how safe is safari password manager

Safari Password Manager: How to save, view and manage passwords in Apple's browser

Thanks to iCloud Keychain, you can save browser username and password combinations.

Quick steps

Tools and Requirements

Step by step guide to using the safari password manager, final thoughts.

You probably already know about iCloud if you're using at least one Apple device. The cloud storage and synchronization service allows it to store and access content across multiple devices, including Mac, iPhone, iPad, and more. These include files and information like documents, photos, music, video, and contacts.

Apple's iCloud service is also at the heart of the iCloud Keychain , where you can store website usernames/passwords, among other items. In this how-to, we're concentrating on how to add, edit, and delete Safari password content. Similar tools are available on other browsers like Microsoft Edge and Mozilla Firefox .

You should also consider the best browsers and best secure browsers .

Steps for saving, viewing and managing passwords

Before you can save any username/password combinations, you must first be sure to have an Apple ID or iCloud account.
From there, you can begin adding usernames and passwords for websites you frequent.
You can also take advantage of Apple's new passkey feature.
Safari is only available on Apple devices such as Mac, iPhone, and iPad.

1. Go into the manager

To get started, you must first create an Apple ID . The username/password combinate is usable across all Apple devices to log into iCloud.com. You can proceed once you have an Apple ID and are logged into your device.

On Mac, the Safari password manager is located by choosing Safari on the menu bar at the top left of your Mac. From there, click Settings from the pull-down menu.

Next, click on the Passwords option at the top. Input your password as needed.

2. Adjust existing password settings

You can adjust password information in the iCloud Keychain directly from Safari. To get started, go into the Passwords section of Mac Settings (see above) and log in as necessary. Then, use the search box on the left side of the display to find the password information you wish to change. Click Edit .

You can change the username and password for a website and add notes when applicable. After making a change, click Save .

Click Delete Password to delete the password information.

Thanks to iCloud, any changes you make here will also be reflected in other Apple devices that use your Apple ID.

4. Using Autofill in Safari

With AutoFill, you can fill in your previously saved usernames and website passwords. The tool is also a great way to add a new username/password combination for the first time and to create a strong password.

You will see AutoFill pop up when a website asks you to create a password.

You will see an Autofill prompt In Safari when it's time to use or create a password.

Click the AutoFill Key button, then choose Suggest New Password . For optimal security, you should use the suggested strong password. However, if you choose not to use the suggested password, you can easily select the password field, click “ Don’t Use ,” and enter your preferred password.

From there, enter the rest of the required information to create the website account.

Why use a separate password manager instead of a browser?

While most web browsers have their own password management feature, except for Safari which incorporates it into iCloud Keychain, in-browser password managers have limitations. They can only be used with one specific browser and cannot be accessed from other browsers. On the other hand, standalone password managers are compatible with any browser on your device, making them a more versatile option. Moreover, it is important to consider security when choosing a password manager. Browsers are not updated as frequently as standalone password managers, which can pose a security risk in case of a breach.

Does Safari have a built-in VPN?

Like many other browsers, Safari does not come with a pre-installed VPN. However, several reliable third-party VPNs like ExpressVPN, NordVPN, and SurfShark can easily be integrated with Safari. With a VPN, you can significantly boost the security and privacy of your online activities.

Are browser password managers safe?

To guarantee the safety of your passwords, using browser password managers like Safari with encryption is a great first step. However, there are additional measures you can take to further enhance your protection. It is highly recommended to create a strong and secure master password. The newest optional feature in Microsoft Edge mandates that you input your master password before making any changes to the password manager, thereby adding an extra layer of security. Regularly backing up your password manager is also a wise precaution in case of loss or theft. Another crucial step is creating a Firefox profile, allowing content synchronization across devices. This ensures that any changes made on your computer are reflected on your mobile device and vice versa.

What is iCloud Keychain?

iCloud Keychain is a highly reliable password manager that securely stores sensitive information such as passwords and credit card details in an online vault as part of Apple’s iCloud suite of services. Users can easily access their stored data by simply logging in to the same iCloud account on any Apple device. Thanks to the end-to-end encryption feature, user data is protected and can only be accessed by the user, even in the unlikely event of an iCloud account breach. Furthermore, the two-factor authentication feature provides an extra layer of security to user accounts, ensuring that they remain safe and secure at all times.

What are Apple Passkeys?

Apple Passkeys hope to eliminate the need for passwords eventually. This authentication method adheres to industry standards and guarantees improved security features while streamlining the login experience.

Passkeys create a unique cryptographic key pair for every website or application you use. The website or app stores the public key while the private one remains on your device. When you log in, your device produces a cryptographic signature using the private key. The website or application can then authenticate your identity by verifying this signature. With Passkeys, you can rest assured that your online security is in good hands.

Like passwords, passkeys are kept in Apple's iCloud Keychain.

The built-in Safari password manager, part of the iCloud Keychain, makes tracking website usernames and passwords easier. Better still, those items carry over to other Apple devices, including iPhone and iPad. In the coming years, Apple hopes to eliminate the need for passwords and replace them with more secure passkeys. However, username and password combinations remain the most popular choice for website authentication.

You might also be interested in Google Chrome now supports passkey for everyone and the best free password managers .

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Bryan M. Wolfe is a staff writer at TechRadar, iMore, and wherever Future can use him. Though his passion is Apple-based products, he doesn't have a problem using Windows and Android. Bryan's a single father of a 15-year-old daughter and a puppy, Isabelle. Thanks for reading!

Thousands of D-Link NAS devices have serious backdoor security issues

Ivanti pledges to “set a new standard” following recent exploits

Google Search on Android might get a nifty Gemini switch and put AI at your fingertips

Most Popular

By Krishi Chowdhary April 04, 2024

By Tom Wardley April 03, 2024

By Cesar Cadenas April 01, 2024

By Amelia Schwanke April 01, 2024

By Emma Street March 31, 2024

By Jennifer Allen March 31, 2024

By Joshua Chard March 30, 2024

By Emma Street March 27, 2024

By Charlotte Henry March 25, 2024

By Jennifer Allen March 24, 2024

By Amelia Schwanke March 23, 2024

2 Our phones are under threat more than ever — but many of us still don't have mobile security protection
3 7 new movies and TV shows to stream on Netflix, Prime Video, Max, and more this weekend (April 5)
4 Sony's best noise-cancelling wireless headphones plummet to a record-low price
5 I tested LG's new webOS on its latest TVs – and I loved these 3 big upgrades
2 Siri is truly terrible, but I'm optimistic about its rumored iOS 18 reboot – here's why
3 Leaked iPhone 16 dummy units show design changes for all four phones
4 Are iPhones a rip-off?
5 Roman Yampolskiy says there's a 99.999999% chance of humanity being wiped out, but Elon Musk puts it 10-20%

Want to highlight a helpful answer? Upvote!

Did someone help you, or did an answer or User Tip resolve your issue? Upvote by selecting the upvote arrow. Your feedback helps others! Learn more about when to upvote >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

How safe is storing Safari passwords in the device?

I have a MacBook running Mountain Lion.

I have a lot of strictly confidential data stored in Dropbox. The most innocent of it, for example, is all my cards data.

How safe would it be to save a Dropbox web login and password in Safari? Are they stored encrypted on the device?

Out of security reasons my password for Dropbox is long and complicated - i dont like to enter this password every time i need access to Dbox. But I dont dare to save password because don't know if someone can access this data if I I lose the device or it is being stolen,

My iMac account has a strong password, too. Would someone be able to retreive my password and logins if my MacBook lost o stolen?

Posted on May 16, 2013 9:29 PM

Posted on May 19, 2013 8:07 PM

The keychain is only readable if you supply your password (and thereby unlock it). The file itself is encrypted. You can copy it to another machine, but if you try to open it then it will prompt you for a password. Without this, you can try reading through the file's contents, but you will get garbled information.

Loading page content

Page content loaded

May 19, 2013 8:07 PM in response to Alejandro_64

May 16, 2013 10:11 PM in response to Alejandro_64

Passwords are stored in your keychain, which is an encrypted storage platform for secured notes and passwords. These can be managed through Apple's Keychain Access utility in your Applications > Utilities folder. This means that they will be very difficult to crack by anyone who steals your system or otherwise tries to crack your password, but the security of this system is only as good as the password you use, so be sure to use a strong and unique password.

May 17, 2013 12:04 AM in response to Topher Kessler

M-m-m... Could you please clarify what do you mean by "very difficult to crack"?

You mean "almost impossible" or "will take 2-3 days"?

May 17, 2013 12:08 AM in response to Alejandro_64

You could generate and store all of your passwords, credit card information, secure notes, etc., using 1Password - it's a bit pricey but is terrific for password protection and generation.

May 17, 2013 1:44 AM in response to clintonfrombirmingham

The question is a bit different:

How securely OS X stores saved passwords in Safari?

If the password itself is reliable - can someone access my pwds if my book is being lost or stolen? Can this keychain be cracked or unlocked or something like that?

May 17, 2013 7:26 AM in response to Alejandro_64

The keychain itself is encrypted with Triple DES. It's quite secure. A couple articles if you want to read:

http://www.macworld.com/article/2013756/how-to-manage-passwords-with-keychain-ac cess.html

http://en.wikipedia.org/wiki/Triple_DES

1Password is no more secure than Keychain; it just be may more convenient for some uses.

May 17, 2013 7:39 AM in response to Alejandro_64

The keychain file is encrypted with a Triple DES algorithm that should make brute-force attacks (guessing) nearly impossible to do. While someone with administrative access to your system can run programs to pull keychain information from memory, this ability is limited to those with admin access. Therefore, the security of the system is limited to who you grant access and the strength of the passwords you use. If I were to guess at how long it would take a system to brute-force attack the keychain and guess the password, provided a good password is used it would take well over a million years.

May 19, 2013 12:06 PM in response to Topher Kessler

So even if someone pulls out SSD from my MacBook and connects it to the othe computer - the encrypted contents should still be inaccessible, correct?

May 19, 2013 12:42 PM in response to Alejandro_64

Exactly. The keychain will require its master password in order to unlock all of its contained password.

If you are worried about someone doing this and getting any of your data, then in addition you can enable FileVault in the Security system preferences, which will result in all files being encrypted. Therefore if anyone takes out your drive and puts it in another system they will see nothing but garbled data.

May 19, 2013 7:14 PM in response to Topher Kessler

Yeah, I know about the File Vault. But I would like to avoid using it - disk operations speed wil reduce greatly. So I'm inquiring information about how encrypted Keychain data is storen on the drive - will it still be unreadable, for example, being connected to another machine?

May 19, 2013 7:19 PM in response to Alejandro_64

FileVault performance hit is negligeable. You likely won't even notice it is on. I didn't.

Where do you get the idea it will reduce disk operation speed "greatly?"

May 19, 2013 7:22 PM in response to Barney-15E

This hardly looks like a great hit in pereformance: http://osxdaily.com/2011/08/10/filevault-2-benchmarks-disk-encryption-faster-mac -os-x-lion/

May 19, 2013 7:25 PM in response to Barney-15E

The question still remains - if Keychain is unreadable w/o pwd only on the machine the drive is installed or on ANY machine the disk be plugged in.

Without FileVault

May 19, 2013 7:26 PM in response to Alejandro_64

The passwords in Keychain are encrypted. They can't be read anywhere without the password. Hence the term, encryption.

Password managers: Is it OK to use your browser’s built-in password management tools?

These days, the ability to keep track of the passwords you use with secure online services is a basic feature for web browsers. The feature is typically turned on by default, which means you probably have a random collection of passwords saved in the cloud along with your bookmarks and settings for your default browser.

If you regularly switch between browsers (Chrome on the desktop, Safari on your iPhone), you might even have multiple sets of saved passwords scattered across multiple clouds.

It's time to clean up that mess.

You have two choices. You could decide to get serious about adopting that feature and using it deliberately across every device you own. Or you could switch to a third-party password manager and shut down that feature in the browser.

Also: Best password managers for business in 2020: 1Password, Keeper, LastPass, and more

In either case, it's prudent to track down outdated saved passwords and delete them from the cloud.

Years ago, security experts cautioned against saving passwords in a browser. Today, the case for using one of those built-in password management tools is stronger. Consider the advantages of allowing your favorite browser to take over this task:

No extra download is required, as is the case with third-party password management utilities.
Your passwords sync automatically along with all your other data. When you sign in to your browser on a new device, your passwords are already available for you.
There's no subscription fee for these built-in password managers.
Your saved/synced data is secured by the same encryption and two-factor authentication features you use with your email, cloud storage, and device security features.

The list of disadvantages is shorter, but these factors are worth considering. The most obvious drawback is that browser-based password managers don't work with alternative browsers. If you routinely switch between browsers on different devices, you'll find yourself frustrated when you change a password on one device only to discover days or weeks later that your secondary browser is now offering an outdated set of credentials.

The bigger problem is that free, browser-based password managers generally have a basic feature set that can't compete with paid alternatives. They've all stepped up with password checkup features that alert you if your password was part of a data breach, and they can typically also track things like addresses and credit card numbers for quick form-filling. But they fall short on other, more interesting features.

Also: How to use 2FA to improve your online security

For example, every browser I looked at is capable of generating a strong, random password that you can use when you create or change your credentials for a new site. But none of them offer the ability to customize that password by choosing a specific length, allowing or disallowing symbols, and so forth, as you can with the third-party 1Password utility shown here.

Browser-based password managers don't offer advanced features like these options in the paid 1Password utility.

Likewise, free browser-based password managers lack a feature that's crucial for families: the ability to share passwords so that any family member can access a subscription service or place an online order using the same account.

With a full-featured password manager, you can also add notes to each saved entry, manage bookmarks, enter alternate top-level URLs that use the same credentials, and so on.

The bottom line? For anyone whose online demands are modest, who uses the same browser on every device, and who can live with the limitations of these basic features, a browser-based password manager is probably good enough. If you've read this far, that description's probably not you. In that case, the challenge is to transfer your currently saved passwords to a new utility and then disable the feature in favor of your preferred third-party password manager.

I've studied each of the four leading browsers: Google Chrome, the new (Chromium-based) Microsoft Edge, Mozilla Firefox, and Apple's Safari. Here's how to find the password management settings for each one, export any saved passwords to a safe place, and then turn off the feature. As a final step, I explain how to purge saved passwords and stop syncing.

Google Chrome

Chrome's built-in password manager is, not surprisingly, tied to whichever Google account you used to sign in to the browser. When you're signed in, passwords sync to your Google account and are available in Chrome on your PC or Mac, on Android devices, and on iPhones and iPads. If you're not signed in, passwords are saved locally.

You can manage password settings from the Chrome browser on a PC or Mac. Make sure you've signed in using your Google account, and then go to the Autofill > Passwords page at chrome://settings/passwords.

1) Use this shortcut to go straight to Password options; 2) Turn both these switches off; 3) Use these menus to export all passwords or remove individual saved items.

(You can also manage this setting from your online Google account. Go to https://passwords.google.com/options, where you'll find the same limited set of options. Or use the Password Settings option on an Android device.)

Back up your saved passwords: If you have any saved passwords, I recommend that you export a copy before you adjust any settings. There's a big Export button on the Google Account page; on the Autofill > Passwords page, click the More Actions button (three vertical dots) to the right of the Saved Passwords heading to reveal the Export command. The resulting file is in CSV format, which you can save or open in Excel or Google Sheets for printing.

Turn off password saving: Turn off both options on the Autofill > Passwords page: Offer To Save Passwords and Auto Sign-In. That will stop Chrome from saving any additional passwords, but it won't stop the browser from trying to fill in passwords that are already saved.

Google finally launches its Find My Device network. Here are the Android models that support it
5 Linux commands you must know to keep your device running smoothly
Apple is finally adding an iOS home screen feature that Android has had for 15 years
I changed this Android setting to instantly double my phone speed
The best AirTag for your wallet is flat, rechargeable, and isn't made by Apple

Purge saved passwords: From the Autofill > Passwords page, you can delete individual saved credentials. Click the More Actions button to the right of any entry and then click Remove. That action deletes the saved item from your Google account and from every other device where you're signed in using that account and have sync turned on.

If you just have a few saved passwords, deleting them individually is not such a big deal. If you have dozens of passwords (or more), it's a tedious process, but there's no other way to delete all saved passwords from your Google account short of deleting the account. You can delay the process by turning off password syncing and then clearing all locally saved passwords: After turning off password sync, go to chrome://settings/clearBrowserData, click Advanced, choose All Time from the Time Range menu, select the Passwords And Other Sign-in Data check box, and click Clear Data.

Turn off password syncing: To avoid having a password you accidentally save on another device sync back to the current one, go to chrome://settings/syncSetup/advanced, choose Customize Sync, and turn the Passwords switch to the Off position.

The New Microsoft Edge

Because the new Edge is based on the same open source Chromium engine that Google Chrome uses, the procedures for configuring the password manager feature are very similar to those in Chrome.

You can manage password settings from the Edge browser on a PC or Mac. Make sure you've signed in using your Google account, and then go to the Profiles > Passwords page at edge://settings/passwords. Unlike Google, Microsoft does not provide online access to your saved passwords from your Microsoft Account page.

Back up your saved passwords: On the Profiles > Passwords page, click the More Actions button (three horizontal dots) to the right of the Saved Passwords heading to reveal the Export command. The resulting file is in CSV format, which you can save or open in Excel for printing.

Turn off password saving: Turn off both options on the Profiles > Passwords page: Offer To Save Passwords and Auto Sign-In. That will stop Edge from saving any additional passwords, but it won't stop the browser from trying to fill in passwords that are already saved.

Purge saved passwords: From the Profiles > Passwords page, you can delete individual saved credentials. Click the More Actions button to the right of any entry and then click Remove. That action deletes the saved item from your Microsoft account and from every other device where you're signed in using that account and have sync turned on.

As with Google Chrome, you must delete saved passwords individually to clear them from Edge on other synced devices. If you just want to clear all locally saved passwords, first turn off password sync, then go to edge://settings/clearBrowserData, choose All Time from the Time Range menu, select the Passwords check box, and click Clear Now. If you want to remove all data that was transferred from the legacy version of Edge, including saved passwords, scroll to the bottom of the list and select the All Data From The Previous Version Of Microsoft Edge option.

Turn off password syncing: To avoid having a password you accidentally save on another device sync back to the current one, go to edge://settings/profiles/sync and turn the Passwords switch to the Off position.

Be sure to turn off password syncing before clearing this data, or Edge will quickly restore all your saved passwords from the cloud.

I confess, it has been a while since I used Firefox as my primary browser. Specifically, it must have been before October 22, 2019, which is when Mozilla released Firefox 70, with the browser's internal password management tools rebranded as Firefox Lockwise.

Mozilla has rebranded the password management features in Firefox as Lockwise, with separate mobile apps available for iOS and Android.

What makes Lockwise different from its browser brethren is that it saves passwords in Firefox but allows you to access those saved passwords via apps for the two dominant mobile platforms. In theory, that architecture makes this a more versatile solution, but the reviews I've read aren't encouraging.

