Everyone Needs a Password Manager
This year, World Password Day falls on Star Wars Day. May the fourth be with you! Celebrate by changing all your simple passwords to strong ones, with different ones for every secure site. If that doesn’t sound like fun, consider getting some help. First, install a password manager. Second, get all your existing passwords into it. Third, little by little fix all your weak and duplicate passwords. You’ll be ready to celebrate when World Password Day rolls around again on May 3, 2018 (which is also National Chocolate Custard Day).
For your own sanity and security, install a password manager and change all of your passwords so every single one is different, and every single one is long and hard to crack. Until our Internet culture evolves into some post-password Nirvana, everybody needs a password manager, from the most carefree Web surfers to the NSA’s security wonks. There are plenty of good choices. All the commercial password managers listed here earned 3.5 stars or better. Strapped for cash? We’ve rounded up free password managers separately.
The Password Basics
The typical password manager installs as a browser plug-in to handle password capture and replay. When you log in to a secure site, it offers to save your credentials. When you return to that site, it offers to automatically fill in those credentials. And, if you’ve saved multiple logins for the same site, the password manager offers you multiple account login options. Most also offer a browser toolbar menu of saved logins, so you can go straight to a saved site and log in automatically.
Some products detect password-change events and offer to update the existing record. Some even record your credentials during the process of signing up for a new secure website. On the flip side, a password manager that doesn’t include password capture and replay automation needs to offset that lack with significant other assets.
Getting all of your existing passwords into the password manager is a good first step. Next, you need to identify the weak and duplicate passwords and replace them with tough ones. Many password managers flag weak and duplicate passwords, and some offer help with the update process. The very best ones can automate the password-change process for you.
When you create a new secure account or update a weak password, you don’t want to strain your brain trying to come up with something strong and unique. Why bother? You don’t have to remember it. All but one of our top-rated products include a built-in password generator. Make sure your generated passwords are at least 16 characters long; all too many products default to a shorter length.
Entering a password like @2a&AY8mePu8HU@H on your smartphone’s tiny keyboard can be tough. Fortunately, almost all of our top password managers can sync across all of your Windows, Mac, Android, and iOS devices. A few even let you authenticate on iOS or Android with your fingerprint rather than typing the master password. Most include some form of two-factor authentication, be it biometric, SMS-based, Google Authenticator, or something else entirely.
Fill Forms Automatically
Since most password managers can auto-fill stored credentials, it’s just a small step for them to automatically fill in personal data on Web forms—first and last name, email address, phone number, and so on. Most of the top-rated products include a Web form-filling component. The breadth and flexibility of their personal data collections vary, as does their accuracy when matching Web form fields with their stored items. Even if they miss a field or two, the ones they do fill are ones you don’t have to type. Think about how many sites you go to that want all the same information; this feature is a huge time-saver.
Some websites offer to save your address, credit card details, and so on, for convenience. If you accept that offer, you’ve put your personal data at risk. Who knows if the site is storing your deets securely? Just let the password manager fill the form each time. It’s safer.
Different products handle form filling in their own ways. Some immediately fill all recognized fields, some wait for you to click in a field, some pop up and ask what you’d prefer. You’ll even find products that offer your choice of credit cards using realistic images with the correct color and bank logo!
Advanced Password-Management Features
Given that all these products take care of basic password management tasks, how can one product stand out from the pack? One handy advanced feature is managing passwords for applications, not just websites. Another is provision of a secure browser, designed to protect sensitive transactions and invoked automatically when you visit a financial site. And of course automating the password change process is a big plus.
As noted, these top products let you sync your passwords across all of your devices. Some of them also include a built-in mechanism for securely sharing passwords with other users. Some let you share a login without making the password visible, some let you revoke sharing, and with some the sharing goes both ways—that is, if the recipient makes a change it will change the original.
On a grimmer note, what happens to your secure accounts after you’ve died? A few products include some provision for a digital legacy, a method to transfer your logins to a trusted individual in the event of your death or incapacity.
What’s Not Here
As I mentioned, every product in the chart above earned at least a 3.5-star rating. Those with three stars are still good, but they’re not quite up there with the very best. Less than three stars is just not enough to make the cut. If you’re looking for a particular password manager that isn’t in this table, I have probably reviewed it, but found it wanting in some way. Note that the blurbs below include everything with a three-star rating or better.
Authentic8 Silo took 3.5 stars, and it does manage passwords, but password management isn’t its main purpose.
You also won’t find any free password managers here, because they have their own, separate roundup. LastPass 4.0 and LogMeOnce Password Management Suite Premium 5.2 are our Editors’ Choice free password managers.
The Top Password Management Software
Veteran password manager LastPass 4.0 Premium offers an impressively comprehensive set of features. Slick and polished Dashlane 4 also boasts a ton of features, even some that LastPass lacks. Sticky Password Premium handles essential tasks better than most, and a portion of every purchase goes to help an endangered species. And LogMeOnce Password Management Suite Ultimate justifies its incredibly long name with an incredibly long list of features, some not found in any competing products. But even the products not named as Editors’ Choice have their merits; you may prefer one of them. As mentioned, all of the products listed below earned at least three stars.