Everyone has a seemingly endless number of accounts that require login credentials. This creates a lot of opportunities for hackers to gain access to company resources because users often reuse passwords or mirror patterns in creating them.
For enterprise organizations with a large workforce that must access a wide variety of applications and databases, the risk is exponentially greater. The recent boom in remote work due to the Covid-19 pandemic has further amplified the need to secure network endpoints, in which effective password management plays a big role. Password manager tools allow organizations and their employees to seamlessly and securely handle login credentials. With these tools, all passwords for an account are stored in a unique, encrypted vault only accessible using a key that the individual user possesses.
“Passwordless” management solutions are the best option, as they not only secure all access points that require users to log in but also eliminate the need for employees to remember any passwords. It’s not uncommon for employees to record passwords in other locations to help them keep track, which also opens the door for attackers to find them. Passwordless managers actually eliminate the use of passwords and instead rely on biometrics and integrations to provide a more secure and seamless experience for users.
Top Password Managers
The password managers in this list each have their own advantages, but all of them include the following key features:
- Strong encryption to protect data on a device, on the vendor’s servers, and for data-in-motion
- Password auto-filling
- Multi-factor authentication
- Unlimited password storage
- Sync across different browsers, applications and devices
1Password is available across all major platforms, including Windows, macOS, iOS, Android and popular web browsers. However, it has a Mac-centric approach and provides an overall better experience for Mac and iOS. The company has also announced plans to expand 1Password to Linux systems.
This solution offers true two-factor authentication and impressive encryption capabilities. It creates a secret key that is the only method for decrypting passwords. The downside here is that the encryption is so secure that if a user loses this key, not even the vendor itself will be able to decrypt the password vault.
What really sets 1Password apart from the competition is its Travel mode feature. When this is enabled while a user is traveling, all sensitive data stored in the app is temporarily deleted. Once Travel mode is turned off, all of that information is then restored. With this feature, thieves and law enforcement alike will be unable to access your password vault.
For the more tech-savvy users, 1Password includes a command-line tool for further customization. The company has also announced plans to expand 1Password to Linux systems.
1Password is a relatively affordable option priced at $36 per year.
- Apps for Windows, macOS, Android, iOS, and popular browsers
- True two-factor authentication
- Travel Mode
Bitwarden is free, open source software that can stand up to commercial alternatives. This option is best suited for experienced IT professionals and programmers who want to make use of the benefits of an open source platform, such as inspecting code, seeking out flaws and developing their own fixes. To ensure its security posture, Bitwarden is audited by a third party.
Bitwarden is available for Android, iOS, macOS, Windows, Linux and all major web browsers. It even supports more obscure browsers, such as Opera, Brave and Vivaldi. Windows Help and Touch ID for desktop apps are also supported to boost security with biometrics.
This password manager tool is also a good option for users who may use multiple logins for the same applications or websites. It offers full autofill capabilities, but also offers semi-automated password fill-ins. This means that when logging in, Bitwarden will show you all of the logins saved for that property for you to choose from, making it easy to switch between accounts.
Part of Bitwarden’s appeal is that it’s free and open source. However, there is a premium version, at just $10 per year. This upgrade offers 1 GB of encrypted file storage, two-factor authentication with YubiKey, FIDO and Duo, as well as priority customer support.
- Open source
- Semi auto-fill in capabilities
Dashlane is an easy-to-use, highly navigable password manager solution. Similar to 1Password, Dashlane also uses a secret key to encrypt passwords, adding another layer of valuable security.
This tool shares all of the typical functionality of a password manager but has a large focus on identifying security breaches. The Site Breach Alerts feature continuously monitors the dark web, searching for compromised and stolen personal information. Users will receive alerts if any are discovered, prompting them to take steps to remediate the issue, such as updating all existing passwords.
One downside to Dashlane is that in order to be able to sync data across devices, you’ll need to upgrade to the premium version, coming in at around $120 per year. But with this version, you will also gain access to add-ons, such as a free VPN and the dark-web monitoring mentioned previously. You will also be given discounts on credit monitoring, identity-theft insurance and restoration assistance.
If breaches to Dashlane’s servers are a concern, it also offers the option to store all encrypted password data locally rather than with the company itself.
- Site Breach Alert for dark web monitoring
- Add-ons that go beyond password management (VPN, multiple device sync, discounts on services)
- Intuitive interface
Keeper Password Manager & Digital Vault
Keeper Password Manager & Digital Vault leads the pack in having a well-designed, robust user interface. It’s intuitive to use and makes it easy to access all of Keeper’s rich features with just a few clicks.