One important note about Lockwise: It works only if you're signed in to your Firefox account. If you're not signed in, your passwords aren't saved.

Do you need antivirus on Linux?
6 ways to protect yourself from getting scammed online, by phone, or IRL
The best VPN free trials for 2024
8 habits of highly secure remote workers
How to find and remove spyware from your phone

Back up your saved passwords: Sorry, Firefox doesn't include an export option with Lockwise. There are workarounds (including a two-step process that uses the Brave browser ) but no built-in functionality for this important option.

Turn off password saving: After signing in to your Firefox account, go to about:preferences#privacy and clear the Ask To Save Logins And Passwords For Websites option.

Purge saved passwords: In Firefox, go to about:logins, where you'll find a list of all your saved credentials, with a navigation bar in the left pane that shows the current selection in the right pane. Click Remove to delete a saved password from your Firefox account in the cloud. There's no way to remove more than one password at a time, so if you've got a very large collection of saved passwords, you'll need to do a lot of clicking and confirming.

Turn off password syncing: To stop syncing passwords to your Firefox cloud account, go to about:preferences#sync, click Change, and clear the Logins And Passwords box. Note that this doesn't remove your previously saved passwords.

Safari on Mac

Apple's Safari browser is based on WebKit, which makes it a first cousin to the Chromium-based alternatives. But unlike Chrome or Edge, Apple doesn't allow its flagship browser to manage passwords independently of the operating system. Your passwords are saved in Apple's iCloud Keychain, which works on Macs, iPhones, and iPads.

There's no Safari browser for Windows PCs or Android devices, so Safari's password manager is appropriate only for those who are fully committed to the Apple ecosystem. If you've got an Apple Card because that 3% rebate represents big bucks for you, read on.

Back up your saved passwords: Apple does not make it easy to export data from its Keychain. The Keychain Access utility includes an export function, but the resulting files aren't readable by mere mortals, and it's really only appropriate for backing up from one Apple device to another. As with everything Apple, there are workarounds, but none I can confidently recommend.

Turn off password saving: To turn off password saving in Safari, go to Safari > Preferences > AutoFill, and clear the User Names And Passwords check box.

Purge saved passwords: Everything else about Apple's Keychain is difficult, but this is a major exception. To delete the saved passwords from a Mac, go to Safari > Preferences > Passwords. Sign in using your user account password, press Command+A to select every entry in the list, and then click Remove. Shazam!

Safari is the only major broser that allows you to quickly delete all saved passwords from the cloud.

Are you using your browser's password manager? Tell your story in the comments section below.

10 tiny 'everyday carry' tools and gadgets I keep on my keychain

5 ways to improve your chrome browser's security (and why you should), proton acquires standard notes to add another tool to its growing portfolio.

VPNoverview.com Password Managers Is Your Browser’s Password Manager Safe?

Is Your Browser’s Password Manager Safe?

In-browser password managers are found in all the most popular browsers, including Safari, Chrome, Firefox, and Edge. They all use 256-bit encryption. Some add even more protection via master/primary passwords, similar to the functionality found in third-party password manager apps like 1Password .

However, in-browser password managers lack some functionality found in third-party apps. This makes them unsuitable for users with advanced needs.

Pros of In-Browser Password Managers

Easy to use
No downloads required

Cons of In-Browser Password Managers

Can’t share passwords with others
No ability to auto-fill passwords in other browsers
Unable to customize auto-generated passwords

From a safety standpoint, in-browser passwords – when used with additional security measures like password-protected access to your device and two-factor authentication – are relatively safe. Whether you choose them over a third-party password manager application, depends on the functionality you need.

In today’s tech-driven world, most of us rely on the internet to manage our day-to-day lives. From checking in on social media to reading emails to paying bills, we log in online multiple times each day.

People serious about managing online risk often rely on password managers as part of their security strategy. These convenient tools create computer-generated passwords that are complex, unique, and difficult for hackers to figure out. Password managers also keep your private information safe in a secure, encrypted location.

There are two types of password managers : third-party apps and the password manager built into your web browser. Password manager apps are plentiful on the market, and we’ve written about them before . We’ve reviewed many and recommend several, including 1Password , Keeper , Abine Blur , and NordPass .

But what about the password manager found in your favorite browser? Will it meet your needs? More importantly, is it safe? Read on to find out if the built-in password managers found in Chrome, Safari, Firefox, and Edge are right for you.

Are Browser Password Managers Safe?

For many years, security experts recommended never saving passwords in your browser. Historically, third-party password managers offered better encryption than their in-browser competitors. They also eliminated the risk of your passwords falling into the hands of someone who gains access to your computer, either physically or remotely.

Today, the use of two-factor authentication (2FA) makes in-browser password managers safer, and reduces the risk of unwanted computer access. With this feature turned on, anyone trying to access your account needs more than just your password to succeed. In terms of additional safety, the browsers in Safari, Chrome, Firefox, and Edge all offer encryption , and protect your saved passwords with the same security used to keep your email, cloud storage, and devices protected.

The truth is, no password manager is failsafe . Even third-party apps have been shown to have security flaws. Even so, password manager apps do incorporate stronger security measures that are needed to ensure the security of their additional functionality (like password sharing and cross-browser availability of data).

However, the companies behind today’s most popular browsers continue to invest heavily in strengthening their security protocols to create a safe and secure environment. Additional safety precautions a user can take, like password-protecting your computer, locking it whenever you are away, and turning on two-factor authentication, add to your overall safety.

An Overview of the Most Popular Browser Password Managers

Today, every major browser offers a password manager that uses encryption to keep your information secure. But there are some differences in functionality among the big four – Safari, Chrome, Firefox, and Edge.

Safari Password Manager: Best for Apple Fans

If every device you own has a stylized fruit symbol on it, Apple’s iCloud Keychain is a natural choice for your password manager. It comes pre-installed on every Mac, iPhone, and iPad. You’ll need an iCloud account to use Safari’s password manager. If you’re already using an iPhone, iPad, or Mac (or all three), you likely have an iCloud account.

To use iCloud Keychain, you’ll need to enable the feature on each Apple device. Keychain will sync your passwords automatically across every enabled device.

How to turn on iCloud Keychain on your Mac

Choose the Apple menu and go to System Preferences .
Click Apple ID , then iCloud in the sidebar.
Tick the Keychain box.

How to turn on iCloud Keychain on your iPhone and iPad

Tap Settings , then tap [ Your Name ], and choose iCloud .
Scroll down and tap Keychain .
Slide to turn on iCloud Keychain *.

*You may be prompted for your Apple ID password to complete this step.

Once enabled, iCloud Keychain will operate in the background. It automatically generates a complex password whenever you create new login credentials on a website. You can also create and save your own passwords. Keychain autofills your saved password on every device where the Autofill feature is activated. Other iCloud Keychain features include notification of passwords involved in data breaches and alerts when it thinks the passwords you create are too weak.

How iCloud Keychain protects your data

Apple uses end-to-end 256-bit AES encryption to protect your data. It combines a unique key made from information specific to your device with a passcode you create. This encryption technology means no one else can read your data, not even Apple.

Safety considerations

While this is a very safe approach to protecting your data, iCloud Keychain does have an obvious downside. If you don’t have all your devices password protected, anyone with your phone, tablet, or computer has your passwords at their fingertips. It’s important to always require password or biometric access to your phone, tablet, and computer. You’ll also want to enable two-factor authentication for an additional layer of protection.

Google Chrome Password Manager: Great across operating systems

Not loyal to one operating system? Google’s password manager works wherever you use the Chrome browser. Chrome doesn’t care if you’re on an Android, Windows, or iOS device. Google offers Chrome apps for all operating systems.

The password manager found in Chrome is tied to a user’s Google account. You must be signed in to your Google account to use this feature. When you are, your passwords are saved in your Google account and synced on all devices where you’re using Chrome. To enable this, turn on the Chrome sync feature on each device.

How to turn on Chrome Sync on your computer

Open Chrome.
Click Profile in the top right of your screen.
Click Turn on sync .
Log in to your Google Account.
Click Yes, I’m In to turn on sync.

How to turn on Chrome Sync on your Android device

Open the Chrome app on your Android phone or tablet.
Tap More , then Settings , then Turn on sync .
Select the account you want to use.
Tap Yes, I’m In to turn on Sync.

How to Turn On Chrome Sync on iPhone and iPad

Open the Chrome app on your device.
Sign in to your Google Account.
Tap More … , then Settings .
Choose your Account Name .

Chrome’s password manager will generate complex and unique passwords for each site. You can also create and save your own.

How Chrome Password Manager protects your data

Google uses AES 256-bit SSL/TLS encryption for passwords. Google’s passphrase feature offers an additional layer of security. Passphrase creates a unique primary password that nobody knows, except you. Even Google cannot access your unique passphrase. With Chrome’s built-in Password Checkup feature, you can see if your login credentials have been involved in a data breach. This feature is turned on by default.

Although Google takes steps to protect your data with encryption and a passphrase, there are still safety concerns. Anyone who can access your device also has your passwords. It’s important to password-protect all your devices. Enabling two-factor authentication boosts security even more.

Perhaps one of the bigger concerns for users is data sharing . When you use Chrome password manager, you send all your information to Google, a company in the business of capturing and using data for profit . While there are no known cases of Google compromising account holders’ private information in this way, it is something to think about. You can read more about general browser safety here and here .

Firefox Password Manager: Best for privacy and limited data sharing

People serious about their online privacy often turn to Mozilla Firefox as their primary browser. Mozilla, the parent company of Firefox, is a non-profit entity with a main focus of online security.

Firefox offers a built-in password manager and syncing across devices. It works on different operating systems. You’ll need to sign up for a Firefox account and enable Firefox Sync to save and share passwords across devices. But unlike setting up accounts in Google, Microsoft, or Apple, your Firefox account won’t be tied to other services, like email or cloud storage.

How to create a Firefox account and turn on Firefox Sync on your computer

Open the Firefox browser.
Click the Profile Icon in the top right corner.
Enter your email address.
If you are creating a new Firefox Account, you will be prompted to create a password and enter your age (required).
Choose what to sync.
Click Create Account .
You will be prompted to add a second device. Follow the prompts on that device to complete your Firefox Account and Sync setup.

As with other in-browser password managers, Firefox will generate strong passwords for you. You can also create and save your own. Firefox Lockwise auto-fills your passwords across devices. It operates behind the scenes on your computer, and has a separate app for your phone or tablet.

How Firefox Password Manager protects your data

Firefox uses 256-bit AES encryption to protect passwords. Enabling the Primary Password feature of Firefox adds an additional layer of safety to the passwords you save. Firefox Monitor alerts you if your passwords were involved in a data breach.

Safety Concerns

Just as with the other browser-based password managers, your information is only as safe as your device is protected. Incorporating password protection on your phone, tablet, and computer adds a layer of protection. Firefox also offers two-factor authentication, which should be enabled.

Edge Password Manager: Ideal for Microsoft Account users

If you already have a Microsoft account, it’s convenient to use the password manager in Edge. When you activate sync, your passwords are available in the Edge browser on every device where you’re logged in to your Microsoft account. If you don’t already have a Microsoft account, you’ll need to create one.

How to turn on Edge Sync on your computer

Select your profile image in the Edge taskbar. Note: If you see Manage Profile Settings, you are already logged in. If not, you’ll receive a prompt to log in to your account (proceed to step 3).
Select Manage Profile Settings > Sync > Turn on Sync .
Click Sign In and enter your credentials, then click Continue .
Choose Sync when prompted.

How to Turn On Edge Sync on Your Mobile Device

Download the Microsoft Edge app for iOS and Android.
Sign in to your Microsoft account.

When you are creating new website login credentials, Edge will auto-generate a complex password. You can also create and save your own. Edge password manager works across multiple browsers and devices. To enable auto-fill on Chrome, you’ll need the Microsoft Autofill extension . For Android and iOS devices, you can autofill with the Microsoft Authenticator app .

How Edge Password Manager protects your data

Microsoft Edge uses AES-256 encryption to protect your confidential information. Microsoft also recently rolled out the Microsoft’s Password Monitor . This new feature informs you if one of your passwords is identified in a security breach. It also prompts you to change the compromised password. While other browser password managers also offer this feature, Microsoft is unique by using homomorphic encryption , a newer cryptographic technology.

Safety concerns

As with Chrome, Firefox, and Safari, the Edge password manager is safe as long as your device doesn’t fall into the wrong hands. Always turn on password protection on all your devices. Although Edge does not offer an extra option to set a master password within the password manager itself (a feature both Chrome and Firefox offer), you can further secure your Microsoft account with two-factor authentication. You should turn this feature on.

Should You Use an In-Browser Password Manager?

Like all technology, in-browser password managers aren’t a magical solution to every security issue. They offer benefits, but also have limitations. When deciding whether to use an in-browser password manager, it comes down to the functionality you need .

For users who don’t need to share login credentials with anyone, an in-browser password manager is a viable option. The same goes for users who stick to a single browser whenever they’re surfing the web. In-browser password managers are also already installed with your browser, eliminating the need for you to download anything.

For users who want or need more functionality than an in-browser password offers, third-party password manager apps are the logical choice. These apps also include a higher level of encryption that is needed to support their additional functionality.

Other Ways to Increase Your Online Safety

Whether you choose the password manager in your favorite browser or a third-party app, staying safe online is a priority. Password managers are one of many tools to help you do that.

Besides securing your passwords, there are other ways to protect yourself and your confidential data. Install and run an antivirus program . There are several free and paid options we recommend. Antivirus software runs behind the scenes, and quickly detects and resolves problems before they escalate.

Another way to stay safe is to maintain your privacy while browsing the web is with a virtual private network ( VPN ). VPNs do three things very well. They make you anonymous on the internet, help to keep hackers and cybercriminals away from your devices, and allow you to access potentially blocked websites.

Don’t forget to password-protect all your devices, and use two-factor authentication on your accounts whenever it is available. This multi-pronged approach is the best way to stay safe in today’s online world.

Still have questions about using an in-browser password manager? Check out our most frequently asked questions for more information. Not seeing what you need? Drop a comment below. We’re always happy to help you out.

All in-browser password managers are directly tied to the safety of your device. If you take extra steps to secure your computer, phone or tablet – by using password protection for access, then your browser’s password information is safe. Likewise, turning on two-factor authentication wherever it is offered, adds an extra layer of protection.

If you are still concerned about in-browser password manager safety, you should consider using a third-party password manager app, like 1Password . These services offer additional functionality, and enhanced security to support this functionality.

Both Chrome and Firefox offer the opportunity to set a primary password, a feature not found in Safari or Edge. This primary password acts as an additional layer of security. If someone should gain access to your device or your account tied to the browser, they would still need to know this additional piece of confidential information to get to your password data. Since Chrome is owned by Google, which isn’t too keen on privacy, the safest in-browser password manager is that offered by Firefox. You can read our full review of these managers in this article .

All the major in-browser password managers rely on end-to-end encryption to keep your data safe. This is the same technology that keeps your email and cloud storage protected. Likewise, all browser password managers are tied to your account (e.g. Google Account, Apple ID) for the respective browser. So, the security applied to your general account acts as an additional layer of protection against accessing your password data.

Liz Wegerer Author

Liz is a former VPNOverview writer with a special interest in online privacy and cybersecurity. As a US expat who travels and works in diverse locations around the world, keeping up with the latest internet safety best practices remains her priority.

Share this article

More articles from the password managers section.

LastPass Review (2024): User-Friendly Software But Risky Security

Passhulk-Pasword-Manager-Review-Featured-Image

PassHulk Review: An Easy-to-Use Password Manager

Blur Password Manager Review Featured Image With Score

Abine Blur Review (2024): Password Manager Safety at a Cost

Looking for a vpn.

Take a look at our overview of the most trustworthy, fast, and safe VPN services. Extensively tested by our experts.

To revisit this article, visit My Profile, then View saved stories .

Backchannel
Newsletters
WIRED Insider
WIRED Consulting

How to Use Apple’s New All-In-One Password Manager

3D illustration of a shield with a padlock and asterisks on it

Most people don't use a password manager or two-factor authentication —even people who know it's a good idea—because installing and managing yet another app just sounds exhausting. Well, if you're an Apple user, you don't need another app anymore: Your device can manage your passwords and generate two-factor authentication codes for you, and you can even sync them with a Windows computer.

Password managers are important . Why? To quickly summarize, using the same password for every website and app is an open invitation for hackers to access all of your accounts. That's because passwords regularly leak, and a leaked password on one site can give hackers access to all your other accounts if you use the same password everywhere. It's best, then, to use a totally different password on every site, but no human being can remember that many passwords.

Password managers are the best solution we have at the moment, because they can generate, and then store, secure passwords for all of your services. Most people don't use one, though, because such apps can be complicated to learn, and the best ones aren't free.

So it's great that Apple offers such functionality. But there's a downside: It's a little buried, if not outright hidden. Still, if you're a Safari user with multiple Apple devices, this feature means you can quickly generate and save secure passwords for all of your accounts. Here's how. Note that you'll need a (free) iCloud account for this service to sync passwords between devices, though if you're an Apple user you almost certainly already have one.

To get started, you may need to enable the feature, which you can find in System Settings on your device under Passwords . Make sure iCloud Keychain is turned on. Windows users should also install iCloud for Windows , which can sync your passwords with Chrome or Microsoft Edge.

The simplest way to add passwords to Apple's hidden password manager is to just start using your devices and saving passwords as you go. When you sign into any online account in Safari, or in any app on your iPhone or iPad, there's generally a pop-up asking if you want to save the password in your iCloud Keychain for AutoFill. This is the simplest way to add accounts: Just hit the Save Password button and your username and password will be saved.

Alternatively, if you're signing up for a new account, you will generally be offered an automatically generated strong password—if not, you can tap the key icon at the top of the keyboard on mobile or in the right side of the password field on desktop. Either way you should see the Add New Password option, which can automatically create a strong password for you.

This Woman Will Decide Which Babies Are Born

Lauren Goode

Karen Williams

The Hacking Lawsuit Looming Over Truth Social

William Turton

From now on, when you log in to the site, your device will offer to fill out the username and password for you. It will generally use TouchID, FaceID, or your system password to confirm you identity, after which the username and password field will be filled in. This saves you from having to remember the passwords, and even the usernames, you use to log in to websites.

You might be wondering where , exactly, all of these passwords are saved. Let's head back to Passwords in System Settings. Here you will find a list of all the passwords you've saved.

At the top of the list is a Security Recommendations function, which will cross-reference your saved passwords with known lists of leaked accounts. This is a useful way to know if any of your passwords absolutely need to be changed.

Below that is a search bar, which you can use to quickly find any account. Open an account to see the username, password, and URLs associated with the account. You can also add a note to any account, if you want.

