There are also browser extensions for Firefox, Chrome, Safari, Edge, Vivaldi, and Brave. Best Upgrade 1Password Courtesy of 1Password What sets 1Password apart from the other options in this list is the number of extras it offers. Like other password managers, 1Password has apps for every major platform, including macOS, iOS, Android, Windows, Linux, and ChromeOS. There’s even a command-line tool that will work anywhere. There are plug-ins for your favorite web browser, which makes it easy to generate and edit new passwords on the fly. I still find BitWarden to be a more economical choice for most people, but 1Password has some very nice features you won't find elsewhere. If you frequently travel across national borders, you’ll appreciate my favorite perk: Travel Mode. This mode lets you delete any sensitive data from your devices before you travel and then restore it with a click after you’ve crossed a border. This prevents anyone, including law enforcement at international borders, from accessing your complete password vault. It's worth noting that 1Password uses a combination of two keys to unlock your account: your password and an additional generated secret key. While that does add a layer of security that will protect against weak passwords, it also means part of what you need to unlock your passwords is something you did not create. 1Password does make sure you have this key as an item in your “emergency kit,” but I still prefer pairing a self-generated password with a Yubikey. In addition to being a password manager, 1Password can act as an authentication app like Google Authenticator. For added security, it creates a secret key to the encryption key it uses, meaning no one can decrypt your passwords without that key. The downside is that if you lose this key, no one, not even 1Password, can decrypt your passwords. (This can be mitigated by setting up a custom group with the “Recover Accounts” permission.) 1Password also offers tight integration with other mobile apps. Rather than copying and pasting passwords from your password manager to other apps (which puts your password on the clipboard, at least for a moment), 1Password is integrated with many apps and can autofill. This is more noticeable on iOS, where inter-app communication is more restricted. After signing up, download the app for Windows, macOS, Android, iOS, Chrome OS, or Linux. There are also browser extensions for Firefox, Chrome, Brave, and Edge. Best Full-Featured Manager Dashlane Courtesy of Dashlane Dashlane offers most of what you'll find in our other picks. The company doesn’t offer a desktop app, but I primarily use passwords in the web browser anyway, and Dashlane has add-ons for all the major browsers, along with iOS and Android apps. If a desktop app is important to you, that omission is something to be aware of, but in my testing, it isn't a big deal. Dashlane uses the same AES 256-bit encryption in a zero-knowledge system, which means passwords are only ever decrypted on your device. Dashlane uses multifactor authentication if you want, via an authenticator app or a hardware key like the Yubikey. Dashlane is considerably more expensive than Bitwarden or 1Password, but that extra money does get you some additional security features, like Site Breach Alerts, which let you know if any web services you use have leaked your data. Dashlane also actively monitors the darker corners of the web, looking for leaked or stolen personal data, and it alerts you if your information has been compromised. There's even a Phishing Alert system that will stop you from entering credentials on a site with a spoofed URL. This last feature is incredibly useful if you happen to be setting up less tech-savvy relatives or friends with a password manager. Dashlane's phishing protection can save them from themselves. Dashlane also offers a VPN through Hotspot Shield VPN. I have not tested the Dashlane integration, but in testing Hotspot Shield on its own, I've always found it too slow to recommend in my VPN guide. Setup and migration to Dashlane from another password manager is simple, and you’ll use a secret key to encrypt your passwords, much like BitWarden’s setup process. In practice, Dashlane is very similar to the others on this list. Dashlane offers a 30-day free trial, so you can test it out before committing. After signing up, download the app for Android and iOS, and grab the browser extensions for Firefox, Chrome, and Edge. Best for Bundled Services NordPass Photograph: Nordpass You might know Nord better for its VPN service, but the company also offers a password manager, NordPass, and a pretty nice online storage system, NordLocker. A part of the appeal of NordPass comes in bundling it with the company's other services for some compelling deals. As a password manager, NordPass offers everything you need. It uses a zero-knowledge setup in which all data is encrypted on your device before it’s uploaded to the company’s servers. Unlike most services here, NordPass uses XChaCha20 for encryption. It would require a deep dive into cryptography to get into the differences, but the short story is that it's just as secure and maybe slightly faster. There’s also a personal information storage feature to keep your address, phone number, and other personal data safe and secure, but easy to access. NordPass also offers an emergency access feature, which allows you to grant another NordPass user emergency access to your vault. It works just like the same feature in 1Password, allowing trusted friends or family to access your account if you cannot. Other nice features include support for two-factor authentication to sign in to your account, as well as security tools to evaluate the strength of your passwords and alert you if any of your data is compromised. Note that NordPass Premium is theoretically $3 a month, but there are always sales that bring that much lower. The downside, and my one gripe about all Nord services, is that there is no monthly plan. As noted above, the best deal comes in combining NordPass, NordVPN, and NordLocker for a bundled deal. After signing up, download the app for Android and iOS, and grab the browser extensions for Firefox, Chrome, and Edge. Best DIY Options (Self-Hosted) Want to retain more control over your data in the cloud? Sync your password vault yourself. The services below do not store any of your data on their servers. This means attackers have nothing to target. Instead of storing your passwords, these services use a local