What is the best password manager?

Gen­er­at­ing a password that is truly secure is no easy task. Finely tuned software can easily work out simple patterns, granting cyber criminals access to your most sensitive data within a matter of seconds.

The primary safeguard in any password pro­tec­tion strategy is password gen­er­a­tors. This is because of their ability to produce intricate passwords using a blend of letters, numbers and symbols. While these passwords are chal­leng­ing to decipher, they can also be hard to recall. Password managers play a crucial role in managing and storing these complex passwords.

What password managers are there? A com­par­i­son

Password managers can make everyday business and ac­tiv­i­ties on the internet more secure. If you use a lot of ap­pli­ca­tions with logins or work with con­fi­den­tial, sensitive in­for­ma­tion, security programs cannot only provide you with practical pro­tec­tion, they can also simplify your login processes. However, before you can create a cus­tomized password system, you first need to find the right password manager. But this is easier said than done given the large selection of solutions, which includes both pro­pri­etary and open-source tools.

To find the right tool, you should consider what re­quire­ments the software needs to fulfill. An important factor is whether the manager should run ex­clu­sive­ly on a local computer or whether you also want to run it on an external device via a mobile storage medium (for example, a USB stick).

Another crucial factor is whether you want the tool to have a generator function or not. Password manager tools also differ in terms of al­go­rithms. Personal pref­er­ences play an important role here as well. Whatever tool you decide on, you should make sure that it uses an up-to-date en­cryp­tion method.

The storage location of the password database is also an important factor when deciding on a password manager. Some programs au­to­mat­i­cal­ly store passwords in the provider’s cloud, which enables constant avail­abil­i­ty. However, you only have maximum control over your own passwords with solutions that allow them to be saved locally on your own system.

An overview of the best password managers

The various criteria outlined above demon­strate just how important it is to inform yourself before deciding which password manager is best for you. If you jump the gun, you could end up choosing a pro­pri­etary program pre­ma­ture­ly, only to later find out that it’s not possible to use the provider’s cloud. This will result in you having to pay for a tool that you really have no use for and have no intention of using. On the other hand, quickly jumping into an open-source product is not without its own risks. Using an un­re­li­able provider could quickly put your passwords and the in­for­ma­tion they protect in jeopardy. Here are several password managers compared:

In order to assist you with finding a password manager, we’ve done some research on several in­ter­est­ing con­tenders. In our eval­u­a­tion, we focused on cost, license model, flex­i­bil­i­ty and special features in par­tic­u­lar.

KeePass

One highly rec­om­mend­ed password manager is the open-source solution KeePass, which was released in 2003 by Dominik Reichl. Since then, this GPL licensed program has been con­tin­u­ous­ly developed by its very active community. Nowadays there are over 45 different language packs as well as countless plugins which you can add to the KeePass base model. In addition to the official versions for Windows, macOS and Linux, there are other ports for mobile operating systems like Windows Phone (e.g. WinPass, WinKee, 7Pass), iOS (e.g. iKeePass, Mini­KeeP­ass, MyKeePass) and Android (e.g. KeeP­ass­Droid, KeePass2Android, KeepShare). To use the password manager tool, you either need to install it onto the desired system or copy it as a portable version onto a USB stick.

KeePass is an im­pres­sive password manager and, unlike other solutions, enables two-factor au­then­ti­ca­tion and en­cryp­tion of the entire password database, among other things. AES or the Twofish algorithm are available for this. When it comes to the pro­tec­tion of in­di­vid­ual passwords, KeePass uses the hash algorithm SHA-256.

Users have three pos­si­bil­i­ties for accessing the database: a classic master password, a Windows account or the key file variable. According to the developer, the last of these options is the safest of the three. However, with the last option, you’ll always need to have the key file with you (for example, on a USB stick or a CD). It’s also possible to use a com­bi­na­tion of the main password and a key file. Other features of this password manager are:

• Various export formats like TXT, HTML, XML and CSV
• Over 35 import formats
• Password cat­e­go­riza­tion possible
• Time spec­i­fi­ca­tions for the time of creation, the last mod­i­fi­ca­tion, the last login and password(s) ex­pi­ra­tion
• Search and filter function
• Personal plugin framework available

KeePass makes a good im­pres­sion and not just because of its com­pre­hen­sive database functions. Its in­te­grat­ed password generator allows you to quickly create secure passwords for logins. In the settings, you can determine the length of the generated passwords along with the un­der­ly­ing character set (uppercase letters, lowercase letters, numbers, special char­ac­ters, etc.). Al­ter­na­tive­ly, you can also select a pattern or your own algorithm as a basis for these.