We've talked about how two-factor authentication keeps you more secure , but basically it means that a hacker who gets your password won't be able to log in unless they also have physical access to your device. Generally two-factor authentication requires installing yet another app, for generating codes, but Apple devices have this feature built in, and they can even fill in the field for you.

Head back to your list of passwords in the System Settings app. Open any account and you'll see a Set Up Verification Code field.

Tap this and you can set up two-factor authentication for the application. How to do this depends on the specific service you're setting it up for, but it's generally in the settings of the specific app or website. You'll have a QR code to sign or, alternatively, a long code to copy.

After setting this up, your Apple device will automatically offer verification codes for you every time you log in to the service on any of your devices. It's really slick, and it's a lot faster than applications like Authy or Google Authenticator.

Note that if you have an existing password manager, you can import your passwords to Apple's system. Head back to Passwords in the settings app and hit the three-dot button on the right above your list of passwords. Here you will see the option to Import passwords .

You will need to export your passwords to a CSV file before you can use this functionality. Here are instructions for the leading password managers:

Google Chrome

You can also Export your Apple passwords to a CSV file from here, allowing you to import them into one of these password managers. We've outlined the best password managers for you; my personal recommendations are Bitwarden , which is free and open source, and 1Password , which is powerful, but not free to use.

There's not a lot of reason for the Apple faithful to do this, though. As we've outlined, Apple's password system does most of what these applications can do. The main problem is that they're hidden.

Recently the blogger Cabel Sasser argued that Apple Passwords needs an app , which is part of why I wrote this guide. I'm not sure if I agree with his premise—I suspect most people would simply ignore any “Passwords” app, the way they ignore most applications that come bundled with their devices. Still, it is true that all of this functionality is pretty buried. I hope this article helps you find it.

You Might Also Like …

Introducing Politics Lab: Get the newsletter and listen to the podcast

Think Google’s “Incognito mode” protects your privacy? Think again

Blowing the whistle on sexual harassment and assault in Antarctica

The earth will feast on dead cicadas

Upgrading your Mac? Here’s what you should spend your money on

It's Time to Switch to a Privacy-Focused Browser You Can Trust

David Nield

How to Stop Your Data From Being Used to Train AI

Matt Burgess

Some of the Most Popular Websites Share Your Data With Over 1,500 Companies

Andy Greenberg

Amanda Hoover

You Should Update Apple iOS and Google Chrome ASAP

Kate O'Flaherty

The XZ Backdoor: Everything You Need to Know

Dan Goodin, Ars Technica

Identity Thief Lived as a Different Man for 33 Years

Dell Cameron

How to Manage Your Passwords in Safari

Like other browsers, Safari has a built-in password manager that can autofill website usernames and passwords for you. Here's how to see, edit, and add saved passwords in Safari on the Mac and in iOS .

When you log into sites or create a new login, Safari will ask you if you want to save the password (and username). It can also save your credit cards and contact information. If you have iCloud 's Keychain Access set up, this saved information is also synced across your Mac and iOS devices in an encrypted file.

View and Edit Your Stored Passwords in Safari on the Mac

1. Go to Preferences in the Safari menu.

2. Click the Passwords tab.

Safari will show you the sites it has saved your logins for.

To copy the URL, username, or password, right-click on the login

To show the password for an individual login:

Stay in the know with Laptop Mag

Get our in-depth reviews, helpful tips, great deals, and the biggest news stories delivered to your inbox.

1. Double-click the password field. You'll be prompted to enter your Apple password first.

To show passwords for all or multiple logins:

1. Hold down the Command key while you click on sites to select them. 2. Check the "Show passwords for selected websites". Again, you'll be prompted to enter your Apple password before the passwords will be revealed.

To delete a login:

1. Select it and click the Remove button.

To add a new login:

1. Click the Add button.

2. Enter the URL, username, and password.

View Your Stored Passwords in Safari on the iPad

In iOS, you can manage your saved passwords and add new ones from the Settings app.

1. Open the Settings app.

2. Tap Safari then Passwords.

3. Use Touch ID or enter your passcode to continue.

Safari will list the passwords it has saved for you:

To view saved passwords:

1. Tap on the site name.

1. Tap Edit.

2. Tap the minus sign next to the site name.

3. Tap Delete.

To add a new log in:

1. T ap Add Password

How to Force Safari to Sync with iCloud
How to Sync Safari Bookmarks with Chrome, Firefox and Internet Explorer
How to Merge All Windows in Safari

73 million current, former AT&T accounts leaked to the dark web — here's what to do

iPhone users beware: 'Reset password' phishing attacks on the rise

How to refund a game on Steam — get your money back quick

Can You Trust Your Web Browser With Your Passwords?

Learn about the advantages and drawbacks of letting your browser store your passwords.

Google Chrome, Firefox, and Safari allow users to store their passwords using a built-in password manager. Some browsers will even generate random passwords for users and remember them on their own.

This is undoubtedly a useful feature created to meet popular demand. Nobody wants to remember dozens of difficult, unique passwords.

But just how secure are web browsers at keeping that data safe? Do web browsers have what it takes to keep unauthorized users away from sensitive data?

Read on to find out how each of the three major browsers rank up in terms of built-in password security, and what office managers and IT leaders can do about it.

Convenience Often Comes at the Price of Security

Web browser developers have a clear incentive: get as many users on their respective platforms as possible. Most everyday web browser users are more concerned about convenience than security , and it’s hard to blame developers for aligning their products with users’ interests.

The design of browser-based password managers then don’t offer the same kind of protection a purpose-built password management solution offers. This is especially true of business users who typically use company systems during the day and leave their computers unattended at night.

If you can’t protect against physical access to your system, a browser-based password manager is unlikely to help secure your system. Instead, it will put your entire network at risk. Each of the three main browsers come with security disadvantages that put user login credentials in jeopardy:

Google Chrome

With almost 60% of global internet traffic traveling through Chrome browsers, there’s no way to discuss browser security without starting here. On Windows and Mac OS X, Chrome prompts users to create a master password before saving any web login password itself.

In theory, this should keep users’ passwords safe, but if an unauthorized user opens Google Chrome in Linux, the web browser will not ask for any identification whatsoever.

There are also ways to reset the user password in Windows, which grants immediate access to Google Chrome’s list of saved passwords . This is because Chrome’s “master password” is automatically set to the user’s Windows password.

Simply use a tool like the iSumsoft Windows Password Refixer to reset the Windows password, and you can enjoy instant access to all the saved passwords in Chrome.

Apple Safari

Apple’s Safari is the built-in browser application for every iPhone, iPad, and Mac computer on the market. Safari requires users to set a master password before it will save user passwords and login credentials.

Safari is slightly more secure than Chrome because it requires the user to set a unique master password. Unlike Chrome, a Safari user can set a password that is distinct from their operating system password and keep their passwords locked behind that.

However, it turns out there are other ways to beat Safari’s password manager (more on that below).

Mozilla Firefox

Firefox is a well-known alternative to Chrome and Safari, and it includes almost all of the features of its more-popular competitors, password management included.

Firefox’s built-in password management tool is more like Safari’s than Chrome’s. It allows the user to set a unique master password rather than simply using the user’s operating system password as the default. However, it does not require users to do this.

That means that users who fail to secure their Firefox passwords behind a master password are leaving their credentials wide open for anyone to access.

Easy Ways to View Saved Passwords

Beyond the security vulnerabilities of each individual browser, there is another password retrieval method that works on all browsers . It’s so simple that anyone can do it, and it can reveal a browser-saved password in less than a minute:

Open a website login where the browser autofills the password field.
Open the browser’s Inspect Element (or Inspector ) tool .
In the window that pops up, find and replace “type=password” with “type=text”.
The browser will replace its usual asterisk filter with the unhashed, plaintext password.

Although the web browser’s inspector tool looks like a complicated mess of code, it takes zero programming knowledge to find and change that small value. Any passerby can force your web browser to give up the keys to your kingdom, and there would be no way to track down who did it.

The ease and convenience of storing your passwords through a browser’s password manager can be hard to resist, but it’s clear this practice should be avoided at all costs when working in an office setting.

Interact with the most used features in a password manager on our Password Generator page.

Thanks! You're subscribed. Be on the lookout for updates straight to your inbox.

Dashlane is a web and mobile app that simplifies password management for people and businesses. We empower organizations to protect company and employee data, while helping everyone easily log in to the accounts they need—anytime, anywhere.

Please note: We use cookies on our site to give you the best experience. Please accept these cookies, or change your settings here: Cookie preferences.

The best password managers in 2024

Easily store and autofill your passwords securely with one of the best password managers

Best overall
Best security
Best for iPhone
Best on a budget
Best features
How to choose
How we test

The list in brief 1. Best overall 2. Best security 3. Best for iPhone 4. Best free 5. Best on a budget 6. Best features How to choose How we test

The best password managers easily allow you to store all of your passwords securely in one place instead of saving them in a document on your computer or writing them down on paper.

With so many online accounts and passwords to remember these days, many people often take the easy way out and reuse the same password across multiple accounts. This is extremely dangerous as once hackers get the password to one of your accounts, they can then use it to login to the rest of them. With one of the best password managers though, you can generate strong, complex passwords for each one of your accounts and you only need to remember a single master password to unlock the others. Likewise, most of the best password managers have begun implementing support for passkeys so that you don't have to remember anything at all. Many password managers also throw in some nice extras like a VPN or antivirus software to sweeten the deal.

To help you pick out the best password manager for your needs or even your whole family, we’ve rounded up several of the top ones available today while highlighting their unique features and which platforms or browsers they support.

Reader Offer: Save 61% on NordPass Premium

<a href="https://go.nordpass.io/aff_c?offer_id=507&aff_id=39632&url_id=26900" data-link-merchant="go.nordpass.io"" target="_blank" rel="nofollow"> Reader Offer: Save 61% on NordPass Premium NordPass offers an easy-to-use password manager that allows you to save unlimited passwords and passkeys across mobile and desktop. <a href="https://go.nordpass.io/aff_c?offer_id=507&aff_id=39632&url_id=26900" data-link-merchant="go.nordpass.io"" data-link-merchant="go.nordpass.io"" target="_blank" rel="nofollow">Save 61% on NordPass Premium and get 6 months free.

Preferred partner ( <a href="https://www.tomsguide.com/reference/about-us#section-affiliate-advertising-disclosure" data-link-merchant="tomsguide.com"" data-link-merchant="go.nordpass.io"" data-link-merchant="go.nordpass.io""> What does this mean? )

The quick list

Below you'll find everything you need to know about the best password managers at a glance. Whether you're looking for a free password manager or a premium one with plenty of extra features, there's something here for every budget and platform.

The best password manager overall 1Password offers both individual and family plans and is available on a wide variety of platforms for both desktop and mobile. Its Travel Mode feature protects your passwords on the go and it even offers "masked" email addresses for greater privacy.

The best password manager on a budget

Bitdefender Password Manager is available in individual and family plans and is available for most platforms and browsers. Its low price, layered encryption and integration with the company's other products are some of its best features.

The best password manager interface

Dashlane offers individual and family plans most major platforms and browsers. Its intuitive interface is a great feature along with its bulk password changer.

The best password managers you can buy today

Why you can trust Tom's Guide Our writers and editors spend hours analyzing and reviewing products, services, and apps to help find what's best for you. Find out more about how we test, analyze, and rate.

The best password manager overall

1. 1Password

Our expert review:

Specifications

Reasons to buy, reasons to avoid.

1Password is competitively priced, easy to use and comes with all the features you’ll need in a password manager. From core functions like autofilling passwords across an unlimited number of devices to premium security monitoring, 2FA and passkey support, 1Password is a full-featured password manager with plans for both individuals and families.

With support for Windows, Mac, Chrome OS and Linux on desktop as well as both iOS and Android, you’ll be able to use 1Password to store and sync your passwords on whatever device you’re using. Likewise, 1Password also offers browser extensions for Google Chrome , Safari, Firefox, Brave and Microsoft Edge .

While 1Password doesn’t offer a free tier like some of its competitors, this isn’t a deal breaker as most of these free plans come with significantly less features and loads of limitations. This password manager does have a few unique features too like Travel Mode which lets you temporarily hide logins as well as the ability to restore recently deleted records.

1Password is a top-notch password manager with built-in security that’s both easy and intuitive to use. We also liked how its passkey support is more advanced than its competitors and how you don’t have to pay for extras like a VPN that you may not necessarily need. 1Password is a great choice if you want an excellent password manager that works across all platforms.

Read our full 1Password review .

The best password manager for security

Keeper ( $20.98 per year for Tom's Guide readers ) is another competitively priced password manager with a strong emphasis on security and a consistent user experience across platforms. It has a simple design which makes it easy to use and Keeper matches most of the features found in its top two competitors: 1Password and Dashlane.

Keeper works across Windows, Mac and Linux on desktop as well as on iOS and Android on mobile. However, there are also browser extensions available for Google Chrome, Safari, Firefox, Opera and Microsoft Edge.

Unlike 1Password, Keeper does have a free tier but it likely won’t be useful for most people as it’s limited to just one mobile device. As for its paid plans, you can pick between either an individual or family plan and the latter supports up to five people. Instead of making you pay more for features you might not need, Keeper lets you add dark-web monitoring and additional cloud storage space as part of its Plus Bundle. There are other add-ons too like the one for priority support which you can add to either the individual or family plan.

Keeper has expanded the number of built-in templates for storing other types of sensitive data and 20 new ones were recently added to its password manager. We’re also big fans of the service’s offline mode which creates an encrypted copy of your vault and stores it locally for when you need to access your passwords but don’t have internet access. Keeper falls slightly short of 1Password but it’s definitely worth considering if you’re looking for a secure password manager that’s easy to use. Read our full Keeper review .

The best password manager for iPhone

3. NordPass

NordPass is a password manager with a simple, intuitive design from the company behind NordVPN. It’s still a relatively new password manager compared to the competition but it has added a number of new features like a web vault, a standalone browser extension and biometric login support across all platforms in an effort to catch up.

NordPass is available for Windows, Mac and Linux on desktop and while there isn’t an official Chrome OS app, you can use its web vault on a Chromebook. It also works on both iOS and Android on mobile devices and there are browser extensions for Chrome, Safari, Friefox, Edge, Brave and Opera.

In addition to its individual and family plan with support for up to six people, there’s also a free tier. NordPass free allows you to store an unlimited number of passwords and it also comes with autofill capabilities, passkey support, secure notes and multifactor authentication. However, the free tier only allows you to stay logged in on one device at a time. NordPass’ paid plans are a bit more expensive than the competition but frequent discounts can cut the cost of a subscription significantly. In fact, Tom's Guide readers can save an extra 55% and get an extra 6 months free when they sign up for NordPass' two-year plan here .

In addition to more robust password management, upgrading to one of NordPass’ premium plans also gets you security monitoring for your passwords, secure online storage, passkey sharing and Emergency Access capabilities. NordPass has come closer to competing with 1Password and Keeper with its recent updates while its free tier is one of the best after Bitwarden. If you want a password manager with a consistent user experience and all the premium features you could need, NordPass is certainly worth considering.

Read our full NordPass review .

The best free password manager

4. Bitwarden

Bitwarden offers a whole lot of value for the price regardless of whether you stick with its free plan or upgrade to one of the paid ones. At the same time, this password manager is highly secure, open source and many premium features are available on its free tier. Bitwarden has apps for Windows, Mac and Linux on desktop as well as for iOS and Android on mobile. One other thing that sets this password manager apart from the competition besides its low cost is that it also offers browser extensions for Vivaldi, Tor, brave and DuckDuckGo in addition to more popular browsers like Chrome, Safari, Firefox, Edge and Opera.

Even if you only sign up for the free version of Bitwarden, you still get unlimited syncing for as many passwords as you want along with autofilling, secure-note storage and sharing. Of all the password managers we’ve tested, Bitwarden’s free plan has the fewest limitations. However, upgrading to this password manager’s premium plans won’t set you back that much at all. Bitwarden’s premium plan costs just $10 per year while its family plan is only $40 per year for up to six people. You also get access to secure cloud storage, priority support, advanced 2FA options and health reports which show if your passwords are weak or have been exposed in a data breach.

Bitwarden does offer quite a lot with either its free tier or its premium plans but it isn’t the most intuitive password manager to use, especially with features like its autofill function. However, it does the basics really well and has the cheapest premium tier of any password manager we’ve tested.

Read our full Bitwarden review .

5. Bitdefender Password Manager

Like NordPass, Bitdefender Password Manager is another relatively new offering but it’s also backed by a security company. As such, it’s integrated into Bitdefender Antivirus and the company’s other products with seriously strong encryption to protect your credentials and your privacy.

Bitdefender Password Manager has apps for Windows and Mac on desktop and for iOS and Android on mobile. There are also browser extensions for Chrome, Safari, Edge and Firefox. One thing that sets it apart from other password managers is that if you forget your master password, Bitdefender can recover your entire account for you.

While Bitdefender doesn’t offer a free tier of its password manager, it does give you a discounted rate during your first year of service. Bitdefender Password Manager costs $20 for the first year for its individual plan and goes up to $30 upon renewal. There’s also a shared plan for up to four people that costs $40 for the first year and then $60 after that.

Bitdefender Password Manager is a reasonably priced password manager from one of the biggest names in online security. Several layers of heavy-duty security protect your privacy while 2FA keeps your account and your passwords safe from hackers. If you already use Bitdefender to secure your PC, then signing up for the company’s password manager makes sense, especially as it’s one of the cheapest premium password managers we’ve tested.

Read our full Bitdefender Password Manager review .

The best password manager for features

6. Dashlane

Dashlane is a premium password manager with a price tag to match. Still though, for the price you also get dark-web monitoring and access to a VPN from Hotspot Shield . Dashlane does have a very easy-to-use interface across all of the platforms it supports and there’s a guided setup process to make getting started easier.

Dashlane offers apps for Windows, Mac, Linux and Chrome OS on desktop as well as mobile apps for iOS and Android. There are also browser extensions available for Chrome, Safari, Edge, Firefox, Brave and Opera.

If you want to try out Dashlane before signing up, there is a free plan though it does come with serious limitations and you can only store 25 passwords on a single device. As for its paid plans, Dashlane Premium costs $60 per year for a single user while its friends & family plan covers up to 10 people for $90 per year. While its the most expensive password manager we’ve tested, a big part of its higher price is the included VPN service which would cost just under $100 per year on its own.

Dashlane has fallen behind 1Password and Keeper in recent years in terms of price but it remains one of the easiest password managers to use. If you want to get access to a VPN and a premium password manager with one subscription though, it could be worth signing up for Dashlane, especially if you take advantage of its friends & family plan to help justify its higher cost.

Read our full Dashlane review .

How to choose the best password manager for you

Most of the best password managers have the same essential functions but things differ when you get to their extra features.

Some of them, such as Dashlane, 1Password and Keeper, alert you about the latest data breaches, sometimes for an extra price. Many password managers can also offer to save your personal details, credit card numbers and other frequently used information so that they can quickly fill out online forms for you. (This is much safer than letting retail websites save your credit card information.)