Keeper uses military-grade encryption that can stand up to some of the most advanced cyberattacks. It also uses the zero-knowledge approach, encrypting data on your device and not on the company’s server. KeeperDNA is a proprietary two-factor authentication tool but it also supports SMS, Google and Microsoft authenticator (TOTP), RSA SecurID, Duo Security and YubiKey U2F.
Switching to Keeper from another password manager is also made simple. The tool supports importing data from other popular solutions, including 1Password, Dashlane, Zoho and more, as well as from built-in browser password managers. Export is available to PDF, .csv or .json file.
Keeper starts at $2.91 per month but for an additional cost, the company offers some impressive features. The KeeperChart is a secure messaging service that will erase all messages after they’re sent. It also offers Breach Watch, a dark web scanner that identifies compromised personal data. You can also upgrade to get 10 GB of secure cloud storage for any kind of file.
- Intuitive user interface
- Secure messaging
- Multiple two-factor authentication options
LastPass supports virtually all platforms and web browsers with extensions for Chrome, Safari, Firefox, Opera and Edge. This tool has gained popularity due to its compatibility, ease-of-use and rich set of features included with the free version.
The free version offers many of the features most users will need, such as two-factor authentication, form-filling and the ability to share passwords with family members. It also offers monitoring capabilities to identify compromised personal data. Upgrading to the premium version adds tech support and the ability to sync data across devices. LastPass is also competitively priced at $36 a year.
The LastPass auto form-filling feature compares favorably to form-focused tools, such as RoboForm. It offers multiple “identities” for specific types of forms to streamline shopping experiences.
All encrypted information is stored on the company’s cloud-hosted servers. This allows you to access your LastPass logins from anywhere but may also open possibilities for security breaches on their network to compromise personal data. So if you want to keep your data secure outside of the cloud, a tool with the option for local storage would be a better fit.
While LastPass is a reliable tool, it should be noted that they have experienced major data breaches in the past.
- Rich features in the free version
- Personal data monitoring
NordPass is the newest password manager tool on this list. However, it comes from a company that has already proven itself a formidable force in the cybersecurity field, NordVPN. The company brings the same simplicity and intuitive operations that made their flagship product so popular to the NordPass password manager, with quick and easy setup and support for all major platforms and browsers.
It should come as no surprise that this tool also has capabilities that go beyond typical password manager security. NordPass uses a zero-knowledge setup that encrypts all password data on a device before it ever reaches NordVPN’s servers. This means not even the company can access your data. It also uses the same advanced XChaCha20 encryption method that’s used by Google applications.
It also offers a personal information storage feature that secures and encrypts a variety of personal information, such as addresses, phone numbers, credit card information and more, which can be easily accessed when filling out forms.
The free version of NordPass unfortunately only supports a single device. But the premium version is affordable at $2.49 per month.
- Zero-knowledge setup
- Advanced encryption
- Intuitive interface
RoboForm is one of the veterans on this list, having been established in 1999. However, the company has regularly updated the platform to ensure its interfaces remain intuitive for modern users.
As its name suggests, RoboForm shines when it comes to form-filling. It can accurately auto-fill hefty, complex web forms with a single click. It also gives the option to create web form identities that cater to different information requests. It comes with eight identity categories, including credit card, passport and vehicle information. So, if you’re looking for a tool that will autofill more than just login credentials, this may be the best option.
Another handy feature is the secure bookmarks storage. RoboForm will sync the bookmarks from your web browser across all your devices, making it quick and easy to visit and log in to all your most frequented sites.
Most of RoboForms features are available from the free version, such as two-factor authentication and automatically generated passwords. But similar to Dashlane, you will need to upgrade to the premium version to sync data across devices. However, RoboForm is one of the cheaper password managers at $24 per year.
- Robust form-filling
- Bookmark syncing
Sticky Password is a relatively standard password managing tool but it offers a few helpful features. This tool uses AES-256 standard encryption, which means it’s a reliable option.
Sticky password includes form-filling features like some other tools on this list but exceeds by offering an unlimited number of identities that include addresses, contact information, financial information and more. However, the form details are somewhat outdated and lack support for big social media platforms, like Facebook, Instagram and Twitter.
Unfortunately, Sticky Password lacks the ability to monitor for data breaches or compromised personal information. But it still includes other security features, such as two-factor authentication, secure memos for text documents, local data storage and the ability to sync data over Wi-Fi without using the cloud.
