We live our lives online, connected to and using a number of different services all at once, whether at home and work. Security experts always recommend us to use a strong and unique password for all our websites, computers and mobile devices.
But this is impossible — no one has such a good memory.
Thankfully, there are secure alternatives to this. Password managers that you can set up and use to do all the remembering for you. These applications are a simple way to maintain exclusive passwords for each device and service that are extremely hard to guess or break. This way you not only stay safe and secure all the time, but you also get the extra convenience of quickly and easily logging in wherever you want.
Let’s take a look at the best password managers that are available for Windows, along with a detailed review of each one and an analysis of their feature sets.
This is going to be good!
The need for strong passwords
You know the drill by now. All online services and most offline ones require you to set up unique strings of passwords and keep them safe from prying eyes. Many require them to be a given length, like 10 characters long with strange symbols and oddly placed capital letters.
Who can possibly remember these weird combinations?
Yet at the same time, strong passwords are necessary. That is because of the potential for abuse. Unlike the early days of the Internet where you could run a public server with no authentication required, you now need to hide behind firewalls and set time filtering and monitoring of your networks. Even people who use online services need to be extra cautious when it comes to logging into them, lest they have rogue programs or keyloggers installed that can sniff away their passwords.
Truth is, we have allowed large corporations to have a disproportionate amount of influence over the Internet. And ultimately, over us.
It does not matter whether you are talking about searching using Google, emailing via Hotmail, or using communication or social networking platforms like Facebook, Twitter, Reddit, Snapchat and WhatsApp. Or even take something as simple as cloud storage.
Thing is, these companies possess an incalculable amount of information about ourselves and our families. And not only do they have an onus to keep all this data safe, but we also have to do our part to prevent our passwords and login credentials falling into the wrong hands.
Strong passwords and 2FA authentication are now a necessity.
Otherwise, you are simply inviting trouble.
Say hello to password managers
If you believe some privacy aficionados, then it is impossible to go on the Internet without having your computer taken over by hackers who will turn your device into a botnet, use it to mine cryptocurrency while also sealing your credit card details, and those of your 92-year-old grandmother who has actually never been online!
Things may not be that bad, but the threat of malware and hijack of your PC for ransom is real.
There is plenty that you can do to protect yourself, and your grandmother too! This involves not only staying away from suspicious nooks and crannies of the Internet but also installing some additional programs on your PC and phones to make your life a little easier.
The first line of defense should be a good password manager that does all the heavy lifting for you every time you log in. It is something that will keep all your login information secure without you have to memorize all of it, for each site and service that you use.
And better yet, password managers are more than just what their name suggests. They can also double up as vaults for your sensitive data and important files.
How do password managers work?
Simply having password protection for your accounts is not enough anymore, as these can be easily guessed or broken using fast computers. For paramount protection against these threats, you need to generate complex passwords — either by yourself or by using specialized software.
This is where password managers come in.
They can generate unguessable passwords, remember them for you, and then automatically use those saved passwords to log into your secure sites. Almost all of them rely on a master password to lock up all these saved passwords.
Of course, as we will find out below, the best password managers work on all your devices, no matter if you are using your desktop or laptop, smartphone or tablet. And they also offer a range of additional tools and utilities to help you along your journey of securing your login credentials.
What to look for in a password manager?
There are dozens of password managers to choose from, both highly advanced and amazingly simple. A few big ones rule the roost, services that including everything necessary for most people. Some work perfectly fine for free, others pack useful extras for a yearly cost.
At the bare minimum, you are looking for ease of use. You don’t want to invest time and energy on a password manager that has a cumbersome user interface, or one that is not intuitively designed to speed you along with your sites and services.
Another equally important consideration is syncing. This is what separates a good password manager from a great one. You need a solution that synchronizes your saved and stored passwords across multiple devices, so you have access to all your passwords on your PC, your laptop, your phone, your tablet, even your smartwatch. A very small number of folks limit themselves to one device. And even if you count yourself amongst them, for now, you still may need sync functionality in the future. Best to go with a password manager that has this ability.
Usefully, a password manager should not just store your passwords, it should also allow you to lock up your secure notes, credit card details, passport and driver license information, stuff like that. This will reduce the need for you to hunt your desk and drawers for this paperwork every time you need it.
And finally, your chosen password manager should operate either as a web browser extension or an app, ideally both. You need something that you set and forget.