LastPass once offered an excellent, unlimited free service tier but that baton has since been passed to Bitwarden which also has a $10 annual premium plan that covers most of the basics.

1Password’s Mac and iOS apps have generally been kept more up-to-date than the company’s Android and Windows applications. It may be the best choice if you exclusively use Apple devices, but the other password managers work just fine across all platforms.

We also tested and reviewed a number of other password managers that didn't quite make the cut for this guide but are certainly worth considering if you want even more options. They include Zoho Vault , True Key , Myki , RoboForm , Blur and KeePass .

The biggest decision though is whether you want your passwords to be stored locally on your own computers and mobile devices, or in the cloud on someone else’s servers. There are pros and cons to each approach though.

Cloud vs. local management

When it comes to picking the right password manager for you, it’s worth considering whether you want your saved passwords to be stored in the cloud or locally on your devices.

For instance, 1Password still gives you the option to store and sync your “vault” of passwords and other sensitive information locally . However, the company still prefers that you use its cloud servers instead.

For KeePass though, local sync is the default option but setting up your Dropbox, iCloud or other cloud storage accounts to sync online isn’t difficult. Meanwhile, the third-party cloud-account option is standard for Enpass but the service has also added a local Wi-Fi syncing feature .

By default, Bitwarden syncs passwords on its own servers but it does provide very detailed instructions on how to shift this function to servers you control instead.

Syncing your passwords locally does provide a security advantage as none of this data needs to reach the internet. For those who want to maintain total control over their passwords, this is the way to go.

The downside here is that it can be a hassle to synchronize these passwords on all of your devices. Some services will allow you to do so over a local network such as a Wi-Fi network or on your own server. Alternatively, you could also put your password vault on a USB flash drive and physically move it from one computer to another.

Cloud-based password managers are far more convenient as these services keep encrypted copies of your vault on their own servers. This ensures that all of your devices will be synced and transmissions between your devices and a company’s servers are encrypted.

Although small, the risk is that one of the cloud servers – even one that you control using Bitwarden or use with Enpass – could be breached and your passwords could be leaked into the wild. For instance, LastPass has had a few documented security issues though all were quickly fixed without any passwords being lost.

If a password manager is doing its job correctly, it’s storing all of your passwords in an encrypted format and only storing your master password as a “hash” that is the result of an irreversible mathematical process.

Whether it’s local or cloud-synced, a password manager puts all of your eggs in one basket, so to speak unless you use more than one password manager. For most people though, the demonstrable benefits of using a password manager far outweigh the disadvantages.

How we test the best password managers

To see how well the best password managers stack up, we put them through extensive testing while conducting our reviews. This involves trying out their desktop apps, mobile apps and browser extensions on a variety of smartphones, tablets, computers and web browsers. However, we also look at the support options available to see whether or not each service has useful setup guides for each platform.

In our latest round of testing, we used a ThinkPad T470 running Windows 10, a Samsung Note 20 smartphone and an iPad Pro. As for the browsers used during our tests, we tested out the best password managers using Google Chrome, Microsoft Edge and Mozilla Firefox.

From here, we added our credentials from several sites like Twitter, Facebook and the Washington Post to each password manager. We then tested out their autofill capabilities as we went about our normal web browsing. This way we could see whether or not a particular password manager is easy to use in your day to day life.

For more on our testing procedures, check out our how we test page for Tom's Guide .

Sign up to get the BEST of Tom’s Guide direct to your inbox.

Upgrade your life with a daily dose of the biggest tech news, lifestyle hacks and our curated analysis. Be the first to know about cutting-edge gadgets and the hottest deals.

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.

Hurry! Save 50% on this top-rated password manager

Hurry! One of our top password managers is 50% off right now

Amazon's entire Fire TV lineup is on sale — 9 deals I recommend from $19

Safari Password Manager: What is it and How to Use it?

Summary: It's really hard to enter the password each time when you log in to your website account on the Safari browser. However, this article from iBoysoft can help you out of this trifle by introducing a tool to you -- Safari password manager. Meanwhile, methods on how to enable this wonderful tool are covered, too.

Logging in a website account on Safari is a bothering thing, however, Mac frees you from such trouble by providing you with a powerful tool -- Safari password manager . This tool can save your username and password of any website, easing your annoyance of repeating logging into an account.

This article will guide you to know the Safari password manager in detail, also, you can learn how to enable the Safari password manager .

Basic introduction of the password manager for Safari

Safari password manager is a built-in tool, which is able to auto-fill the usernames and passwords of certain websites. Each time when you log in to a website or apply for a new account, the Safari password manager asks you if you want to save the username and password. With it, you need not place the username and password on Sticky Notes for Mac or Apple Notes anymore.

This excellent password manager for Safari allows users to view, add, delete, or save credit cards and contact information on the browser. Meanwhile, you're able to import and export passwords saved on the Safari browser via the Safari password manager.

Since you know the basic information about the password manager for Safari, then learning how to apply this fabulous helper is indispensable.

Share this wonderful toolset with others right now!

How to enable the password manager for Safari?

This article will articulate how to use the password manager for Safari with full guidelines, and you can read carefully to master this tool:

How to view the passwords stored in Safari

Here are detailed steps to see the passwords that are stored on the Safari browser:

Open the Safari browser, and then click the Safari tab on the upper left of your desktop.
Select the Preferences option in the dropdown menu.
Switch to the Passwords tab in the main window of Preferences.

You can then choose any website on the left bar to show its password.

Safari password manager enables you to see the stored passwords, also, you're able to edit the passwords saved on Safari, too.

How to edit the passwords stored in Safari

You can follow the steps to make some changes to the passwords stored on the Safari browser:

Open Safari, and click the Safari tab on the left corner of your desktop.
Select the Preferences tab and head to the Passwords tab.
Select one website from the left bar of the Passwords tab.
Click the Edit button on the main window of the selected website.
You'll be prompted by an Update Account Information window, where you can make certain changes.

With the steps above, you can change the username and password directly within Safari, and heading to the responding website to make changes is unnecessary.

How to add a password via password manager for Safari

If you want to add a password and username to a website so that you need not log in when you visit it, here is how to do it:

Launch Safari, and click the Safari tab on the top taskbar of your desktop.
Select Preferences and navigate to the Passwords tab.
Click the + icon on the lower left corner of the Passwords window.

how to add a password via password manager for Safari

Now, you can visit the website without logging in, since you have added the account and password of that website in the Safari password manager.

How to delete a password via password manager for Safari

If you want to delete a password of a website, you can follow the steps below:

Run Safari and then click the Safari tab on the top toolbar of your Mac screen.
Select the Preferences and head to the Password tab.
Choose a website that you want to delete the password from the left bar of the main window.

how to delete a password via password manager for Safari

After you have learned the instructions mentioned above, you can apply this wonderful tool in Safari to bring you great convenience.

Moreover, you can import or export passwords in Safari, and notice that only CSV files can be recognized by the Safari password manager.

Know how to enable Safari password manager now? Then share this tool to bring convenience to more people!

How to disable Safari password manager?

Indeed, some Mac users would like to save the passwords with the Safari password manager for convenience, while other users may worry the information security and privacy. Take it easy, this article also provides you with methods to disable Safari password manager.

Launch Safari, and click the Safari menu on the toolbar of your device.
Select the Preferences tab and switch to AutoFill.

You can untick the username and passwords, and also the information from your contacts, credit cards, and other forms options.

Safari password manager is really a helpful tool, which can save the username and password of the websites that you saved, provide the information from your contacts, and offer you credit cards. If you're a Mac user, learning how to enable it is indispensable.

This post presents you with ways to enable Safari password manager and disable Safari password manager. If you're interested in it, try it now!

Apple Passkeys: What Is It & How It Works on Your Mac

This article explains Apple Passkeys on macOS Ventura, including what is it, how it works, and what Mac models support this security feature. Read more >>

FAQ about Safari password manager

You can see the Safari password manager by following steps: Launch Safari > Tap the Safari menu on your upper left corner of the desktop > Select Preferences and head to the Password tab.

Vain Rowe is a new technical editor at iBoysoft. She spares no effort to learn tech knowledge during the training and after training. She has shared dozens of articles across iBoysoft website and other websites, providing solutions and information about file restoration, disk cleanup, work efficiency, and data security.

Jessica Shee is a senior tech editor at iBoysoft. Throughout her 4 years of experience, Jessica has written many informative and instructional articles in data recovery, data security, and disk management to help a lot of readers secure their important documents and take the best advantage of their devices.

No. 308, 3/F, Unit 1, Building 6, No. 1700, Tianfu Avenue North, High-tech Zone

Apple’s password manager is compatible with third-party browsers in latest macOS beta

Yesterday, Apple released the first public beta of macOS Sonoma — the next major update for macOS that will be available to everyone this fall. Following this update, Mac users will be able to use Apple’s password manager in third-party web browsers, such as Google Chrome, Microsoft Edge and Arc.

You may not be aware that macOS has a built-in password manager that can securely store all your passwords. You can access it from the system settings and view your stored passwords using your fingerprint or your computer password.

There are many advantages in using a password manager. It means that you can use a different, sophisticated password for every website and service where you have an account. This way, when a service faces a data breach, your online accounts remain relatively safe. You can change your password on the targeted site and move on.

Thanks to iCloud, if you store your passwords in Apple’s password manager, they are synchronized with your other Apple devices, such as your iPhone or iPad. But what if you have an iPhone but you use a Windows computer at work?

In 2021 , Apple released a Google Chrome extension for Windows called iCloud Passwords. The company released a similar extension for Microsoft Edge shortly after that.

But those extensions don’t work on macOS, which means that you have to use Safari if you want to take advantage of Apple’s password manager on the Mac. Safari automatically fills out login information, generates passwords when you create a new account and saves your passwords in Apple’s password manager. Safari is also a great web browser but, yes, a lot of people use Google Chrome.

As Apple’s Ricky Mondello pointed out on Twitter, this is about to change with macOS Sonoma. The company is going to bring the iCloud Passwords extension to Google Chrome on the Mac.

‼️🔑 macOS Sonoma brings Apple’s password manager to Google Chrome, Microsoft Edge, and other browsers using their extensions stores with the “iCloud Passwords” browser extension. If you’re running the macOS Sonoma public or developer beta, you can try it right now! [1/n] pic.twitter.com/stkbQqFtfx — Ricky Mondello (@rmondello) July 12, 2023

As many web browsers are based on Chromium, they tend to support Chrome extensions natively. For instance, Arc and Brave should support the iCloud Passwords extension for macOS Sonoma.

As for other browsers, Apple is already actively working on porting the Microsoft Edge extension to macOS too. “We don’t have support for Mozilla Firefox at this time, but it’s a request I understand,” Mondello wrote on Mastodon.

Having a password manager that you can access from anywhere is going to be even more important in the near future as more sites start offering passkey support.

For instance, you can now use a passkey to sign in to Gmail instead of the usual password. A passkey is automatically generated by your device and stored in a secure location. On macOS, it can be stored in Apple’s password manager and synchronized with your other Apple devices.

It’s also worth noting that many Mac users have been enthusiastically using 1Password as their personal password manager. But 1Password is now increasingly focused on enterprise customers and cross-platform compatibility.

As Apple’s password manager will soon be accessible from Google Chrome, many people could start considering moving away from 1Password and using Apple’s built-in password manager instead. Shared passwords are coming with iOS 17 and macOS Sonoma too.

macOS 14 Sonoma is now live in public beta

How-To Geek

Why you shouldn't use your web browser's password manager.

Your web browser has a built-in password manager, but we still recommend separate ones like 1Password and Bitwarden. Here's why.

Quick Links

Why you need a password manager, your web browser's password manager is just okay, beyond just one browser, generating passwords, easily sharing passwords, warnings about password dangers, storing more than passwords, making the switch is easy, are password managers safe.

We recommend using a password manager like 1Password or Bitwarden . But modern web browsers have built-in password managers, so why install a different one? There are many good reasons to avoid your web browser's built-in tool.

Using a password manager is crucial. The biggest risk to your accounts online is password re-use. If you use the same passwords over and over, a breach at one website means your email and password is out there. Attackers will try to use that email and password to log into other sites. This simple trick is how accounts are often "hacked" these days .

The solution is using strong, unique passwords everywhere. But who can remember hundreds or even dozens of strong passwords? A password manager can remember if for you. You remember your password manager's master password, which unlocks your secure vault. Your password manager can randomly generate strong passwords, remember them for you, and log you into websites with them.

1Password , Bitwarden , and Dashlane are all reliable, stand-alone password managers. The open-source KeePass is okay, too, but it doesn't have built-in sync features.

Web browsers have been able to remember your passwords for many years, but their password managers are now getting more sophisticated. Still, we recommend skipping the password manager built into your web browser---whether that's Chrome, Firefox, Safari, or Edge---and using a dedicated password manager.

Related: Why You Should Use a Password Manager, and How to Get Started

Your web browser's password manager is better than nothing. With no additional software, your web browser can remember all your passwords and securely sync them between your devices. They can be stored encrypted in the cloud. You can use strong, hard-to-remember passwords because your software is automatically remembering them for you. This keeps your accounts secure, as you won't need to re-use passwords.

Related: Bitwarden Password Manager Review: A Very Cost-Friendly Option

The account it's synced with---like your Google account in Chrome or your Apple ID in Safari---can be protected with two-step authentication to prevent people from signing in.

But there are some problems. Built-in password managers in web browsers aren't as powerful and useful as third-party password managers. They are catching up, but they're not as good yet. Here's why.

Third-party password managers are cross-platform and cross-browser. Built-in browser password managers are limited to that specific browser. Let's say you use Google Chrome on your PC or Mac and Safari on your iPhone. If you use a third-party password manager, you can have your passwords in any browser. If you use a built-in web browser password manager, you can't mix and match browsers.

Beyond that, password managers offer good desktop and mobile applications, making it easy to access passwords, license keys, Wi-Fi codes, and anything else you want to store everywhere.

Third-party password managers don't just remember your existing passwords---they can automatically generate strong new ones when you're creating an account or changing an existing account's passwords.

Some browsers are now adding built-in password generators---Chrome and Safari now have this feature---but they don't necessarily offer all the options found in password managers, such as the ability to control how long the password is and what type of characters it contains.

Password managers have easy password-sharing features. Want to share your Netflix password with your family members? You can do it with a password manager with a built-in sharing feature. You'll all get access to the same password entry and, if you update the password, it'll change for everyone else.

Browsers don't have built-in password-sharing features. You can send a password to someone else in a text message or email, which isn't very secure. If you do that, it also won't be automatically updated if you ever have to change it. Password-sharing features are a great way to share household accounts.

Many password managers have built-in warnings like 1Password's WatchTower . They'll point out weak and reused passwords to you and even tell you when a password you use has appeared in a leaked password database. This helps you stay up-to-date on protecting your digital accounts. There's no need for a separate service to check whether your password has been stolen .

Web browsers are slowly getting features like these, too---Google has a password checker in its password manager. Google also offers the Password Checkup extension for Chrome , which it's building into the browser, but this isn't as powerful as the similar features built into password managers.

Password managers let you store more than just passwords . For example, you can create secure notes containing text like building entry codes and Wi-Fi passphrases. You can even add file attachments to your vault, which makes it a great place to store tax documents, scanned copies of your passport and driver's license, and other sensitive information.

To store files like these securely, you might find yourself creating encrypted archive files and uploading them to a cloud storage service. Taking advantage of your password manager's vault is more convenient.

This works nicely with sharing, too---you can store all sorts of sensitive information and documents and share them with anyone else who needs access.

We're happy web browser password managers are getting more powerful, but they aren't competitive with the more powerful password managers just yet.

If this has convinced you and you're currently using your web browser's password manager, don't worry---you can switch to a password manager and import all your usernames and passwords from your web browser's built-in password manager. The password manager you choose will walk you through the import process.

Storing all your passwords in a single program may seem a little odd---weren't you supposed to remember all these things?---but we (and many other experts) argue it's safer than the alternative. Here's why you should trust password managers .

Apple Watch
Accessories
Digital Magazine – Subscribe
Digital Magazine – Log In
Smart Answers
M3 MacBook Air
New iPad Air
iPad mini 7
Next Mac Pro
Best Mac antivirus
Best Mac VPN

When you purchase through links in our articles, we may earn a small commission. This doesn't affect our editorial independence .

Best password managers for Mac

You probably have a lots of online accounts, and in order to remember your login details you are quite likely to reuse those same few passwords over and over again. It’s perfectly understandable, but definitely not safe.

We know that it’s important to use an original password for each account and update them on a regular basis, but it can be a Herculean task trying to retain that information in our heads. This is made even more challenging with different sites requiring specific mixtures of characters: this one demands at least two symbols and no capitals, while that one requires a mixture of cases and a minimum length.

That’s where password manager apps come in. They allow users to create one master password, after which the app takes care of logging into all other accounts. Having only a single login to remember? That sounds good to us.

End your password chaos with 1Password

Are you ready to take control of your digital security? Try 1Password free for 14 days and discover for yourself how easy and smooth it can be to manage your passwords.

How password managers work

The idea of password managers is to simplify the way you access your various accounts. Instead of having to memorize multiple complex passwords for each of the services you use you need only recall one password and then the password manager will automatically fill in the required details for you.

The managers also offer various other features. For example, they can generate random, highly secure passwords for your accounts, they can warn you if your password has been compromised, and some can advise you about existing insecure passwords and support your efforts to update them.

Obviously, security is a high priority—as the manager apps have the virtual keys to your kingdom—which is why all of the options listed below use high-grade encryption to protect your details.

Many also feature digital wallets so your bank details can be safely stored and then used to make purchases online without having to root around in your pocket or bag for the card number and expiry date.

These services don’t usually come for free, but many offer trials so you can see if it’s the solution for you. After that you’ll need to pay a small monthly fee, but we think that’s a price worth paying for only having to keep one password in your brain.

Of course, Apple does have a password manager in macOS (and iOS and iPadOS) in the form of iCloud Keychain. It will even generate secure passwords and enter them for you automatically, all while storing them securely away from hackers and generally naughty people. iCloud Keychain is incredibly useful, but it’s a bit basic and lacks some of the features offered by other password managers.

So, if you want to stay safe without having to recall hundreds of passwords, but want more control and features than you get from Apple’s free offering, here’s some of the best alternatives available on the Mac.

We also look at the best iPhone password managers in a separate article. And for more ways to keep your data safe be sure to also read our Best Mac security tips article.

iCloud Keychain

There are lots of password managers available, but you may be wondering if you really need one, as Apple already includes a free one with your Mac.

iCloud Keychain is Apple’s own password management system and it is built into macOS and iOS. It helps you to create secure passwords by generating them on your behalf, warns you if you reuse one or if a password is not secure, and, crucially, auto-fills your passwords when needed. It’s all tied to your Apple ID login and password and the Apple devices you have registered for two-factor authentication, plus everything is encrypted, so it should be secure.