vault to store your data, and then you can sync that vault using a file-syncing service like Dropbox, NextCloud, or Edward Snowden’s recommended service, SpiderOak. There are two services to keep track of in this scenario, making it a little more complex. But if you’re already using a file-syncing file service, this can be a good option. Enpass Courtesy of Enpass Enpass does not store any data on its servers. Syncing is handled through third-party services. Enpass doesn’t do the syncing, but it does offer apps on every platform. That means once you have syncing set up, it works just like any other service. And you don’t have to worry about Enpass being hacked, because your data isn’t on its servers. Enpass supports syncing through Dropbox, Google Drive, OneDrive, iCloud, Box, Nextcloud, or any service using WebDAV. Alas, SpiderOak is not currently supported. You can also synchronize your data over a local WLAN or Wi-Fi network. All of the features you expect in a password manager are here, including auto-generating passwords, breach-monitoring, biometric login (for devices that support it), auto-filling passwords, and options to store other types of data, like credit cards and identification data. There’s also a password audit feature to highlight any weak or duplicate passwords in your vault. One extra I particularly like is the ability to tag passwords for easier searching. Enpass also makes setting up the syncing through the service of your choice very easy. Enpass recently added support for passkeys. Enpass is free to use on Windows, Mac, and Linux. The mobile version syncs up to 25 items in one vault for free. For more than that, you’ll want to sign up for the paid service. After signing up, download the app for Mac, Windows, Linux, Android, and iOS, and grab the browser extensions for Chrome, Vivaldi, Edge, and Firefox. KeePassXC Courtesy of KeePassXC KeePassXC works like Enpass above. It stores your passwords in an encrypted digital vault that keeps you secure with a master password, a key file, or both. You sync that database file yourself using a file-syncing service. Once your file is in the cloud, you can access it on any device that has a KeePassXC client. Like Bitwarden, KeePassXC is open source, which means its code can be and has been inspected for critical flaws. If you’re an advanced user and comfortable handling your own issues and support, KeePassXC makes a great choice. The downside of KeePassXC is that it doesn’t have official mobile clients. However, third-party apps are available for iOS and Android. Download the desktop app for Windows, macOS, or Linux and create your vault. There are also extensions for Firefox, Edge, and Chrome. The project does not offer apps for phones. Instead, it recommends KeePass2Android or Strongbox for iPhone. Other Good Password Managers Courtesy of Keeper Password managers are not a one-size-fits-all solution. Our top picks cover most use cases and are the best choices for most people, but your needs may be different. Fortunately, there are plenty of good password managers out there. Here are some more we’ve tested and like. Keeper offers a variety of security-related tools, including a password manager. Keeper works much like 1Password and others, storing only your encrypted data, and it offers two-factor authentication for logging in to your account. Like Dashlane, Keeper has a lot of extras, including dark-web monitoring, meaning it will check publicly posted data to make sure yours isn’t available. RoboForm has most of the same features as the rest on this list, but it lacks some of the things that differentiate our top picks, like Bitwarden’s open source aspect and 1Password’s travel features. I’ve been testing the free plan for a while and haven’t run into any problems. There are apps for every common platform, and it’s easy to use. RoboForm recently completed an independent security audit and came out looking good. Pass is a command-line wrapper around GPG (GNU Privacy Guard), which means it is only for the nerdiest users. It supports managing encrypted .gpg files in Git, and third-party mobile apps are available. It’s not for everyone. For years, this was my password manager of choice, but eventually, Bitwarden's ease of use won me over. LastPass has had more bad security breaches than any other service on this page, which led us to remove it from our top picks. Since then, the company has changed hands and appears to be better security-wise, which is good because many people still use it. That said, there is nothing about LastPass that makes it a more compelling choice than Bitwarden, 1Password, or the others mentioned in this guide. How We Test The best and most secure cryptographic algorithms are all available via open source programming libraries. On the one hand, this is great, as any app can incorporate these ciphers and keep your data safe. Unfortunately, any encryption is only as strong as its weakest link, and cryptography alone won’t keep your passwords safe. This is what I test for: What are the weakest links? Is your master password sent to the server? Every password manager says it isn’t, but if you watch network traffic while you enter a password, sometimes you find, well, it is. I also dig into how mobile apps work: Do they, for example, leave your password store unlocked but require a PIN to get back in? That’s convenient, but it sacrifices too much security. No password manager is perfect, but the ones above represent the best I’ve tested. They’re as secure as they can be while remaining easy to use. Source Hope you enjoyed this news post. Thank you for appreciating my time and effort posting news every day for many years. News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of February): 874 RIP Matrix | Farewell my friend