Tips on creating strong master passwords
You have finally chosen your password manager, installed and set it up, and enlisted its services to deal with the plethora of passwords you have. You now have to deal with the little problem of creating a master password.
Almost all password managers rely on master passwords to lock up all your saved passwords.
This master password must be totally unguessable because anyone with access to it can unlock all your secure sites. At the same time, it must be something unique to you, so you can instantly remember it and not forget it or be required to write it down somewhere.
Ideally, you create something unique that only you can recall.
The master password unlocks everything else, so it is imperative that you come up with a strong master password that you can easily remember, but would be impossible for someone to guess or crack. When you forget your master password, it is game over — nobody can help you.
Here are some tips on selecting a memorable password.
You have two ways to go about this. Either make it poetic or use a passphrase.
Everybody has a favorite poem or song that they will never forget. Start there. Pick a stanza or phrase, and turn it into a password. Say, you write down the first letters of the word or syllable, mix in some number like the year of publication or when a song was released, throw in a little punctuation or capitalization, and you should have something very good that nobody else could guess.
Alternatively, you can also use a passphrase. This way of expanding your pool of characters not only makes your cracking your password harder, yet at the same time ensuring that you have a long and memorable password to use. Just be aware that not all password managers permit spaces in the master password. This is not a problem, as you can simply use a hyphen or equal sign to separate the words.
Security experts always recommend including all four types of characters, namely uppercase letters, lowercase letters, digits, and symbols. Pick words that do not naturally go together, and avoid characters that require pressing the shift key.
How to check whether you have a strong password?
There are a number of password tools available that let you check the strength and survivability of your passwords. Some of them even come bundled with password managers that are listed below. But if you are in need of a dedicated solution, our favorite one is SPNE.
Strong Passwords Need Entropy, for full.
This tool basically checks the strength of your passwords. Their survivability, if you will. You get to see how long it would take a hacker to crack it. You also get to see where it ranks in the list of the worst passwords. And like all good password tools, it can also generate secure passwords in a number of different ways like Random, Emoticons, Morse Code and Piece of Poetry.
PC maven Steve Gibson also has a website that analyzes the passwords you and delivers an estimate of how long a brute force attack would take to crack a given password. It is not exactly a password strength meter, but rather a measure of cracking time, and it is interesting to see how the cracking time goes up when you lengthen the password.
Check for breaches
First time using a dedicated password manager? If you have been old school juggling your logins and passwords, then it pays to spend a few minutes checking whether any of them have been compromised. Well, no, you will not get paid in cash or anything, but the peace of mind will be worth it.
The best website for this purpose is Have I Been Pwned.
Visit this link in a private window, enter your email address in the field and hit the button. You will be shown the results split into two, breached sites and pastes.
Breached sites include both individual websites that leaked data, like LinkedIn and Dropbox, as well as compilations. Pastes, on the other hand, are where usernames, email addresses and other details have been put in the public domain. Hacked information, basically. Perform searches for all your accounts, even those you no longer maintain but use to access certain services. You can also enter your frequently used passwords at the site to see if any of them have been compromised.
Make a note of all your accounts and passwords, and urgently address the ones that have been compromised with your new password manager.
Importing your passwords
Before we get to the meat of this article and take a look at your best options, a few words about importing your current passwords. If you are reading this article, chances are that you are yet to use a password manager, and have most of your login details memorized, written down somewhere, or stored in your favorite web browser.
Time to get that data out, and plug it into your shiny new password manager!
How you do that will depend on your choice of browser. Each web browser has its own quirky way of storing your passwords, there is no set standard. And this means that importing your passwords is very different for Firefox, Chrome, Opera, Edge, Internet Explorer and Safari. So different that it may give you headaches if you go about it unprepared and have tons of logins stored in your web browser.
Some browsers make this process easier than others, but there are many browsers that are reluctant to export passwords.
You will find Microsoft browsers at this end of the spectrum, both Edge and Internet Explorer. In this case, you are better off using a free tool called VaultPasswordView to extract your password details and save them in a file.
Opera, meanwhile, has a password exporting tool built into it, which you can access from Settings. But Firefox has no export option, and you will need to rely on and download the free FF Password Exporter utility that is available for Windows, macOS and Linux.