It doesn’t just fill in passwords for you though: it also enters your logins, emails, credit card numbers, and address details. So you can effortlessly go to sites, choose the item you want to buy, then complete the transaction in seconds and without needing to dredge your memory or fill in loads of text boxes first.

However, one of the main disadvantages is that iCloud Keychain only works on Apple devices. If you have an Android phone or use a Windows PC, iCloud Keychain is redundant and you will need to find your password information and enter it manually. Even if you are using Apple devices, iCloud Keychain is only available through the Safari browser, so if you prefer to use Chrome, Firefox, or any other browser, you’ll have to painstakingly look up your Netflix password.

There are a few other areas where iCloud Keychain lacks flexibility, such as not helping you update passwords or telling you when they’ve been exposed in any security breaches. So, it’s pretty much a manual solution for those who only use Apple devices and software. Luckily there are alternatives if you want a little more room to move.

Another long-standing favorite is 1Password. Much like the other offerings on this list, the app comes with the standard vault that you access via a master password, and in which you can see and update your various account login details.

A free 30-day trial is available, but after that, you’ll need to move onto a paid subscription that currently costs £32.99/$35.88 per year. For this, you’ll be able to use the software on as many devices as you like, including macOS, Windows, ChromeOS, and Linux, plus the accompanying iPhone and Android apps.

The Family tier costs £54.99/$59.88 per year and includes five premium accounts and 1GB of secure storage. This does make it appear a little more expensive than some of the other services on this list, most of which have six accounts in the Family package.

Security is again front and center, with 1Password boasting end-to-end encryption so only you will hold the key to your account. AES 256-bit is the order of the day, and 1Password monitors the activity on your account so it can send you warnings if any odd behavior is spotted.

One interesting new feature is Travel mode. This allows you to completely remove certain information from your device when going abroad. In these strange times, this could prove very useful if you’re passing through some of the rather aggressive customs checkpoints that now demand access to your devices. The best part is when you get home again everything can be restored by flicking a switch in the settings.

1Password has won numerous awards and is always an easy service to recommend.

Dashlane is a popular password manager, with a comprehensive suite of tools to make your life a lot easier. Once set up, Dashlane can pull any stored account details you might have in your browsers, making them available in the dashboard area where they can be viewed and managed.

The app analyses your current passwords to see how secure they are and gives you an overall rating based on how often you reuse login details for multiple sites. There’s also a feature to auto-replace passwords instantly with ones generated by Dashlane.

The app now works primarily on the web, with extensions available for Safari, Chrome, Firefox, and Edge. You still access a fully featured app, where you can see the password health monitor and upload your secure notes and IDs, but it’s online. The extensions are much smaller tools there simply to auto-fill your passwords and payment details on websites.

Credit card and PayPal details can be stored in the Payments section of the app, Plus there’s a section for digital versions of your passport and other IDs. There’s also a section for any secure notes you wish to keep safe.

One of the newer features included is a VPN that you can use to keep your online activities even more secure, especially when using public Wi-Fi services.

The clean, clear interface for Dashlane means it’s easy to set up and use. The fact that it also features AES 256-bit encryption makes it a very good option if you’re new to password managers.

The free tier allows the service to be used on one device and a maximum of 50 passwords, but if you want to sync your passwords to your phone and tablet too then the Premium tier will set you back £29.99/$39.99 per year.

If you want to cover your entire household, then the Family tier includes six premium accounts all for £49.99/$59.99 per year.

One of the newest additions to the password manager arena is NordPass, which is made by the same fine fellows at NordVPN . The latter is one of our favorite VPNs, as you’ll see from our Best VPN for Mac roundup.

NordPass has grown quickly over the past couple of years and now offers full desktop apps for macOS, Windows, and Linux, plus the standard iOS and Android offerings. You can also use NordPass through browser extensions for Chrome, Firefox, Opera, Brave, Edge, and Safari.

NordPass has all the features you’d expect from a modern password manager, with quick importing of existing passwords from other services, zero-knowledge architecture, local encryption, 2-factor authentication, password generation, secure storage for credit details and notes, autofill for logging into accounts, folders to store passwords for work, home or other classifications, security monitoring for password hacks, support for biometrics, plus a neat interface to manage all of your various data.

Prices are very reasonable, at £22.68/$29.88 per year for the Premium plan, and the five-account Family plan for £44.28/$59.88 per year. There is a free tier, which supports unlimited passwords, stores credit card details, and secure notes, plus has the ability to sync across all your devices. The main drawback is that you can only be logged into one device at a time. But if you can work with that it’s a service you should definitely investigate.

When it comes to technology, we often say that you get what you pay for, but in the case of Bitwarden, this isn’t quite true. The service offers a really impressive range of capabilities on its free tier, so with this app, you get what you don’t pay for!

Without signing up for a premium account you get unlimited storage for passwords, credit cards, notes, and online account IDs, secure text messaging with individuals, a secure password generator, two-factor authentication, plus the ability to either have your data stored on the Bitwarden servers or one you host yourself. Oh, and you can sync all your devices, rather than the single one offered by most other free tiers.

Should you want to expand the features, then the Premium tier costs £8/$10 per year and adds secure file sharing, 1GB of encrypted file attachments, additional two-factor authentication options, password safety analysis, and access to your account by family if you die or become sick. The Family plan offers all of this for six Premium accounts and costs £30/$40 per year, making it cheaper than several of the individual plans currently available.

Encryption is high-grade stuff, with Bitwarden deploying end-to-end AES-256 bit encryption, salted hashing, and PBKDF2 SHA-256, all of which are down locally on your machine.

Apps are available on a wide range of platforms, including macOS, Windows, Linux, pretty much every browser you can think of, Android, and iOS, and there’s even a secure web version if you find yourself without your device.

If you’re looking for value when it comes to password managers, it’s very hard to look past Bitwarden.

Keeper provides its services to millions of customers around the world. This doesn’t come as a surprise when you see the feature list and general polish that the app contains. You can store unlimited passwords, have Keeper auto-generate strong new ones, and sync passwords across multiple devices, all while holding credit card details and other important payment details in its secure vault.

AES 256-bit encryption is all performed locally, so Keeper can never know your details, but there is the option to securely share folders and passwords with friends and family if they need to access any of your accounts. The included secure messaging service is also useful for communicating these requests

There’s also support for Touch ID on the Mac and iPhone, with the latter also working with Face ID, plus Apple Watch compatibility and the option of using two-step authentication.

Keeper Unlimited Password Manager is available for £29.88/$34.99 per year, but there’s also the Family tier that includes five premium accounts, plus 10GB of secure storage for £71.99/$74.99 per year. If you want even more protection with the Breachwatch service that monitors password hacks and dark web activity, then there’s the Keeper Plus Bundle that will set you back £50.72/$58.47 for a single account or £95.88/$103.48 for the Family plan.

Those looking for a simple, secure solution that doesn’t break the bank would do well to consider Enpass.

The macOS client is completely free, but if you want to add the same features to your iPhone or Android device then you’ll need to move to the Enpass Premium tier that costs £19.49/$23.99 per year or £12.99/$15.99 every six months. There’s also a Family tier that offers six Premium accounts for an introductory price of £29.24/$35.99 for six months, then increases the price to £38.99/$47.99 per year. If you prefer to buy a lifetime license for yourself, you can pick one up for £63.99/$79.99.

Enpass doesn’t store any of your information on its servers. Instead, everything is encrypted and kept on your personal device so you never lose control of your data. Details can be synced securely via iCloud, Dropbox, OneDrive, Google Drive, Box, or ownCloud/WebDAV, to keep all of your devices in step.

You still have the classic features of other password managers, such as auto-fill forms, security analysis of your passwords and generating complex replacements easily, secure storage for sensitive information, and AES 256-bit encryption, plus support for iOS, Android, and Apple Watch devices.

There are plenty of fine-tuning options for those who are a little bit more hands-on, but we like the no-nonsense approach and the fact that your data never leaves your device.

Another long-standing favorite is Roboform. Like its rivals in this list, the service offers a wide range of features that make life easier for you when interacting with sites online. There’s end-to-end encryption, auto-filling of account details, new password generation, a security suite to monitor and advise you of the current health of your passwords, cloud syncing to keep all your devices up to date, multi-factor authentication, secure sharing, folders, and search features to organize your passwords, plus emergency access which allows family members to access your account if you should fall ill or pass away.

There’s secure storage for your credit cards and IDs, not to mention notes, contacts, and even your browser bookmarks, which is something we haven’t seen on other services.

Roboform is available for macOS, Windows, Linux, iOS, and Android, or you can use the browser extensions provided for Chrome, Safari, Firefox, and Microsoft Edge.

Prices are very affordable, with the free tier actually being quite decent as it provides unlimited password storage, auto-fill, secure sharing, and other basic features, albeit for a single device. To take advantage of all the capabilities Roboform has to offer you’ll want the Everywhere tier which costs a very reasonable $13.48 (£10.40) per year and works across all your desktop and mobile devices. It’s worth considering the 3-year deal which is only $54.04 (£41.50) which works out not that much more than many of the 1-year subscriptions offered by other companies.

There’s also a family package that gives you 5 Everywhere accounts for $37.35 (£29) for a year or you can opt to pay $118.45 (£91) to have the service for 3 years.

If you’re looking for the best bargain, then Roboform is certainly in the running.

Editor’s note: LastPass has been hit with several hacks over the past year, including at least one that stole encrypted customer data. In February 2023, LastPass also reported that hackers had infiltrated an employee’s home computer in “a coordinated second attack.” In light of this information, we don’t recommend LastPass at this time. Our original review is below.

LastPass is probably the best-known password manager, thanks to it being one of the original pioneers in the field. The company places a strong emphasis on security, trumpeting the use of “AES 256-bit encryption with PBKDF2 SHA-256 and salted hashes to ensure complete security in the cloud.”

The app does all of its encryption locally, so LastPass never knows your master password, and the Premium tier also supports a form of two-factor authentication for another layer of security. This is called MFA (Multi-Factor Authentication) and not only allows confirmation text messages to be sent, but also works with biometrics (Face ID & Touch ID) and even voice commands (although some of these methods are reserved for the Business plan).

You can either use LastPass locally on your device via dedicated apps (macOS, iOS and iPadOS), or via the web with plugins and extensions available for Safari, Firefox, Chrome, Opera, and Microsoft Edge all of which allow you to automatically access login details for sites and accounts or have LastPass autofill the login fields on your behalf.

Just like with other managers you have access to a vault where all of your passwords are stored, and these can be changed to more complex alternatives at the touch of a button. LastPass will also advise you on how secure your passwords are for your existing accounts. Getting set up is easy too, as you can import existing passwords from web browsers, email, and other password managers.

The app offers a digital wallet to store your card details, plus another area for official ID such as passports and driving licenses. The Note section is a place where you can keep Wi-Fi passwords, insurance details and any other important documents that you need to access. It’s also possible to securely share account details and logins with friends and family, even if they don’t have LastPass.

There is a free tier, although this is limited to one device, so if you want to sync across your Mac and iPhone you’ll need to move up to the Premium tier. At the time of writing, this will cost £31.20/$36 per year. Those wanting more scope can opt for the family plan which includes six user accounts and only costs £40.80/$48 per year on the LastPass website.

One of the advantages of a paid plan is an Emergency backup which means that, should you suffer an accident or even pass away, your family will be given access to your account.

Author: Martyn Casserly , Contributor

Martyn has been involved with tech ever since the arrival of his ZX Spectrum back in the early 80s. He covers iOS, Android, Windows and macOS, writing tutorials, buying guides and reviews for Macworld and its sister site Tech Advisor.

Apple Platform Security

Intro to Apple platform security
Hardware security overview
Apple SoC security
Secure Enclave
Face ID and Touch ID security
Magic Keyboard with Touch ID
Face ID, Touch ID, passcodes, and passwords
Facial matching security
Uses for Face ID and Touch ID
Secure intent and connections to the Secure Enclave
Hardware microphone disconnect
Express Cards with power reserve
System security overview
Boot process for iOS and iPadOS devices
Memory safe iBoot implementation
Boot process
Paired recoveryOS restrictions
Startup Disk security policy control
LocalPolicy signing-key creation and management
Contents of a LocalPolicy file for a Mac with Apple silicon
Startup Security Utility
Firmware password protection
recoveryOS and diagnostics environments
Signed system volume security
Secure software updates
Operating system integrity
Additional macOS system security capabilities
System Integrity Protection
Trust caches
Peripheral processor security
Rosetta 2 on a Mac with Apple silicon
Direct memory access protections
Kernel extensions
Option ROM security
UEFI firmware security in an Intel-based Mac
System security for watchOS
Random number generation
Apple Security Research Device
Encryption and Data Protection overview
Passcodes and passwords
Data Protection overview
Data Protection
Data Protection classes
Keybags for Data Protection
Protecting keys in alternate boot modes
Protecting user data in the face of attack
Sealed Key Protection (SKP)
Activating data connections securely in iOS and iPadOS
Role of Apple File System
Keychain data protection
Volume encryption with FileVault
Managing FileVault
Protecting app access to user data
Protecting access to user’s health data
Digital signing and encryption
App security overview
Intro to app security for iOS and iPadOS
App code signing process
Security of runtime process
Supporting extensions
App protection and app groups
Verifying accessories
Intro to app security for macOS
Gatekeeper and runtime protection
Protecting against malware
Controlling app access to files
Secure features in the Notes app
Secure features in the Shortcuts app
Services security overview
Apple ID security
Managed Apple ID security
iCloud security overview
iCloud encryption
Advanced Data Protection for iCloud
Security of iCloud Backup
Account recovery contact security
Legacy Contact security
iCloud Private Relay security
Passcode security overview
Sign in with Apple security
Automatic strong passwords
Password AutoFill security
App access to saved passwords

Password security recommendations

Password Monitoring
Sending passwords
Credential provider extensions
iCloud Keychain security overview
Secure keychain syncing
Secure iCloud Keychain recovery
Escrow security for iCloud Keychain
Apple Pay security overview
Apple Pay component security
How Apple Pay keeps users’ purchases protected
Card provisioning security overview
Adding credit or debit cards to Apple Pay
Payment authorization with Apple Pay
Paying with cards using Apple Pay
Contactless passes in Apple Pay
Rendering cards unusable with Apple Pay
Apple Card security
Apple Cash security
Tap to Pay on iPhone
Access using Apple Wallet
Access credential types
Car key security
Adding transit and eMoney cards to Apple Wallet
IDs in Apple Wallet
iMessage security overview
How iMessage sends and receives messages
Secure iMessage name and photo sharing
Secure Apple Messages for Business
FaceTime security
Find My security
Locating missing devices
Continuity security overview
Handoff security
iPhone cellular call relay security
iPhone Text Message Forwarding security
Instant Hotspot security
Network security overview
TLS security
IPv6 security
VPN security
Secure access to wireless networks
Wi-Fi privacy
Bluetooth security
Ultra Wideband security
Single sign-on security
AirDrop security
Wi-Fi password sharing security
Firewall security
Developer kit security overview
Communication security
Data security
Securing routers with HomeKit
Camera security
Security with Apple TV
SiriKit security
DriverKit security
ReplayKit security
ARKit security
Secure device management overview
Pairing model security
MDM security overview
Configuration profile enforcement
Automated Device Enrollment
Activation Lock security
Managed Lost Mode and remote wipe
Shared iPad security
Apple Configurator security
Screen Time security
Document revision history

The Password AutoFill passwords list in iOS, iPadOS, and macOS indicates which of a user’s saved passwords will be reused with other websites, passwords that are considered weak , and passwords that have been compromised by a data leak .

Using the same password for more than one service may leave those accounts vulnerable to a credential-stuffing attack. If a service is breached and passwords are leaked, attackers may try the same credentials on other services to compromise additional accounts.

Passwords are marked reused if the same password is seen used for more than one saved password across different domains.

Passwords are marked weak if they may be easily guessed by an attacker. iOS, iPadOS, and macOS detect common patterns used to create memorable passwords, such as using words found in a dictionary, common character substitutions (such as using “p4ssw0rd” instead of “password”), patterns found on a keyboard (such as “q12we34r” from a QWERTY keyboard), or repeated sequences (such as “123123”). These patterns are often used to create passwords that satisfy minimum password requirements for services, but are also commonly used by attackers attempting to obtain a password using brute force.

Because many services specifically require a four- or six-digit PIN code, these short passcodes are evaluated with different rules. PIN codes are considered weak if they are one of the most common PIN codes, if they are an increasing or decreasing sequence such as “1234” or “8765,” or if they follow a repetition pattern, such as “123123” or “123321.”

Passwords are marked leaked if the Password Monitoring feature can claim they have been present in a data leak. For more information, see Password Monitoring .

Weak, reused, and leaked passwords are either indicated in the list of passwords (macOS) or present in the dedicated Security Recommendations interface (iOS and iPadOS). If the user logs in to a website in Safari using a previously saved password that’s very weak or that’s been compromised by a data leak, they’re shown an alert strongly encouraging them to upgrade to an automatic strong password.

Upgrading account authentication security in iOS and iPadOS

Apps that implement an Account Authentication Modification Extension (in the Authentication Services framework) can provide easy, tap-of-a-button upgrades for password-based accounts—namely, they can switch to using Sign in with Apple or an automatic strong password. This extension point is available in iOS and iPadOS.

If an app has implemented the extension point and is installed on device, users see extension upgrade options when viewing Security Recommendations for credentials associated with the app in the iCloud Keychain password manager in Settings. The upgrades are also offered when users sign in to the app with the at-risk credential. Apps have the ability to tell the system not to prompt users with upgrade options after signing in. Using new AuthenticationServices API, apps can also invoke their extensions and perform upgrades themselves, ideally from an account settings or account management screen in the app.

Apps can choose to support strong password upgrades, Sign in with Apple upgrades, or both. In a strong password upgrade, the system generates an automatic strong password for the user. If necessary, the app can provide custom password rules to follow when generating the new password. When a user switches an account from using a password to using Sign in with Apple, the system provides a new Sign in with Apple credential to the extension to associate the account with. The user’s Apple ID email isn’t provided as part of the credential. After a successful Sign in with Apple upgrade, the system deletes the previously used password credential from the user’s keychain if it’s saved there.

Account Authentication Modification Extensions have the opportunity to perform additional user authentication before performing an upgrade. For upgrades initiated within the password manager or after signing in to an app, the extension provides the user name and password for the account to upgrade. For in-app upgrades, only the user name is provided. If the extension requires further user authentication, it can request to show a custom user interface before moving on with the upgrade. The intended use case for showing this user interface is to have the user enter a second factor of authentication to authorize the upgrade.

Download this guide as a PDF

Which Is Better: Your Browser's Password Manager or a Standalone Service?

Either kind of password manager can improve your security. Here's what you need to know before you decide.

Browser-based password managers can be faster to set up than standalone products, but they have limitations.