Password Safe (MATESO)

The software Password Safe, published in 1998, is available in various fee-based editions, whereby the offer is primarily tailored to SMEs and large companies. MATESO is now part of the U.S. IT security company Netwrix, meaning that ad­di­tion­al editions are now offered, including smaller versions for private in­di­vid­u­als. A demo version can also be requested. Here is a summary of the plans that they offer:

• Netwrix Auditor for Active Directory: The entry-level Starter edition provides basic Active Directory activity mon­i­tor­ing ca­pa­bil­i­ties and can be extended with the Standard and En­ter­prise editions to include features such as real-time mon­i­tor­ing, com­pli­ance and analysis of AD activity.
• Netwrix Auditor for Azure AD: Similar to Active Directory, Netwrix offers different editions for Azure AD mon­i­tor­ing, cus­tomized to the needs of different companies.
• Other plans such as Netwrix Auditor for Office 365, Netwrix Data Clas­si­fi­ca­tion or Netwrix Data Access Gov­er­nance provide mon­i­tor­ing and security ca­pa­bil­i­ties for Office 365 ap­pli­ca­tions, data clas­si­fi­ca­tion and labeling, as well as data access mon­i­tor­ing and man­age­ment to minimize security risks.

According to the company, over 10,000 companies worldwide work with this feature-rich password manager. The program runs on all common Microsoft operating systems (starting with Windows 7) and is also available as an app for iOS, Windows Phone and Android. In all paid versions, Password Safe can be installed or used via a USB stick.

Password Safe is based on a clear folder system, making it easy to keep track of all entries in the password manager database.

Password Safe demon­strates its company-oriented nature through the wealth of multi-user features available in all the pro­fes­sion­al editions. One such feature is a cen­tral­ized team database, which you can easily set up role-based access control for. It’s also possible to require an ap­pro­pri­ate reason for password retrieval. Database and password security is ensured by AES 256, PBKDF2 and RSA 4096 en­cryp­tion (for long-term keys).

You can establish a con­nec­tion to the database by entering a master password or using a key file. Depending on the edition, you can also combine both methods to further increase the level of security. Some ad­di­tion­al features of the password manager are:

• Cloud-enabled through end-to-end en­cryp­tion
• Database firewall in some versions
• Cus­tomiz­able dashboard
• In­tel­li­gent search and filter functions
• Virtual keyboard for keylogger pro­tec­tion
• Automatic live backups

LastPass

Since its inception in 2008, LastPass has been providing a password man­age­ment service to securely store and manage passwords for daily online ac­tiv­i­ties. This tool operates through various browsers, including Google Chrome, Firefox, Safari, Opera and Microsoft Edge, and can be added as an extension to your browser’s toolbar. LastPass also offers versions for mobile devices such as Windows Phone, Android and iOS. The basic web ap­pli­ca­tion is available for free. Ad­di­tion­al­ly, private users can opt for the premium plan, and busi­ness­es can choose from two plans that offer ad­di­tion­al features for a small monthly fee.

The password database, which in LastPass is known as the “Vault”, can be accessed at any time and on any of your devices. You can access the Vault via the button in the browser bar or the web ap­pli­ca­tion. Passwords are protected by AES 256-bit en­cryp­tion and 600,000 rounds of PBKDF2-SHA-256 hashing with salting.

En­cryp­tion always takes place at the level of the in­di­vid­ual device. This means that the master password and coding/decoding key is always saved locally and is never sent to the LastPass server. On top of this, you can choose from several multi-factor au­then­ti­ca­tion options, for example, an SMS code or ad­di­tion­al hardware com­po­nents. LastPass also offers the following features as well:

• Automatic password entry
• Support for fin­ger­print au­then­ti­ca­tion
• Secure release of passwords
• Password vault syn­chro­nizes au­to­mat­i­cal­ly with all devices
• In­te­grat­ed password generator
• 1 GB encrypted file storage space (Premium edition)

The business plan from LastPass equips companies with enhanced and cen­tral­ized ad­min­is­tra­tive tools for managing various employee access rights. Each employee receives a personal password vault, which they manage in­de­pen­dent­ly. For larger or­ga­ni­za­tions, the En­ter­prise version provides ad­di­tion­al benefits such as dedicated customer support in addition to other features. Fur­ther­more, companies can establish their own security policies and receive access to the password manager’s API.

1Password

After AgileBits was founded in 2006 with the intention of de­vel­op­ing in­no­v­a­tive web products for busi­ness­es, the people behind the software soon realized that, with their internal tool for the man­age­ment of passwords and formula in­for­ma­tion, they already had a great idea right in front of them. Since then millions of happy users have worked with this password manager, which they named 1Password.

The fee-based ap­pli­ca­tion is available for the desktop systems macOS and Windows, as well as for the mobile operating systems Android and iOS. Thanks to the browser ex­ten­sions for Google Chrome, Opera, Firefox and Safari, it’s also possible to use 1Password across other platforms.