Good thing then that Google Chrome has a powerful little password managing module, which many password managers can actually directly access and import password from. And since Chrome can, in turn, import stored passwords very easily from other browsers like Firefox, Edge and Internet Explorer, it might actually be the easiest way here. If you are not a Chrome user, just install it temporarily, import your passwords from your favorite browser, export these details, then uninstall it.
Your imported passwords list will most likely be saved as a Comma Separate Values (CSV) file. Be sure not to forget to delete it securely once you have plugged in the details into your password manager. It is an unencrypted list of all your login details, after all.
Shred the file using your antivirus tool or a dedicated utility, if you want to completely destroy this sensitive information.
Updating weak passwords
When you set up your password manager for the first time, you will have to log in to each of your accounts individually to allow it to save the password in its vault. But what if you are using weak passwords that are easy to guess?
That very much defeats the purpose of using these tools for optimum security, right?
Time to update your weak passwords, then.
You can use the password generator tool available in the password manager to create a random new password, and updating them in the password manager. Most will detect the changes and offer to update your password automatically. Some password managers will also record your password history, which should come in handy should your password change not be registered and you are forced to revert to the earlier one.
The best password managers
There are dozens of password managers around these days, many standalone, others part of antivirus or security packages. Not all are created equal, obviously, and there is variance in their features sets, syncing abilities, and platform support.
But stick with the big ones you and you will find several excellent choices available here that will make your digital life easier. They will remove the burden of keeping track of your login details across dozens of sites, and keep your precious logins safe and secure.
Let’s dive in and take a look at the absolute best.
This is a tool that shines thanks to a powerful feature set like automatic password generation, auto-logins on various websites. However, be prepared to pay a handsome sum for the privilege, as there is no free version of 1Password, and the premium variants start at $2.99 a month. Ouch.
This is one of the biggest drawbacks, of what is otherwise, an excellent package.
Start the program and it will ask you to set a master password, which is basically an access code that lets you access all your stored data in the program. 1Password organizes your entries into categories such as logins, credit cards, identities, and you can easily add your own custom entry by clicking on icons in the toolbar. A small popup window guides you through the process.
When it comes to UI, 1Password has one of the most intuitive user interfaces around. You also get access to a digital wallet here, which you can use to save everything from your logins and credit card information to stick notes and network passwords. No more writing things down individually in scattered places.
Thanks to strong browser integration, you can use 1Password to log into your websites with one click. Additionally, it can also fill in forms for you automatically with all your personal data. Speaking of data, you also get a handy export function in the program that makes it possible to save your data in popular formats like TXT or HTML.
Smartphones users are also well accounted for, with solid apps for Android and iOS that sync your information with your computer automatically using WiFi, iCloud or Dropbox. And like all good password managers, 1Password does a commendable job of creating strong passwords — its built-in password generator is very versatile.
Overall, 1Password is a safe way to stash away all your passwords and sensitive data, and access this information anywhere on your online journey. Its potent feature set makes browsing a fair bit easier, particularly for those that like to spend their lives in their browsers. With excellent browser integration and splendid synchronization with smartphones, this tool has everything you need for your online safety, whether on PC or mobile.
The only major downside is the high subscription costs, which will simply steer many users away towards free solutions, some of which are equally nifty. That, and the fact that it puts your personal data in the cloud, which is again something that privacy-conscious users might want to avoid. But for everyone else, 1Password is an admirable and praiseworthy choice.
LastPass is one of the premier choices when it comes to password management for the connected world. The program is available in both free and premium versions, and while the latter offers you more, the free version is amazingly generous and should be more than enough for the need of most users.
Just take a look at what you get in the free version.
The basic flavor of LastPass lets you use complicated passwords for different services, which is a great way to keep your online accounts on the safe side. You only need to remember the master password, and LastPass will remember all your other passwords.
Install LastPass in your browser of choice, and you will see a menu near the form fields where the password will be entered. Simply click it once, and LastPass will quickly enter the saved password for you for that website or service. You get some highly capable add-ons for all major browsers like Firefox, Chrome, Edge, Opera and Safari.
LastPass is also available as an app for smartphones and tablets, so you are covered no matter what your usage habit. Speaking of usage, the newest version of LastPass focuses on usability and improving the UI with a more user-friendly redesign, making an already excellent option even better.
And, in case, you’re wondering, LastPass comes outfitted with a password generator that you can use to create strong, unique passwords.