By Yael Grauer

“Would you like to save this password?” We’ve all had a browser, such as Chrome or Edge, ask us this after logging in to a website, but is it the best way to go? Or is it better to use a standalone password manager, like 1Password or Dashlane?

Either way, security experts agree that having unique passwords for every account is vital because it protects you in the event of a data breach. Once criminals acquire log-in credentials from a data breach, they often try to use your username and password elsewhere across the web in a type of attack called credential stuffing . If you never reuse passwords, they won’t have much luck.

Since no human can memorize unique passwords for dozens if not hundreds of accounts, security experts have long recommended the use of a password manager, a service that helps you generate and store long, unique passwords for all of your online accounts. Password managers operate across browsers and devices. They also allow you to easily share passwords with family members or coworkers/colleagues who share access to the same accounts.

But not everybody wants to use a password manager. In fact, a nationally representative survey of 2,000 people conducted by Consumer Reports in 2023 (PDF) found that only 35 percent of Americans use one of these services.

Security experts disagree on whether browser password managers offer the same level of robust security as stand-alone password managers, but one thing is clear: Both types of password managers make it easier for people to create and store unique passwords for each account.

That means if you don’t want to pay for a password manager or spend time setting one up, you can protect yourself by saving passwords directly in your browser and having it generate passwords for you—just like a standalone password manager would.

To see how browser password managers stack up against one another, CR’s security testers evaluated the password managers built into Chrome, Edge, Firefox, and Safari. They also compared them with one of our top-rated standalone password managers , 1Password Families.

Here are answers to the most important questions.

Can Browsers Generate Passwords?

Just like 1Password Families, the browser-based password managers in Chrome, Edge, Firefox, and Safari were able to generate passwords. (You have to be logged in when using Firefox and Safari.)

Can Browsers Check for Compromised or Reused Passwords?

One of the benefits of password managers like 1Password is that they let you check if a password you’ve used is one you’ve reused on multiple accounts. You can even look to see if a password you’ve used is listed in an online database of login credentials that have been stolen in data breaches. (These are tracked on a site called Have I Been Pwned .)

The password managers in Chrome, Edge, Firefox, and Safari also allow you to check whether any of your passwords have been compromised. Additionally, all of the browser-based password managers except for Firefox’s allow you to see whether your passwords have been reused.

Some browsers do this differently from others, though. For example, when we tested Safari on MacOs, it did not show us when we were creating a new account with an identical password, but it did alert us to duplicate passwords when we viewed the passwords it had stored.

Do Browser Password Managers Let You Share Passwords?

If you want to share a bank account login with your spouse or share a Netflix account with your housemates, the easiest way to do this is to share your password. Standalone password managers typically allow password sharing—either by creating a shared vault or by sharing individual passwords. That means you and your partner both have your own password manager accounts but can choose to share some of your login credentials with each other.

Safari allows password sharing , but the other browsers we tested did not.

How to Use Password Sharing on Safari On a Mac, choose Safari > Settings, and click on Passwords. After entering your password (or Touch ID, if enabled), control-click the site with the password you want to share, and then choose Share with AirDrop. (The person you are sharing with must allow themselves to be discovered in AirDrop, which they can do on the Finder in a MacBook or in the Control Center on an iPhone or iPad.)

Next, click on the person you want to share the password with, and click Done.

Do Browser Password Managers Offer Interoperability?

Standalone password managers are designed to be used across browsers and devices. For example, you can access 1Password through the service’s website in any browser, through a browser extension, or through a phone app. This is an area where they have an advantage over browser password managers.

While the password managers in Chrome, Edge, Firefox, and Safari allow you to import passwords from one browser to another, only Edge and Firefox allow you to share passwords directly between browsers.

Do Browser Password Managers Offer Multifactor Authentication?

Multifactor authentication adds an extra layer of security to your accounts so that even if somebody knows your password, they won’t be able to log in.

This is an area where browser-based password managers fall short. 1Password Families offers multifactor authentication, and in fact it requires a secret key in addition to your password when you log in from a new device.

With browser-based password managers, it’s a little more complicated. Browsers may allow you to set up multifactor authentication for your account, but can also allow some functionality without an account. Chrome, for example, allows you to save your passwords in the browser locally without a password. That is not ideal from a security point of view. However, you can set up multifactor authentication on your Google account.

Are Browser Password Managers Easy to Set Up and Use?

It can be very quick and easy to get started with a browser password manager than a standalone product. For example, Safari’s password manager is enabled by default. It will prompt you automatically when you log in to a website, asking if you want to save the password. In contrast, standalone password managers like 1Password require some additional setup: signing up for an account, setting a primary password, adding browser extensions, etc. However, once it’s set up, syncing between apps and devices will likely be easier with a standalone service such as 1Password, especially if you use different types of apps and devices—for example, if you use Safari on your iPhone and Firefox on your laptop or desktop computer, or if you use Chrome on your Android phone but the Brave browser on your laptop.

Do Browser Password Managers Let You Store Other Data?

1Password allows you to store not just passwords and product keys, but also notes, documents, images, and other files. That could include a photo of your passport, or a PDF of a healthcare proxy form. Browser-based managers may also allow you to store some information beyond passwords. For example, Chrome allows you to store payment information and addresses.

How Can You Make Password Managers Even More Secure?

First, it’s always a good idea to use a password to log in to your computer, phone, and other devices, to protect not just any passwords that may be stored on your browser but anything else you happen to have on there.

Regardless of where you store your passwords, make sure you wipe your computer first before you sell it or otherwise dispose of it.

Consumer Reports is an independent, nonprofit organization that works side by side with consumers to create a fairer, safer, and healthier world. CR does not endorse products or services, and does not accept advertising. Copyright © 2024, Consumer Reports, Inc.

Which Is Better: Your Browser's Password Manager or a Standalone Service?

Software and apps

The Best Password Managers

A close-up of the screen of a Macbook laptop on which the 1Password password manager app is being used.

By Andrew Cunningham , Thorin Klosowski and Max Eddy

Almost everyone should use a password manager. It’s the most important thing you can do —alongside two-factor authentication —to keep your online data safe. We’ve evaluated dozens of paid and free password managers, and we’ve concluded that 1Password offers the best combination of features, compatibility, security, and ease of use. You don’t have to pay for a good password manager, but if you can, 1Password is worth the $36 per year. If you prefer free software, Bitwarden does everything you’ll need and doesn’t cost anything.

Everything we recommend

The best password manager

1Password offers attractive and straightforward apps. Newbies will like its plain-language security recommendations and colorful interface, while the technically inclined will appreciate its advanced features and security.

Buying Options

Budget pick.

The best free password manager

The free version of Bitwarden covers all the basics of a good password manager and doesn’t cost anything. But features like advanced security reports and encrypted file storage cost extra.

What to know

A password manager creates a unique password for every account, which helps protect you from data breaches.

Password managers automatically fill in the username and password details for you, simplifying and speeding up the login process.

You’ll be able to access passwords from anywhere, including different computers, tablets, and your phone.

Password managers are locked behind a single password, so make it hard to guess and use multi-factor authentication on your account.

1Password has easy-to-use, polished apps that work on Windows PCs, Macs, Chromebooks, iPhones, iPads, Android devices, and the major web browsers. The Watchtower feature helps you identify and change weak, reused, or compromised passwords, and 1Password walks you through correcting these problems in clear, digestible language. 1Password uses strong encryption and good security practices , which sometimes leads to tedious interactions.

The free version of Bitwarden gets the basics right and doesn’t cost a thing, but it lacks a few features that make 1Password such a standout option. Many of those features, such as password checkups and 1 GB of encrypted storage, are available with Bitwarden’s reasonably priced, $10-per-year premium plan. Bitwarden isn’t as polished overall and lacks the in-app guidance of 1Password, which makes it harder for beginners to get the hang of. But the free version of Bitwarden offers the core features you need in a password manager, including the ability to sync as many passwords as you want across as many devices as you own, support for software multi-factor (or two-factor) authentication , and sharing between two people with separate logins using a two-person organization . Bitwarden works on the same devices as 1Password, so you can use it with any computer, phone, tablet, or browser.

Regardless of the password manager you use, it’s important to protect your data with a strong master password—we have advice for how to do that below.

The research

Why you should trust us, why you need a password manager, how we picked, how we tested, the best password manager: 1password, a great free password manager: bitwarden, making a good master password, why can’t you just use the chrome or browser password manager, is it safe to trust a password manager with all your passwords, what to look forward to, the competition, frequently asked questions.

Wirecutter has been testing and recommending password managers since 2016.

Max Eddy is Wirecutter’s senior staff writer covering privacy and security. He previously worked at PCMag for 11 years, where he also wrote about password managers and other tools for improving personal security.

Thorin Klosowski has spent a decade writing about technology, with a focus on software for many of those years. He has written about privacy and security for the bulk of that time and has tested countless password managers.

Andrew Cunningham spent years testing, reviewing, and otherwise writing about computers, phones, operating systems, apps, and other gadgets for AnandTech, Ars Technica, and Wirecutter. He has been building, upgrading, and fixing PCs for more than 15 years, and he spent five of those years in IT departments buying and repairing laptops and desktops as well as helping people buy the best hardware and software for their needs.

Passwords are as annoying as they are necessary, and a good password manager can keep you secure while making it easier to juggle the sheer number of passwords you need to be a person on the internet. Using a password manager is one of the most important things you can do to protect yourself online , aside from using multi-factor authentication and keeping your operating system and web browser up to date. If any of your passwords are weak and easy to guess, if you reuse any of your passwords across multiple sites, or if the sites you use are ever hacked and your account is compromised, you risk losing access to your accounts and your data. In fact, if you reuse passwords, chances are good that your password is already out there. You can even check to see if your email address or password has been involved in a data breach.

Password managers generate strong new passwords when you create accounts or change a password. They also store all of your passwords and, if you want, your credit card numbers, addresses, bank accounts, and other information in one place, secured with a single strong master password. All you need to remember is your master password, and your password manager can remember everything else, filling in your username and password for you whenever you log in to a site on your phone or computer. The best part is that once set up, a password manager makes your digital life easier, speeding up the login process and simplifying managing your online accounts. Getting started can be intimidating, but once you’ve done that, it’s a (mostly) painless experience.

For this guide, we’re focusing on the password managers that work best for individuals, rather than those intended for businesses to deploy and manage. To separate the great ones from the merely okay ones, we use the following criteria:

Good protection for your passwords: You’re trusting your password manager with your entire digital existence, and your password manager should store your data securely . A good password manager needs to use strong encryption to protect your data on your computer, on your password manager’s server, and when your data is moving between the two. But those promises of security only go so far, so we require that any password managers we recommend participate in regular third-party security audits (preferably audits that they make public) and have a bug-bounty program. Security audits aren’t perfect—they offer just a snapshot of the software and infrastructure—but they are a signal of trust and transparency.
Privacy: A password manager shouldn’t share data with third parties for advertising, so we check both the privacy policies and the mobile apps to confirm that they aren’t sharing data they aren’t supposed to.
Unlimited password storage: Any paid password manager should be able to store an unlimited number of passwords and other records, and enough free ones offer unlimited storage that you shouldn’t settle for less.
Sync between devices (and no limits on the number of devices you can use): You probably have more than one device that you use every day, between your home computer, your work computer, your phone, and your laptop. A good password manager should offer cloud syncing so that your passwords remain accessible anywhere on an unlimited number of devices.
Desktop and laptop compatibility: A password manager should have a Windows and macOS app that you can use to browse, add, and edit your information. We note Linux compatibility but don’t require it. Support for Chrome OS is generally covered by Chrome browser extensions.
Web browser compatibility: We prefer those password managers that offer browser extensions for Chrome, Edge, Firefox, and Safari. The extensions are responsible for autofilling passwords and other forms, as well as for generating and saving new passwords when you change one or make a new account.
iOS and Android compatibility: A password manager should have apps for both iOS and Android that are easy to use and capable of autofilling passwords in browser windows and within apps. The apps should walk you through the process of setting them up and giving them the permissions they need to work.
Ease of setup and use: A password manager should make it easy to get started or to transition from using browser-based password autofill, as well as to set up all the apps and browser extensions required. And once you’ve set up your password manager, it should be easy (not annoying) to use when you need it.
Tools to fix your security problems: Once your data is in your password manager, it should be able to identify weak, reused, and compromised passwords, and it should give you clear and easy-to-follow directions for changing them.
Support for biometric logins: If your phone, tablet, or laptop has a fingerprint reader or face-scanning camera, you should be able to unlock your password manager with that, rather than a password or PIN, for convenience’s sake.
Price: The paid password managers we evaluated usually cost between $10 and $60 per year for one person to use, though decent options are available for free. Password managers that offer family plans usually cover four or five people, so they’re generally a good deal even if your family has only two people. Although password managers often advertise a monthly subscription fee, the fees are typically billed yearly.
Password sharing: A good password manager should make it easy for you to securely share login data with someone else you trust for accounts that multiple people may need to access—for example, sites for paying your family’s bills, or shared email and social media accounts for a small business. This feature is common in paid password managers but rare in free ones.

After searching and consulting sites such as CNET , PCMag , Tom’s Guide , and Wired , we assembled a list of about 40 free and paid password managers. We dismissed most of them because they weren’t compatible with all of the operating systems and browsers we wanted or because they didn’t take part in third-party security audits.

In 2024, we tested 11 password managers: 1Password, Bitwarden, Dashlane, Enpass Premium, Keeper, mSecure, NordPass, Proton Pass, RoboForm Premium, Sticky Password, and Zoho Vault. We installed each of these password managers on a Windows PC, a Mac, an iPhone, and an Android phone.

A smartphone showing the open home screen for the 1Password app.

1Password offers the best combination of compatibility, ease of use, features, and price of any paid password manager we’ve tested. It has polished apps that work on just about any computer, tablet, phone, or web browser. We like how easy it is to identify and change weak, reused, or compromised passwords through the Watchtower feature, and we like how 1Password walks you through correcting those problems in clear, easy-to-follow language. The company has good security practices and uses strong encryption to protect passwords. 1Password costs $36 a year for individuals or $60 a year for families of two to five—on the high end of average for paid password managers—though it does offer free accounts for politicians and activists as well as journalists .

1Password is compatible with the most-used operating systems and browsers. Standalone apps for Windows , macOS , iOS , and Android all allow you to view and edit all the items in your vault. 1Password also has browser extensions for Chrome, Firefox, Brave, and Microsoft Edge that handle basic functions like autofilling passwords and creating new ones. If you use Safari on Mac, you need to download the desktop app, which includes the extension for Safari. We recommend downloading the desktop and mobile apps for your operating systems, along with the browser extensions for whatever web browsers you use. 1Password’s desktop apps for Windows and Mac are also far superior to what you get with Bitwarden, which requires the web app for features beyond password generation and search.

It’s easy to set up and use. We know that password managers can seem overwhelming to set up, but we think everyone should use them, not just the technologically savvy. 1Password does the best job of making it easy to incorporate a password manager into your daily habits with a user interface that’s simple to understand even for people who are new to a password manager. You can quickly view and change saved passwords and other information. Your default “vault” stores login information, credit card numbers, and data for autofilling forms. And if sorting items alphabetically or by tag isn’t good enough, you can create any number of vaults to organize your information (if you want to store logins for your personal accounts and work accounts separately, for example). This is especially important for 1Password Families or Business accounts, where you might want to share the contents of one vault with other 1Password users while keeping other vaults private.

All versions of 1Password and Bitwarden support logging in with your face or fingerprint, depending on what biometric authentication options your computer, phone, or tablet offers. We recommend using this feature on iOS and Android especially, where typing in a long master password multiple times a day will cost you time and annoy you. Both apps can replace iOS’s and Android’s built-in password-autofill features and can work in apps as well as on websites.

No password manager has a foolproof introduction that teaches you everything you need to know, but 1Password’s extensive support articles —which usually include large screenshots or video tutorials—make it a solid choice for people new to password managers. It’s easier to learn than most free options, including Bitwarden.

A screenshot of the 1Password Watchtower feature.

It's affordable for individuals and families. 1Password costs $36 a year for one person or $60 a year for families (regardless of whether your family has as few as two or as many as five people); it’s more expensive than some of our other finalists but about average for an excellent password manager. LastPass Premium costs the same amount for individuals but only $48 for families of up to six. Bitwarden’s free plan and $10-per-year Premium plan allow you to share with one other person for no extra cost, but if you want to share with more people than that, you need to sign up for a family plan for $40 a year. If you decide not to renew your 1Password account, you can still access your passwords, but you can’t create new ones.

When you set up a 1Password family plan, you put your passwords and other information in your shared vault instead of your personal vault to give access to everyone else on your plan. “ Family organizers ,” a group that includes the 1Password account that created your family’s account plus anyone they designate as a “family organizer,” can recover the accounts of other family members if they forget their master password or secret key, which is useful for helping kids or less technically inclined folks. 1Password doesn’t have any sort of emergency-access feature in cases where you or another family member cannot access their account; if you want your account shared after death, storing the Emergency Kit in a shared safe is the only way to do so.

1Password has strong security policies. By default, all of your information is backed up to 1Password’s servers; the data is protected under end-to-end 256-bit AES encryption, which means that no one but you can read it on 1Password’s servers (including 1Password employees) or when the data is in transit between 1Password’s servers and your device. Additionally, you need to present your master password and a “Secret Key” each time you set up a new device. This is a little tedious, but 1Password says it allows the company to better secure your data and ensure attackers can’t steal the means to decrypt your vault from 1Password. (For details, you can read more about 1Password’s security model .)

1Password has comprehensive features that improve your online security. 1Password’s Watchtower feature—which is both a dedicated section of the app and a collective name for all the ways in which 1Password tries to protect your logins—identifies weak and reused passwords, passwords for websites that don’t use the secure HTTPS protocol, passwords for sites that have been hacked, passwords that are about to expire, and accounts for which two-factor authentication is available but has not been enabled. 1Password told us that Watchtower can also highlight sites in your vault that now offer passkey authentication. In all cases, the app offers straightforward directions for solving the problem. Bitwarden has a similar feature, called Vault Health Reports, that’s available only for paid subscribers.

Other handy 1Password features include 1 GB of secure online storage for sensitive files, such as scans of sensitive documents, and Travel Mode , which allows you to temporarily remove selected vaults from your device if you’re worried about your device being searched or stolen while you’re traveling. 1Password integrates with Privacy , a service for creating one-time-use credit cards, which is convenient when you’re shopping online at sites you’re not confident in or testing out subscription services you don’t want to auto-renew. It also allows you to securely share anything in your vault , including documents, even if the recipient doesn’t use 1Password. Recently, 1Password added the ability to store passkeys . Version 8 of 1Password added the ability to autofill passwords in desktop apps on both Windows and Mac with its Quick Access tool, which simplifies logging in to all sorts of software.

Flaws but not dealbreakers

It’s the least awkward, but it’s still quirky. In our latest round of testing, 1Password sometimes struggled to recognize password fields on Android. No password manager we tested was free of these types of little peculiarities, though, and 1Password was less glitchy than most.