1Password uses end-to-end en­cryp­tion (AES-256) to secure all imported contact in­for­ma­tion and passwords. This data is encrypted before it leaves your device. Ad­di­tion­al­ly, en­cryp­tion keys are safe­guard­ed by the master password and are further secured by a locally stored 128-bit security key.

You’ll au­to­mat­i­cal­ly receive the access key to the provider’s server as soon as you finish reg­is­ter­ing for the password manager. Even if hackers manage to make it onto this server, which like the web ap­pli­ca­tion itself is hosted on Amazon Web Services (AWS), your data will still remain encrypted. There are also several other features which make 1Password stand out as a password manager tool:

• Offline access available
• Automatic syn­chro­niza­tion with all devices in use
• Automatic eval­u­a­tion of the security level of all passwords
• Easy in­te­gra­tion of existing logins
• Per­son­al­ized shortcuts for automatic reg­is­tra­tion
• Grouping of passwords possible (file or day system)

This password manager tool offers its own generator for creating secure passwords. It is possible to adjust the settings in relation to length, pro­nounce­abil­i­ty and even desired char­ac­ters and symbols. The generator can also be used to create new passwords for accounts that already exist.

Various licensing options are available for 1Password. In­di­vid­ual users are ad­e­quate­ly served by the standard edition (for one person) or the family plan (for up to five people). Agencies and cor­po­ra­tions have the choice of two business plans: Teams (for up to 10 team members) and Business (suitable for small to large en­ter­pris­es), which include ad­di­tion­al features like an ad­min­is­tra­tive console, advanced access control and dedicated account man­age­ment.

Dashlane

In 2012, the American company Dashlane released the pro­pri­etary tool of the same name, which is regarded as being one of the most suc­cess­ful solutions available on the market today. After a free trial, you can opt to continue with a fee-based version of the software. Dashline offers two versions for private in­di­vid­u­als (Premium/Friends and Family) as well as two versions for companies (Business/En­ter­prise). The latter include features for shared use such as a central ad­min­is­tra­tion console and a password sharing option. In addition to desktop versions for Windows and macOS as well as apps for iOS and Android, there are plugins for Chrome, Firefox, Safari, Opera and Edge. These plugins allow users to integrate Dashlane into the internet browser of their choice.

Dashlane’s user interface is divided up into three sections: Password Manager, Wallet and Contacts. Under the heading Password Manager, you’ll find the reg­is­tered passwords (AES-256 encrypted). The software also au­to­mat­i­cal­ly im­ple­ments already existing login data. Under the menu heading Wallet, you can save personal contact in­for­ma­tion, payment receipts and document copies (e.g., IDs or driving licenses). The Contacts section contains all features required for communal use of the password manager tool.

One standout feature of Dashlane is the password changer, which enables the automatic update of passwords on any supported websites. Dashlane can au­tonomous­ly log in to a specific web project and handle the password update. Ad­di­tion­al­ly, users can access the security dashboard and create personal, password-protected notes. Other features include:

• Automatic com­ple­tion of forms and login sections
• Security warnings for unsafe passwords
• Password cat­e­go­riza­tion
• Various in­ter­faces for importing passwords (this includes for browsers like Chrome and Firefox, but also for other tools like KeePass, LastPass or 1Password)
• Data exporting (Excel or CSV format as well as in your own dashboard format)
• Password expiry

As with many of its password manager coun­ter­parts, Dashlane has an in­te­grat­ed generator, which you can create passwords of up to 28 char­ac­ters in length with. You can also choose whether letters, numbers, symbols, upper-case or lower-case letters (or both) should be used.

In addition, you can syn­chro­nize the data and passwords that you enter across devices so that you can access the in­for­ma­tion anytime and anywhere. Dashlane also offers the option of two-factor au­then­ti­ca­tion. In this case, the standard master password is combined with a U2F-YubiKey, which is located on an external storage medium.

What risks are there with password managers?

Password managers are useful for creating and main­tain­ing secure passwords. However, issues may occur if the master password is misplaced or forgotten. In these sit­u­a­tions, users will be locked out and unable to access their secured ap­pli­ca­tions.

You are always reliant on the database that has been es­tab­lished. With local in­stal­la­tions, the benefits of password managers are limited to your home PC. When you opt for a mobile or cloud solution, the security risk in­her­ent­ly rises. This is due to the fact that none of these solutions offer 100% pro­tec­tion.

Are “homemade” passwords a viable al­ter­na­tive?

If you want to maintain in­de­pen­dence from databases and software, you have to depend on your own memory. A practical approach involves using a password system where you adapt a secure master password based on a specific pattern for each website you visit. Simple memory tactics can help you memorize the master password. Read more about these in our article “How to choose a strong password”.