A paid upgrade takes things up another level, opening up a range of additional authentication options, priority support, and the ability to sync information between your desktop and mobile devices. In fact, this is the only knock against LastPass that you have to be a premium subscriber to unlock syncing between the various devices you use.
LastPass Premium members can also share passwords with other users. This comes in very useful in cases where you use an Amazon account in the household or someone needs the WiFi key quickly. Simply select a user, and get him or her emergency access to your data, whenever needed, for a limited time.
The feature list does not end here, though. LastPass Premium also remember passwords for other programs, apart from browsers, though this only works on Windows for now. And paying members also get 1GB of encrypted online storage for critical data. Another important feature is advanced multifactor options that premium users get access to.
Like 1Password, LastPass Premium costs $3 a month, billed annually. Family accounts of up to six users are also available for those of you who want to go all in.
Dashlane is another big name in the world of password management, and it has earned its plaudits. It is an intuitively designed solution, with streamlined navigation and the ability to change a multitude of passwords on multiple sites with just a few simple clicks.
The application is as modern as they come — one look at it and you will know.
The setup process is best handled by downloading and installing the standalone Dashlane application, which will automatically install the extensions on every compatible browser. After installation, you must create a Dashlane account, requiring your email address and a master password. Dashlane does not let you recover or reset your master password. This is part of its security model. Forget your master password and you will have to wipe your account and start over.
The software allows you to store your passwords in a vault, or automatically sync them across your devices if you so wish. Your passwords are stored encrypted, so be sure to create a strong password for it, as that is what will be used to encrypt your information. Encryption is done using the security industry standard AES-256 method.
Dashlane also readily generates unbreakable passwords when you want it. And it also has the ability to store notes and share encrypted passwords with emergency contacts in case you have trouble with your account. You also get a digital wallet that allows for the convenience of tracking and making purchases at various online retailers — even when you don’t have a previous account set up with them.
So far, so good.
But where Dashlane really shines is in its premium version.
It is expensive yes, much more expensive than the competition like 1Passwod and LastPass. Think $60 a year, which makes Dashlane the costliest password manager that we tested. The Premium Plus plan actually runs you $120 a year.
While you only get support for a single device in the free version, the premium version can be used on an unlimited number of devices and offers a 1 GB cloud storage, dark web monitoring and VPN protection. In addition to all this, paying customers can monitor up to five private email accounts for whether they have been compromised on hacks. Version 6, the latest, also comes with the ability to perform real-time analysis of the security of your passwords.
Outstanding as it is, Dashlane does prefer doing things its own quirky way.
For example, it’s desktop program is clearly the star of the show, and you will be using it to manage every little thing. This makes the browser add-ons feel like a supplementary utility, instead of extensions of the program itself. Another odd omission is the complete lack of any biometric support on Windows.
Additionally, the free version of Dashlane is very risky. In that, not only is it limited to only 50 items, it stores all of them on a single device instead of the cloud. Meaning? If that device bites the dust, you lose access to all your passwords.
If you don’t fancy paying for Dashlane, then you will have to export your database to an external location regularly, an encrypted USB drive or what have you. Or opt for LastPass, which encrypts your passwords in the cloud, even on a free account.
If you prefer something a little less fancy, a little less mainstream, then KeePass is a password manager worth a look. It is a strong password manager and password generator, available for free, and ideal for those of you that want to keep track of a large list of credentials yourself.
Fire up the program, and you will be treated to a familiar look. KeePass is like any old Windows application, even requiring the .NET Framework to run. This means you will be up and running in no time, but the program certainly will not be winning any design awards anytime soon.
What sets KeePass apart is its ability to store your passwords in a database, and locking them airtight with strong 256-bit encryption that is widely used by banks. To limit unauthorized access and ensure that only you get access to your data, the program seals its database with a master password. Or alternatively, you can create a key file that can unlock the information using a USB stick or a DVD.
KeePass passwords can be listed in multiple file formats, including all the popular ones like XML, HTML, CSV, KDB3 and XSL. This makes the editing and transferring of databases a child’s play. Of course, the program can also help you create your own passwords by predefining things like length and choice of characters. This saves you the headaches of creating your own password yourself when registering at websites or online services.
Although KeePass is the longstanding version of the software, the developers have also got another thing going with what is called KeePass 2. This variant is designed to offer some more professional features than the mainline program. But fret not, as KeePass is still being developed.