The quirks of 1Password start the second you prepare to install it. You can install just the browser extensions and get most of the basic features that people usually need, or you can also install the desktop apps and get advanced features for organization and benefits like Face ID or Windows Hello support. Or you can install both the extension and the desktop app, which is what we typically recommend, even though it can sometimes be difficult to know which one to use and when.

On iPhone and iPad, 1Password offers two methods to access your passwords, either through the Safari extension or the autofill menu . The Safari extension lets you interact with 1Password through the same small icon placed on the login field as it does on desktop, which is a little difficult to navigate on the smaller screen of an iPhone. Enabling both isn’t necessary and just adds confusion, so we recommend sticking with autofill. The same goes for Bitwarden, or any other third-party password manager you use.

Its security features can sometimes cause headaches. 1Password’s requirement of a Secret Key and a password to set up a new device is annoying, and we also found that 1Password frequently locked itself and re-prompted us for authentication. When it locks depends on the device, but logging in several times a day can be a pain. It’s good security for a password manager to lock itself periodically, but we know that most people don’t want to use something that they find more irritating than helpful. You can easily change this behavior in 1Password’s settings, or you can enable biometric authentication to log in faster.

There’s no free version. 1Password’s features are worth paying for, but Bitwarden shows that it’s possible to offer a free password manager that leaves off a few features without feeling too restrictive. That said, we’ve concluded that 1Password more than justifies its expense.

A close-up of the screen of a Macbook laptop on which the Bitwarden password manager app is being used.

If you don’t want to pay for a password manager, if the added features in 1Password aren’t appealing to you, or if you’d like to self-host your password manager, use Bitwarden . The free version of Bitwarden is missing a few features in comparison with 1Password, such as comprehensive password checkups, security-key support, and 1 GB of encrypted storage. But it has all the important features of a password manager: You can sync with as many devices as you want and store unlimited passwords, and the free account allows you to share password collections with one other person. And Bitwarden has the same wide-ranging compatibility as 1Password, so you can use it with just about any device. Bitwarden’s security protocol is similar to 1Password’s, so even if Bitwarden’s servers are compromised, your passwords are safe. Bitwarden now undergoes annual third-party security audits , similar to the repeated security audits 1Password does . If you’ve never used a password manager before, Bitwarden doesn’t teach you the basics as well as 1Password does, but its documentation is thorough and easy to search.

It’s widely supported across platforms. Bitwarden supports the same operating systems and browsers as 1Password does, including Windows , macOS , iOS , and Android . Bitwarden, like 1Password, supports logging in with your face or fingerprint, whichever method your device supports. It offers browser extensions for Chrome , Edge, Firefox , and several other browsers. Like 1Password, Bitwarden packs its Safari extension into the desktop app. You can also self-host Bitwarden, in which case it’ll never upload your password to the company’s servers, but setting that up is a complicated process .

A screenshot of the Bitwarden password manager app, displaying the saved passwords for the Best Buy website.

It has clean, usable apps and extensions. Functionally, the Bitwarden extensions and desktop apps do the minimum we ask of a password manager: They store and generate passwords. They’re not as polished as 1Password’s apps, they don’t alert you about weak passwords when you log in (you can click an icon in the extension to check when you visit a login page, though), and they don’t support Bitwarden’s premium password-audit features (you need to use the web app for those). On top of that, free accounts don’t get any password reports aside from a data-breach report, which checks Have I Been Pwned? for your email address. To scan your accounts for breaches, reused passwords, exposed passwords, and unsecured websites, you need to visit the Bitwarden website and have a $10-per-year premium account.

By contrast, 1Password’s audit notes and suggestions are visible throughout its apps and don’t require you to visit the website. On free accounts, Bitwarden Send , a feature that lets you share encrypted files, is limited to text sharing, but on premium accounts you can share other files, as well. Both the free and premium versions of Bitwarden include built-in support for multiple email alias services , including our favorite , SimpleLogin and Fastmail. This integration allows you to create an email alias and password when creating new accounts, a feature that’s limited to Fastmail accounts in 1Password . Like 1Password, Bitwarden can also store passkeys.

It gives you pretty much everything you need from a password manager. The biggest features you’re likely to miss in the free version are password audits, the option to grant emergency access to a person you choose, the ability to send files securely , priority tech support, and the 1 GB of secure storage. If you’re new to password managers and you want to try Bitwarden, the service is worth the $10 for at least one year so you can improve any weak passwords you have right now. Unlike most free password managers, Bitwarden allows you to share a collection of passwords with one other Bitwarden user for free; you have to pay if you need to share with more people. This feature is handy if you want to share certain logins with a partner or roommate, for example, whether that’s for banking access or just your video-streaming account.

It doesn’t restrict the number of devices you can use or passwords you can store like other free password managers do. According to Bitwarden’s privacy policy , the company doesn’t sell or share any personal information for commercial purposes, (Bitwarden does gather some anonymized usage data, but it’s nothing we’re concerned about), though the free version does show you an ad for the premium account.

It has unique onboarding and support options. Bitwarden’s documentation has improved over the years , even introducing video tutorials , but 1Password still does a more comprehensive job of onboarding people who have never used a password manager before. Bitwarden does offer some tools that 1Password doesn’t, including occasional training events that walk you through the setup process and features. If you can’t attend, you can replay the event video. We think 1Password is easier to get the hang of using if you’ve never used a password manager before, but Bitwarden isn’t far behind.

The main benefit of using a password manager is that you need to remember only one password, instead of dozens, to access all of your accounts. But the one password you do need to keep track of—your master password—must be a good one.

The Cybersecurity and Infrastructure Security Agency recommends that passwords be at least 16 characters long or comprise five to seven individual words. 1Password suggests making a long but memorable password, perhaps composed of multiple random words with dashes, periods, or some other easy-to-remember punctuation in between. The password generators from 1Password and Bitwarden offer a handy way to make one of these passwords regardless of the software you use.

A screenshot of the strong password generator screen in 1Password.

The argument for creating a memorable but unique password is that you can memorize it yourself without making it easy for others to guess; you should try to memorize your master password if at all possible. But in case of emergencies, you should also write it down on a physical piece of paper and put it somewhere safe—storing it digitally, especially using a cloud service like Dropbox, Google Drive, iCloud, or OneDrive, risks exposing it to hackers, which would defeat the purpose. 1Password even gives you a handy Emergency Kit printout on which you can write your account information, your secret key, and your password, along with a QR code you can scan when you set up 1Password on a new phone, tablet, or computer.

Of course, your master password shouldn’t be the only thing protecting your account. You should also protect your password manager by using two-factor authentication. An app such as Authy or a security key can secure your account further. When you log in, you’re asked to supply both your password and the second factor—either a code from an authentication app or a physical security key—before you can log in on a new device. This means that if someone gets your master password, they still won’t be able to log in to your account without the second factor. This extra step might sound like a pain, but it’s necessary only when you sign in from somewhere new—such as a new browser, laptop, or phone—so it doesn’t cause friction daily.

Most web browsers offer to save your passwords for you, and some—including newer versions of Chrome , Firefox , and Safari — offer to generate new ones for you, just like a password manager. They can even alert you to password reuse and breaches.

Using your browser’s password storage is far better than doing nothing; most major browsers support some kind of syncing across devices, offer encryption and two-factor authentication for password data, and can fill in other forms for you. But using a standalone password manager has one primary benefit: It can work across multiple operating systems and browsers depending on what you prefer. Interoperability is improving (you can now save a password in Chrome and access it in Safari on mobile, for example), but browser-based password managers still sometimes work only in that browser, and if they do offer support across platforms, that feature tends to be awkward to use. But those restrictions can be a strength, too: Built-in password managers are often easier to use for newcomers, and since they’re integrated at a system or browser level, they are less clunky and require less setup than standalone software.

Good standalone password managers also include features not often found in browser-based password managers, such as mechanisms for easily sharing passwords with family members and friends when many people need to log in to a single site. And because the password managers we recommend include standalone apps as well as browser extensions, you can easily use a password manager to store other data, such as software product keys, addresses, bank account numbers, and credit card numbers (some browsers also offer to store these things for you; others don’t).

If you have been using your browser’s built-in mechanism for saving passwords and want to move on to a standalone password manager, both 1Password and Bitwarden can import saved passwords so you don’t need to start from scratch.

Protecting all of your passwords with a strong master password is convenient, but what happens if your password manager’s servers are compromised and your data is stolen?

Both 1Password and Bitwarden are transparent about their security models and what they’re doing to keep your data safe even in the event of a hack . Both use 256-bit AES encryption to make your data unreadable to anyone without your master password, whether your data is stored on your personal phone or computer, stored on 1Password’s or Bitwarden’s servers, or in transit between your devices and the servers. Both also claim to have a “zero-knowledge” security model, where no one working for 1Password or Bitwarden can ever see your master password, so no employee (and no one who has broken into their systems) could decrypt your data and see it even if they had access to it. 1Password routinely subjects itself to third-party security audits to make sure that its systems are secure and that it follows security best practices. Bitwarden does security audits every year, completing its most recent audit in 2023 . Both 1Password and Bitwarden also interact with security researchers through public bug-bounty programs.

Using a password manager that stores data in the cloud comes with some inherent risk, but we think 1Password and Bitwarden manage it well. If you absolutely must keep your passwords stored locally, KeePassXC may be a good fit.

The privacy policies of 1Password and Bitwarden lay out what information the companies gather and in what circumstances third parties might be involved. We didn’t see anything that gave cause for concern. Both companies told us directly, and state in their documentation, that they will not sell or share customer data for commercial purposes.

1Password and Bitwarden both support generating multi-factor authentication codes for your logins—storing what’s called TOTP codes just like a standalone authentication app would—but we do not recommend using this feature in your password manager. Although the feature provides some convenience by autofilling the code for you, the result is that if an intruder gains access to your password manager, they can also get into all your accounts. You should enable multi-factor authentication for the password manager itself, so you might as well use that same authenticator app (or security key) for the rest of your authentication needs.

A Proton Pass desktop app is now available for Windows, and the company says it plans to launch macOS and Linux apps soon. We previously dismissed Proton Pass partly for its lack of platform support, so we plan to reevaluate it when the desktop apps are available.

LastPass Free was once an easy recommendation, but in December 2022, LastPass announced a data breach that exposed encrypted password vaults along with personal details , including names, email addresses, IP addresses, phone numbers, and some billing information. Account passwords weren’t exposed, but hackers can theoretically access password vaults by guessing master passwords. If a master password is weak, that exposure could happen quickly . The breach was so bad that security experts recommended that anyone who uses LastPass change all their passwords and consider moving to another password manager . In February 2023, the company revealed that an attacker had also gained access to a LastPass employee’s home computer , snagging the employee’s password for a corporate vault in the process. This doesn’t affect the already bad state of customer accounts, but it does make the company look even worse. Since then, the company has changed some policies to improve the security of vault data.

Dashlane Premium is as polished as 1Password and also has a free version, but that version is limited to one device, and most people have multiple devices. At $60 a year, Dashlane’s most popular plan is expensive; the $90-a-year family plan that covers up to 10 people is a better deal, but that’s still $30 more annually than 1Password’s family plan.

Keeper and NordPass have many of the same paid features as 1Password does, but we found both apps less intuitive to use than 1Password. The pricing plans of both are confusing, relying on annual discounts or doling out specific features piecemeal. Proton Pass has a polished interface, but has few features and currently does not support Safari. Zoho Vault is especially intriguing because it’s completely free for one person, but we found it was overly complicated and clearly intended for enterprise use. And although we found Enpass Premium too complex for most people, it’s an intriguing option for anyone who wants to keep control of their password manager data.

We dismissed most other password managers for lacking one or more features, such as not participating in third-party security audits or not supporting one or more of our desired operating systems. That list includes Ascendo DataVault Password Manager , Avira Password Manager Pro , Bitdefender Password Manager, eWallet , F-Secure ID Protection , LogMeOnce , McAfee True Key , mSecure , Norton Password Manager , oneSafe , Password Boss , Password Safe , RoboForm Premium , SaferPass Premium , SplashID Pro , and Sticky Password .

This article was edited by Caitlin McGarry.

Should I use the two-factor authentication codes my password manager provides?

1Password and Bitwarden both support storing two-factor authentication codes, but we don’t recommend using that feature. If a snoop or intruder does somehow access your password manager, they would then also get into all the accounts with two-factor authentication enabled. You should enable two-factor authentication to protect your password manager account anyway, so you might as well use that same 2FA app (or key) for the rest of your authentication needs.

Can I use a password manager with a YubiKey?

Usually, yes. Both 1Password and Bitwarden Premium accounts support security keys as a second factor for login.

Are “suggested passwords” safe?

Yes. Suggested passwords are randomly generated, so it’s very unlikely that someone could guess them. Both of our picks allow you to set up different rules for password creation—such as what sorts of characters to include or whether to use real words—but the default settings are secure enough for most people. However, if one of your suggested passwords is swept up in a data breach, you should still change it.

Doesn’t prefilling passwords mean that anyone at my computer can log in to my accounts?

That’s true only if you unlock your password manager and then walk away from your computer. Password managers are generally designed to “lock” after a period of inactivity, requiring your master password before they’ll work again.

You can also avoid the problem by locking your computer whenever you walk away from it. You can do so by putting your computer to sleep, or by pressing the Windows+L (on Windows) or Control+Shift+Power (on MacBooks) keyboard shortcut.

Can I access my passwords on a public computer?

Yes. 1Password and Bitwarden both have web apps that you can log in to from anywhere—they don’t support the same convenient autofill capabilities as the browser extensions, but they do provide easy access to your passwords and any other information you have stored. Remember to log out of them when you’re done using the public computer.

Does a password manager work on my iPhone or Android phone?

Yes. Most password managers with iOS and Android apps can autofill usernames and passwords both on websites and in apps, replacing (or augmenting) the built-in autofill features in those operating systems. You can find directions for setting this up in 1Password on iOS and Android , as well as directions for Bitwarden on iOS and Android .

What if I forget my master password?

A good password manager is designed so that a person who doesn’t know your master password will never be able to get into your account and access your data—and that includes yourself. Make sure to write down your master password (and we mean actually write it down, with pen and paper) and store it somewhere safe to prevent this from happening.

If you have forgotten your master password, your options depend on which password manager you’re using. In Bitwarden, you need to delete your entire account and start again from scratch. 1Password gives you a couple of other options, including resetting your master password from another family member’s account. If you do need to start from scratch, the process is annoying and time-consuming, but it isn’t the end of the world—you’ll need to reset every password on every site you use, but once you’ve done that, you’ll be back where you started.

Can I share passwords with a family member?

A 1Password family plan allows family members to share different vaults, so you can share some logins (for paying bills or managing finances, for example) but not others (for personal email or sites you use for work, say). Bitwarden offers the same features for less money, though it’s less user-friendly; you need to set up an “ organization ” to create and share password vaults. A two-person organization is free, while larger organizations cost $3 per month per person.

How do password managers work with passkeys?

Passkeys are a new secure authentication technology, endorsed by Apple, Google, and Microsoft, that is designed to replace passwords. That might lead you to think the days of password managers are numbered, but that isn’t the case. For one thing, passkeys are very new and still aren’t widely supported. For another, you need a place to store your passkeys, and several password managers—including 1Password and Bitwarden—now let you do just that. You can even log in to a Bitwarden account with a passkey, and the same feature is currently available in beta on 1Password .

Sarah Brown, What if 1Password gets hacked? , 1Password Blog , April 8, 2020

Kyle Spearrin, Bitwarden Upholds High Security Standards with Annual Third-Party Audits , The Bitwarden Blog , February 28, 2023

Bitwarden Security Paper (PDF) , Bitwarden, October 2020

1Password Security Design (PDF) , 1Password , October 25, 2023

Meet your guides

Andrew Cunningham

Andrew Cunningham is a former senior staff writer on Wirecutter's tech team. He has been writing about laptops, phones, routers, and other tech since 2011. Before that he spent five years in IT fixing computers and helping people buy the best tech for their needs. He also co-hosts the book podcast Overdue and the TV podcast Appointment Television.

Thorin Klosowski

Thorin Klosowski is the former editor of privacy and security topics at Wirecutter. He has been writing about technology for over a decade, with an emphasis on learning by doing—which is to say, breaking things as often as possible to see how they work. For better or worse, he applies that same DIY approach to his reporting.

Back Up and Secure Your Digital Life

by Haley Perry

From password managers to backup software, here are the apps and services everyone needs to protect themselves from security breaches and data loss.

Three different Security Keys next to a laptop.

The Best Security Key for Multi-Factor Authentication

by Max Eddy

A physical security key helps you protect your online accounts, and Yubico still makes the best one.

Our Favorite Password Manager Remembers All of Your Logins So You Don’t Have To

by James Austin

1Password remembers all of your online logins so that you don’t have to.

An image of an iPhone showing the 1Password launch screen.

How to Get the Most Out of 1Password

by Thorin Klosowski

Everyone should use a password manager. Our expert walks you through how to set up and take advantage of the features in our favorite, 1Password.

Using Apple’s iCloud Passwords Outside Safari

We regularly recommend using a password manager like 1Password, and for good reason. Passkeys may eventually take over—and I hope to explore them soon—but until that time, we’re stuck with passwords, and managing them manually is less secure and vastly more work. For many years, solutions like 1Password, BitWarden, Dashlane, and LastPass (which I no longer recommend—see “ LastPass Publishes More Details about Its Data Breaches ,” 3 March 2023) fell into the must-have category.

Apple’s Keychain Access utility has long provided basic password management capabilities in macOS but has never been particularly usable. With macOS 12 Monterey, iOS 15, and iPadOS 15, Apple gave passwords a better user-facing interface in System Preferences and Safari on the Mac and the Settings app on the iPhone and iPad. Although the settings screens are labeled Passwords and the iCloud-based password syncing feature is called iCloud Keychain, Apple doesn’t seem to have a formal name for the totality of these password management features, making it hard to talk about them in the same sentence as something like 1Password. For this article, I will use the name iCloud Passwords for reasons that will soon become obvious.

Although iCloud Passwords didn’t—and still doesn’t—have full feature parity with third-party password managers, it was pretty good. It offered all the basics, such as auto-fill, editing, searching, and even syncing through iCloud Keychain. Over time, Apple added support for one-time passwords, password sharing, and more. Importantly, it’s also completely free.

Despite these improvements, iCloud Passwords suffered in one significant way: it worked only in Safari. On the iPhone and iPad, that wasn’t a problem because other Web browsers relied on the same WebKit engine as Safari. (Apple also allowed Safari to treat third-party password managers as first-class alternatives.) But Mac users who wanted to use Chromium-based browsers like Arc, Brave, Google Chrome, Microsoft Edge, Opera, and Vivaldi, or Mozilla’s Firefox couldn’t take advantage of iCloud Passwords.