Apps like 1Password will soon natively autofill forms on websites in Chrome. Google is updating Chrome on Android next month to greatly improve how password mangers operate inside the mobile browser. Chrome on Android will allow third-party password managers to natively autofill forms on websites, improving the experience of apps like 1Password, Dashlane, and others. Google offers its own password manager in Chrome, alongside passkeys and autofill support for information like your address and payment card data. While you can set a preferred autofill service on Android, it uses a compatibility mode inside Chrome that makes it feel super glitchy for third-party password managers. I regularly swap between iOS and Android devices, and using 1Password on iOS feels like a far better experience in Chrome even though it still doesn’t match the superior integration into Safari. Google admits its current Chrome on Android offering results in “janky page scrolling” and potential duplicate suggestions from Google and a third-party password manager. “With this coming change, Chrome on Android will allow third-party autofill services to natively autofill forms giving users a smoother and simpler user experience,” says Eiji Kitamuram, a developer advocate on the Google Chrome team. “Third-party autofill services can autofill passwords, passkeys and other information like addresses and payment data, as they would in other Android apps.” You can start testing this new functionality in Chrome 131 and later. After setting up a third-party password manager as your preferred autofill service you’ll need to toggle a Chrome flag to get the new autofill experience. All Chrome on Android users will get this new experience on November 12th when Chrome 131 is scheduled to enter the stable channel. Source RIP Matrix | Farewell my friend Hope you enjoyed this news post. Thank you for appreciating my time and effort posting news every day for many years. 2023: Over 5,800 news posts | 2024 (till end of September): 4,292 news posts

Is there a future for third-party password manager apps now that Apple has its own? Password managers are essential. They keep track of your passwords, encourage better security practices, and generally help to manage your life across your devices. They’re the kind of feature that really should be built into every device — and Apple is massively expanding their reach with the launch of its new Passwords app, announced this week at WWDC. We have companies like 1Password and LastPass to thank for the popularity of today’s password managers. But an announcement like Apple’s puts them in a tough position: now that Apple has a free, built-in Passwords app, is there a future for the third-party apps that defined the space? So far, the leaders behind those apps think there is. “You’ve got to have the ability to not only go across browsers and apps, but also across multiple devices running multiple operating systems,” says LastPass CEO Karim Toubba. Password managers have long competed against platform owners Password managers have been competing against platform owners for a long time. Google has a password manager tied to your account that can sync your passwords across Chrome and Android, and Microsoft’s Edge has a built-in password manager, too. But the big advantage of third-party password managers has been compatibility with a wide range of platforms. They are also generally more robust than first-party offerings. Although those additional features often come at a cost, paying for a widely accessible password manager is usually worth the price. Apple’s Passwords app is mostly focused on Apple products — it will be available on iPhone, iPad, Mac, and the Vision Pro — though you’ll also be able to access it on Windows via the iCloud for Windows app. Notice that Google is missing from that list; Apple didn’t say anything about Passwords support for Android, the most-used mobile operating system in the world, or Chrome, the most popular web browser in the world, despite the fact that there is currently an iCloud Passwords app available on the Chrome Web Store. Apple didn’t reply to a request for comment. That lack of broad platform support could mean Apple’s Passwords app isn’t as obvious of a choice as it might seem. All four of the companies I talked to — LastPass, Dashlane, Bitwarden, and Proton — zeroed in on the importance of cross-compatibility. (1Password declined to comment.) “What users appreciate most about Dashlane is that it seamlessly works across any platform, any device, any time,” says Dashlane chief product officer Donald Hasson. “The vast majority of our users have Dashlane on multiple platforms. Having options, especially when it comes to where and how you save your credentials, is key.” “Apple’s track record with cross-platform support, such as the limited functionality of iCloud for Windows and conflicts with Google over SMS standards, raises concerns about the usability of their Passwords app across different platforms,” says Proton Pass product lead Son Nguyen. The makers of password managers have also found that their users tend to stick around. “Once people start to get real value out of the application, it’s actually extremely sticky,” says LastPass CEO Toubba. Apple’s Passwords app could be great for anyone who is deep in the company’s ecosystem and primarily uses Apple devices. Even better, the Passwords app is free. But I think third-party password managers will be fine. If you need to access your passwords across a range of devices and platforms, Apple’s Passwords app may not cut it. Source Hope you enjoyed this news post. Thank you for appreciating my time and effort posting news every single day for many years. 2023: Over 5,800 news posts | 2024 (till end of May): Nearly 2,400 news posts

WhatsApp users may set up the application to create automatic backups of their data; this is useful for several purposes, including moving from one device to another without losing all messages and other data in the process. The messaging service supports end-to-end encrypted backups since 2021, which protect backups with a custom password that the user selects. This resolves the issue that WhatsApp backups are not encrypted during transport from the device to the cloud storage. Soon, WhatsApp will ask users to type the password for their backups regularly. It is a security precaution to make sure that users have not forgot their passwords. To continue, WhatsApp users need to type the backup password and hit the continue button. In the case that they forgot the password, they may select "turn off encrypted backups" instead. Later, they may restore encrypted backup functionality by setting a new password in WhatsApp. Wabetainfo discovered the new feature. It is available in the latest versions of WhatsApp for Android and iOS, and will roll out to more users in the coming weeks. Closing Words WhatsApp is already using a similar prompt to make sure that two-factor authentication is working correctly. It is unclear what is going to happen to previous backups if the user can't remember the password anymore. Now you: do you use WhatsApp's backup feature? WhatsApp latest security feature may be a nuisance for password manager users