You may be wondering that safely storing credentials is one thing, but what is the situation with browser integration? Justifiably so, as this is an important consideration before opting to go with KeePass.
Well, you can automatically have your login details and passwords filled on Firefox and Chrome using add-ons that link up with KeePass. You will need to interface with the program using these add-ons, and only then will they be able to access the data stored in KeePass, which will then be automatically entered on websites.
Ultimately, this is a definite knock on KeePass, these extra steps. Multiple add-ons are available, but you will need to manually set them up in your browsers. Luckily, the official KeePass website lists an extensive array of plugins for those of you interested — everything from Firefox and Chrome to SAP and Salesforce environments.
Definitely not for the absolute novices, but KeePass is a nicely unique option for those that want complete control over their personal data and are willing to do a little heavy lifting themselves.
5. Sticky Password
Now for something a little different. But still, not too different from KeePass. Sticky Password may sound like a funny name, but this is a very capable password management and generation solution, with a few fancy twists of its own.
Sticky Password comes from the creators of AVG Antivirus and offers AES-256 encryption and intuitive navigation, both on desktop and mobile. It also supports a wide variety of browsers, including less used choices like Pale Moon, Yandex and SeaMonkey.
Let’s start with the password generator first. You get the ability to create and manage an unlimited number of secure passwords consisting of uppercase and lowercase letters, numbers and special characters. Using unique passwords like this for all your online sites ensures that it is almost impossible to crack the services you are signed up for.
All your passwords are managed under a master password, so be sure to create a strong yet memorable one. Or perhaps write it down and store it away someplace safe.
In term of usability, Sticky Password does an okay job of providing your credentials wherever you want to sign in. You need to be tuned into the program, and the software will automatically provide the login data via tools like Form Assistant and Autofill. This goes a long way in saving you the annoying search for the right data manually.
Interestingly, and somewhat surprisingly, if your laptop has a fingerprint scanner, you can also identify yourself with biometric data using Sticky Password. Cloud syncing and synchronization via the local network are only available in the premium version of the program, however. Understandable, but not exactly ideal.
You can sign up for $30 a year for the privilege, or get a lifetime deal for $149, the latter being rather unique among password managers. A portion of your purchase also goes to save manatees, so that’s a plus if you are an animal lover.
What you will not love is that you will be forced to test the premium variant of Sticky Password for 30 days free of charge, even when you opt for the free version. You do not have a choice here, which is sort of annoying. There is also a distinct lack of multiuser plans, which puts a damper on businesses and families that want to share access.
But the good thing is that the installation and setup process has been refined in the newest version of the program. And it also offers better protection now, against local attacks. A new client for macOS is also now available, good for those of you who live a multiplatform life.
At the end of the day, Sticky Password is an elegant solution to the consistently pestering password problem. Cloud synchronization across devices and clock backups are limited to the premium, though, which may be worth a dip if you approve of the feature set. Business users, in particular, will appreciate the simplicity and professional service on offer here.
If you do not want to spend money, however, stick with the freeware KeePass, which is very much its immediate rival.
6. True Key
True Key by Intel Security and McAfee was born of a service that was acquired in 2014. It is the successor to the PasswordBox software, and what sets it apart is its particular focus on biometrics instead of the master password.
This allows you to sign in with via fingerprint or facial recognition, instead of always relying on a keystroke password to see yourself in.
Like other password managers, True Key comes with a handy bunch of features that streamline the process of generating and managing your passwords. The password generator, for example, generates a secure password at the touch of a button. And the app is smart enough to tell you when you are logging into a new account — it can automatically generate a new password for you and save your information.
All saved passwords are encrypted and transmitted and stored safely using a 256-bit key.
On a trusted device, login can be done by face recognition, fingerprint or master password. If you are not using a trusted device, like a friend’s phone or a hotel computer while travelling, True Key will verify your identity a couple of different ways, of your choice. Options are also available to store additional details like addresses, credit cards, membership information, driver licenses and more.
So, is True Key worth a dab?
It can be a real helper if you have modest requirements, and are not interested in an expansive feature set. As a matter of pure fact, if you can live by 15 passwords, you can even use True Key for free.
Setting up everything with a password manager takes a little bit of time. But once done, you will wonder how you lived your technology life without them. Not only does a good password manager provide you with a peace of mind, it also makes using online services a whole lot convenient.
Most importantly, you will never have to worry about forgetting your password again!