One unique aspect of Sticky Password is the portable USB version of the platform. You can save a portable copy of Sticky Password on a flash drive that can be inputted and used on any device, rather than relying on the cloud or any other wireless connection.
The Premium version of Sticky Password costs $29.99 per year, which adds unlimited devices, password sharing and the local data storage mentioned above.
- No-cloud Wi-Fi sync
- Portable USB version of the program
- Local data storage
Are password managers secure?
Using a password manager is a good first step toward improving your security posture in and of itself, but the question remains: how secure are password managers? Here are a few concerns to keep in mind when deciding if a password manager is the right solution for you:
- All your data in one place: Whether your data is being stored locally or in the cloud, all of it is still sitting in one centralized location. That means if an attacker is able to bypass encryption to get one login credential, they now have access to them all.
- Device posture: The security of a single device can be just as important as the encryption of passwords. Typically, password managers require a master password to autofill all login credentials. If malware is present on a device, it can read that master password, giving attackers access to all of your data.
- Behavioral biometrics: Behavioral biometrics goes beyond static authentication, such as fingerprints or retinal scans. This method uses information such as the amount of time between keystrokes, the pressure applied with fingers, the angle of your phone, micromovements and more to authenticate a user. This is the future of biometric authentication but has yet to find its way into password managers.
Ultimately, the best way to ensure security posture across an entire network is by using a zero trust framework. This mechanism requires that all users be authenticated and authorized before being granted access to any network resource, beyond just inputting a password. Password managers can play a role in this framework but it also requires further steps be taken, such as microsegmentation and granular policy controls.
How to set up a password manager
After installing a Password Manager, the next step is for each user to create a master password that will be used to autofill all of their login credentials. All existing passwords then need to be added to the password manager. The tool will not only save these existing passwords but will also identify weak, duplicate or compromised passwords and ask you to replace them.
When replacing passwords or creating logins, you will be given two options: either create a new password yourself or allow the password manager to automatically generate a secure password. The latter is the most secure option, as it will create a long string of unique characters that are purposefully difficult to track. As it will be auto-filled, there’s no need to worry about remembering such a complex string of characters.
How to improve password manager security
To avoid some of the pitfalls of password manager tools, here are other steps you can take to further augment password security, the most important being multi-factor authentication.
This valuable feature is not automatically enabled on all managers but should be a top priority when setting one up. Using a combination of at least two of the following factors of authentication will significantly boost your endpoint security:
- SMS-based authentication: The password manager will send an SMS message to the user’s mobile device. Typically, the message will contain either a code to input in the manager tool or a verification link that the user must click.
- One-time passwords (OTP): These are passwords that are automatically generated and shared with the user but are valid for only one login session.
- Security questions: Many should be familiar with predetermined security questions that have unique answers for each user.
- Biometrics: This is the latest and the most secure type of authentication. Biometrics, such as fingerprint scans, retinal scans and facial recognition are especially difficult for attackers to bypass.
Tips for creating a secure password
Allowing the password manager to generate your password is the most secure option for individual logins. However, you will be required to create your own master password that you’ll need to remember. Here are a few secure conventions you should follow when creating your master password:
- Length: Your password should be at least 20 characters long. If a hacker can’t get your password through simple means, such as a dictionary scan, they will use a brute force scan which will likely be able to crack any password less than 20 characters due to the lower number of combinations.
- Character types: Be sure to include all major character types, including uppercase, lowercase, numbers and symbols. The more unique the string of characters is, the better.
Why you shouldn’t use built-in browser password managers
Many popular browsers now include their own native built-in password managers. However, these are limited in their capabilities and features. Native password managers are only able to store and autofill login credentials used on that specific browser. Standalone password managers, on the other hand, can autofill passwords across multiple different browsers, as well as applications.
Another big downfall to native password tools is that browsers have many other focuses besides just securing passwords. The over security posture of built-in password managers are not nearly as robust as standalone alternatives. For example, browsers do not store passwords in an encrypted vault that only individuals users have the key to unlock.
|Local data storage||No||No||Yes||No||Yes||No||No||Yes|
|Dark Web Monitoring||No||No||Yes||No||Yes||No||No||Yes|
|Security tool add-ons||No||No||Yes||Yes||No||Yes||No||No|
|Premium price||$36 / year||$10 / year||$60 / year||$75 / year||$36 / year||$30 / year||$24 / year||$30 / year|