In 2021, Apple released the iCloud Passwords extension for Google Chrome, but only for Windows. In July 2023, Apple updated it to version 2.0, adding support for Mac versions of Google Chrome running in macOS 14 Sonoma. Although I’m happy with 1Password, I’ve been using iCloud Passwords for the past month in Arc to see if I could recommend iCloud Passwords for those who don’t rely on Safari. While I miss features from 1Password, the answer is yes: iCloud Passwords works fine. At least that’s true for me—I see reviews on the Chrome Web Store page that claim it doesn’t work or broke after some update, but I’ve been using it long enough that I’m comfortable saying it’s functional.

Although Apple released iCloud Passwords only for Chromium browsers—and it seems to work equally as well in all the variants I’ve tried—the company has done nothing for Firefox users. However, an independent developer named Aurélien recently published a Firefox add-on also called iCloud Passwords , so that’s an option for those running Sonoma or recent versions of Windows—it doesn’t work for earlier versions of macOS. It’s not yet well-known, with only 716 users last I checked (versus 2 million for the iCloud Passwords Chrome extension), but I’ve installed it and verified that it works. Although I’m a little hesitant to recommend an independent add-on that interacts with a system-wide password store, it’s open source, and anyone can view its code on GitHub .

Passwords Settings

Before we get to the specifics of using iCloud Passwords in a Chromium browser, I want to review the basics of password management in macOS. You access your passwords in System Settings > Passwords or Safari > Settings > Passwords —they’re the same—and you must authenticate every time you go there. Touch ID or Apple Watch authentication makes that a lot easier.

Let’s look at all the options from the top:

Search field: Use this to find logins in the list below by searching for the site name or username. Unlike 1Password, you can’t search for strings contained in your passwords.
+ menu: Choose New Password or New Shared Group as desired. Most of the time, you’ll create new logins while setting up an account on a website—iCloud Passwords offers to remember the login information for you. More on shared groups shortly.
••• menu: Apple puts the Import and Export commands in this unhelpfully labeled menu. The import/export format is CSV, and Apple warns that exported passwords will be stored unencrypted. (As an aside, I think using + and ••• to label menus is borderline criminal interface design, but it’s just one of many decisions in System Settings that will make its designers first up against the wall when the revolution comes.)

iCloud Passwords Security Recommendations

Nothing in Passwords Settings will set the world on fire, but Apple has provided a solid set of basic features.

iCloud Passwords in a Browser

To autofill your passwords in a Chromium browser like Arc, Brave, or Google Chrome, you need to install Apple’s iCloud Passwords extension from the Chrome Web Store. That’s as simple as clicking the Add to Chrome button and acknowledging that you want to install when prompted.

How you interact with extensions varies a bit by browser, though most let you add them to a toolbar. In Chromium browsers other than Arc (which has a bug in this area), clicking a login form displays a notification that you can click to enable Password AutoFill. Arc has no such toolbar, but choosing Extensions > iCloud Passwords has the same effect as clicking the toolbar button or the notification.

However you invoke it, iCloud Passwords presents you with two dialogs: a system-level dialog with a verification code and a browser-level dialog into which you enter it. If you make a mistake typing, you’re instantly presented with another code.

Although this verification approach is straightforward, it’s required for every launch of the Web browser, so you may end up typing a lot of verification codes. It’s much easier to use biometric authentication via Touch ID or an Apple Watch in 1Password; I presume other password managers also support biometric authentication.

Once you’ve enabled Password AutoFill, it’s trivially easy to use. Just click in a login form, and iCloud Passwords detects that action and presents you with passwords that match the domain of the site you’re on. Click one to enter its information in the login form fields. Typically, only a single password will appear, but if you have multiple logins at different sites within the same domain, as I do in the screenshot below, you get to pick one.

(As an aside, this domain detection is one of the key reasons to use a password manager—they can’t be fooled into helping you enter a password onto a malicious site pretending to be something else. A human might not notice, but app1e.com isn’t apple.com in the eyes of a password manager.)

If a login form has both a username and password field, iCloud Passwords will autofill both. If the login process first requires you to enter your username, followed by the password after a form or page refresh, you’ll likely have to click again to autofill the password separately. 1Password is better at injecting the password into the second field that appears without requiring manual intervention.

One last thing. If you need to create a new account, iCloud Passwords almost always notices and offers to save your credentials. What it doesn’t do, unfortunately, is create a secure password for you. Instead, it suggests creating a strong password in System Settings > Passwords or opening the page in Safari (below left, ignore the broken graphic icon). Indeed, Safari automatically generates strong passwords and saves them to your password collection when you click Use Strong Password (below right). So, the better part of valor is to switch to Safari when creating new accounts and then switch back to log in with the new credentials. If you instead use System Settings > Passwords , you’ll have to click the + menu, choose New Password, click the Create Strong Password button, copy the password, switch back to your browser, and paste the password.

iCloud Passwords generate strong passwords elsewhere

Limitations Compared to Other Password Managers

I’ve mentioned a few ways that iCloud Passwords fails to match up to the likes of 1Password, but let’s collect all of them here so you get a sense of the difference. iCloud Passwords:

Generates many more verification requests.
Doesn’t support biometric authentication, so those verification requests can be answered only by typing in a six-digit code. (Although the code may be easier than typing in a master password.)
Isn’t quite as capable of autofilling login fields separated by a form or page refresh.
Sometimes fails to offer to save a manual login.

Supports only logins, unlike other password managers, which can store many other types of private information, such as identity cards, medical record cards, bank accounts, API credentials, secure notes, and even documents.

Can’t autofill credit card or address information.

You can work around this last limitation using browser features. Chromium browsers can all autofill payment methods and addresses, but by default, iCloud Passwords blocks those features from working, even though it won’t help you in that department. If you circumvent the iCloud Passwords block on browser autofill, you can get the best of both worlds. Follow these steps:

In your Chromium browser, navigate to the Extensions page, usually by choosing Window > Extensions . In Arc, it’s Extensions > Manage Extensions .

iCloud Passwords Chrome extension Details

Once you’ve done all that, you should be in a situation where iCloud Passwords autofills your login credentials, and your browser autofills credit card information and addresses. The browser-level interface looks a little different but works well—you simply click in a credit card or address field and then click the desired set of information from the pop-up.

Chromium browsers autofilling payment and address info

Now that I’ve written this article, I fully admit that I’m going to disable iCloud Passwords and revert to 1Password because it’s easier to use and autofills more information. Plus, my nearly 1000 logins are stored in 1Password—I’ve been using 1Password’s Quick Access pop-up to find and enter credentials in Arc logins so iCloud Passwords could remember them. In the past month, I’ve migrated 73 logins to iCloud Passwords, and although those take care of most of my day-to-day logins, I never get through a week without having to bring more over from 1Password.

But it’s clear that with the addition of the iCloud Passwords extension for Chromium browsers and some judicious browser configuration for payment methods and addresses, it’s entirely possible to rely on Apple’s free password management tools.

Subscribe today so you don’t miss any TidBITS articles!

Every week you’ll get tech tips, in-depth reviews, and insightful news analysis for discerning Apple users. For over 33 years, we’ve published professional, member-supported tech journalism that makes you smarter.

Registration confirmation will be emailed to you.

This site is protected by reCAPTCHA. The Google Privacy Policy and Terms of Service apply.

Comments About Using Apple’s iCloud Passwords Outside Safari

Notable replies.

Since I use Safari 99% of the time and have simple needs for a password manager, keychain works very well for me. I also don’t use any non-Apple platforms or Chromium browsers.

My objection to 1Password is based on two principles I try to adhere to: I really don’t like subscription apps and like even less electron based apps, which I consider to be poor Mac citizens. Even though I have 36 GB of RAM on my M3 Pro, it irks me to use a lazily created app which uses electron and, to add insult to injury, needs a subscription fee (even if it is not large).

So far, these principles have not inhibited me in any way in my choice of apps I run on my Mac.

Thank you for yet another thoughtful and informative article.

Don’t beat around the bush, tell me what you really think.

While I agree with you, I would emphasize that what makes “using + and ••• to label menus” a capital crime is to have no hint appear when one hovers over the cryptic symbol.

The Keychain app has for years supported secure notes which offers a safe haven for that kind of information. However, it is true that it unfortunately does not sync to an iOS front-end even when users have iCloud Keychain turned on. So that makes it Mac-only which limits its usefulness I guess.

Of course Notes also offers secure notes and they can hold all kinds of information (including images, PDFs, etc.) and they sync very nicely across iCloud to other devices you have connected to your Apple ID.

For me the greatest limitation of Apple’s inbuilt password manager / keychain is that it is secured by your Mac password. This means that if you take your Mac in for repairs and the technician needs your computer password, they can access all your Keychain passwords as well. In many cases this can be prevented by setting up a separate administrator account, but most home users don’t know to do this and technicians rarely encourage it.

My customers with password managers have bigger issues with passwords than my customers just using keychain-password settings. I juse keychain because I would rather change a password than somehow “find” one and reuse. (this happens more often than expected) - How secure is Chrome/Firefox/etc password management ? You only know of security of these things in past tense. None of these managers resolve the bigger problem - when stuff is breached or a password is ‘uncoordinated’ - there is no AI crawler to remove breachs or faulted passwords. My wife’s online stock manager password system routinely locks you out forever if three attempts fail and then you have to contact a PERSON who then generates a new password request via snailmail. I have their system fail on my (with the correct password-so i imagine an acceptance glitch on their end creates this havoc) The availability of Password in a browser is inherently a security issue in itself. (small bias: don’t entirely feel anything from Alphabet is 'reliable" as to security - my old edict “The Google giveth - the Google taketh away” still stands.) I do trust Apple’s “values system” though.

I use to use 1 Password Application but switched to Enpass and have had no real problems with it on my Mac Studio running Sonoma. I have used it for over two years now and am wondering why you haven’t mentioned it yet? I also use it on my iPhone and Love the fact that is keeps everything updated on both my desk top computer and my iPhone. Is there some potential problem with this software that I am not aware of?

Respectfully yours Timothy Freitas

Thanks - this is a great introduction to something I didn’t realize was built into Ventura; I had been using Keychain and the Password Manager built into Firefox. Since I find it loaded with the contents of Keychain, I now have a nicer interface to work with. I wish it worked with Firefox.

I did find one thing I consider a problem. All the passwords I checked were listed as last modified 11/28/21, which presumably was the date the password file was created. That unfortunately wiped out the earlier dates when the passwords were created, so I have lost any indication of how old the passwords were created. I often find I need that to pick out passwords that are obsolete because the web site has been redesigned and no longer uses that page.

Purely because I have no experience with Enpass and it doesn’t come up in discussions here as a common choice for password managers. I’ve never heard anything particularly bad about it, though.

As you can see, there are a LOT of options.

Have you tried the iCloud Passwords add-on I mention briefly in the article?

Thanks for your input. BTW I have always respected TidBITS and trusted their reviews and advice.

Respectfully Yours Timothy Freitas

I’m still on Ventura, and you said the add-on required Sonora. The last I have heard, Mail still has problems in Sonora, and I don’t want to risk Mail problems.

Ah, sorry, missed that fact. I suspect the iCloud Passwords extension and add-on leverage some new API in Sonoma, but I don’t know for sure.

Hey Adam, Thanks for the article.

My opinion: Apple is providing too little (or too much), too late.

Like you, I am perfectly happy with my 1Password app. Also, while you mention the Apple iClouds Passwords is “free”, this means no financial purchase is necessary. But the feature is not free, in terms of the effort of moving one’s entire set of passwords over to the Apple feature, which apparently would include a learning curve, as well.

Wishing you clear skies on 08 Apr 2024.

I stopped using Apples password manager and went to a app called StrongPassword.app. Strong Password . It has what I need, but eventually passcodes with take over as they have on Gmail

Hey Adam – In the Password Options paragraph, you wrote: “… I’m intrigued by the “Use passwords and passkeys from” section. iCloud Keychain is the only option here … Perhaps Apple will open up macOS to others in the future.”

Well Sonoma actually does have this:

I use Strongbox (by Phoebe Code Ltd.) on my Mac, iPad, and iPhone. The option shown in the screenshot allows me to use Strongbox to autofill on Safari. Plus Strongbox has extensions for Chrome and Firefox.

I believe you still have to have iCloud Keychain enabled as well (and Apple makes it a little clunky when adding new entries from a website). But the overall UX with Strongbox is quite nice.

Yup, essentially going to say this. Strongbox already has an extension, but it’s nice to have options. I don’t like Apple’s extension very much because it’s invasive (turns off Chrome’s autofill until you configure it otherwise, constant prompt for the verification code from the system) but otherwise it’s serviceable enough. Naturally the Safari experience is a great deal more luscious.

Interesting! I wonder what other password managers do this—1Password does not. Perhaps it’s a way that apps that haven’t already put effort into autofill can take advantage of Apple’s built-in code.

I think I’ve tried out several that supported it. I know KeePassium does because I just checked for other apps showing up there on my computer.

For those of you who are using Apple’s password manager and are looking for an easier way to access the password database without digging through Settings, here is a link to a video that shows how to make a password app using Shortcuts and put it right in your Dock. Password app for iPhone and Mac

GREAT COMMENT THREAD!

I live in password hell as competing programs across devices snatch (autostore) and try to competitively Auto-fill in ways I cannot track. Often get locked out as a consequence. “Conflicts” between Windows, Edge, Firefox, 1Password, MacOs/Safari make changes and legacy password management a constant burden.

Note: there are 16+ “What’s my F___ing Password?!” log books for writing them down on Amazon alone.

Complexity without utility, and the burden to elderly and impaired users “forced to go digital” is pernicious.

Do any of the current lised crop of password apps allow a local encrypted file which I manage myself?

(I’ve been using PasswordWallet since it first came out and have never had any problems with it. It appears to still be available. Is there something wrong with it?)

Join the discussion in the TidBITS Discourse forum

Participants.

TechRepublic

Account information.

Share with Your Friends

6 Best Open Source Password Managers for Mac in 2024

Your email has been sent

Best overall: MacPass
Best for multiplatform support: Bitwarden
Best for tech-savvy Mac users: gopass
Best for Unix users: QtPass
Best open source offline password manager: KeePassX
Best for team-level password management: Passbolt

Maintaining strong, unique passwords for every online account is essential for Mac users seeking to enhance their digital security and privacy. While proprietary password managers offer convenience, open source alternatives provide transparency by allowing public scrutiny of their code, ensuring trustworthiness and strong security measures. Moreover, open source password managers grant users complete control over their data, reducing potential privacy concerns associated with closed-source software.

SEE: How Do Password Managers Work and Why Do You Need One? (TechRepublic)

This article explores the top open source password manager options for Mac users, with a focus on their core features, pros and cons, and pricing.

Featured Partners

1 uniqkey - business password manager.

Top open source password managers for Mac: Comparison table

The following table compares some of the top options across critical features like cloud sync, browser integration and mobile apps.

6 best open source password managers for Mac

Macpass: best overall.

MacPass is an open-source password manager designed specifically for macOS users. It employs encryption methods such as AES and Twofish algorithms to ensure the security of stored data.

The application offers several features, including customizable icons, a password generator with adjustable settings and the ability to set expiration dates for passwords. You can take advantage of functionalities like auto-saving, undo/redo options, drag-and-drop capabilities for easy organization and autotype for authentication across various platforms.

MacPass also supports database synchronization to prevent data loss and includes a history feature to track changes made to entries over time. With its macOS-optimized interface and comprehensive set of features, MacPass aims to provide a reliable and efficient password management solution for macOS users.

Why we chose MacPass

We picked MacPass as the best overall because it’s tailored specifically for Mac users as well as boasting some advanced password management functions, all for free.

MacPass is free.
Drag and drop for easy control.
Customizable icons for entries.
Customizable password generator.
Expiration date settings for passwords.
Autofill feature for convenient authentication.
History tracking to monitor password changes over time.
It can auto-update.
Strong encryption for secure password storage.
Customizable features like icons and password generation methods.
Encryption using two algorithms.
Limited integration features compared to some other options.
Requires manual setup for browser integration.

Bitwarden: Best for multiplatform support

Bitwarden is a top contender for Mac users seeking a secure and feature-packed password manager. The app offers a native Mac app with a sleek, intuitive interface that blends with the macOS ecosystem.

The Safari web extension comes with the Bitwarden desktop app, which means you don’t need to download it separately from the app store. Its cloud-based synchronization ensures your passwords and sensitive data are always up-to-date and accessible from anywhere, making it an ideal choice for individuals who frequently switch between different Apple devices or operating systems.

Notable features include single sign-on, password autofill, vault administration and organization management, unlimited password storage and device syncing.

Bitwarden password vaults administration.

Why we chose Bitwarden

We selected Bitwarden for its cross-platform compatibility and cloud synchronization support.

Bitwarden offers two main pricing points: Personal and Business. Below is a breakdown of the prices.

Personal plans

Free: For individual users and offers unlimited devices, passkey management and other core capabilities.
Premium: Less than $1 per month, billed $10 annually.
Families: Costs $3.33 for up to six users, billed $40 annually.

Business plans

Teams: Starts at $4 per user /month, billed annually.
Enterprise: Starts at $6 per user/month, billed annually.

Note: Families, Teams and Enterprise plans all come with a free trial.

Cross-platform compatibility (Mac, Windows, Linux, iOS, Android).
Cloud-based synchronization across devices.
Integrated password generator and secure password sharing.
Biometric authentication (Touch ID, Face ID) support.
Credential generator (username and password).
Cloud sync for easy access across devices.
Emergency access for trusted individuals.
Multi-platform support.
Passkey support.
Free version.
Unlimited devices.
No password breach monitoring in the free version.
The free version lacks 24/7 email support.

gopass: Best for tech-savvy Mac users

gopass is a lightweight but efficient open-source password manager designed for tech-savvy Mac users seeking a simple yet secure command-line solution for storing and managing passwords.

One of its key functionalities is the ability to work seamlessly with existing setups, supporting the initialization of a git repository in the store by default. This feature ensures efficient synchronization as it automatically pulls and pushes data when modifications are made on the app.

SEE: Brute Force and Dictionary Attacks: A Guide for IT Leaders (TechRepublic Premium)

With gopass, you can store not only passwords but also various other types of data as encrypted binary files within the password vault. The ability to create multiple separate stores, or mounts, allows for organized data management. As a security measure, gopass prompts you to verify recipient details during encryption to prevent accidental data exposure.

While it may lack some advanced features compared to other password managers, its focus on simplicity and security makes it a practical choice for those seeking a lightweight solution. Although gopass is a decent open-source password manager, its design makes it somewhat unsuitable for non-technical Mac users.

Why we chose gopass

We identified gopass as the ideal solution for tech-savvy Mac users due to its technical approach to password management through command-line access.

gopass is cost-free.

Support for storing various types of data as binary files.
Creation of multiple stores for better organization.
Default verification prompt during encryption.
Compatibility with other password manager projects.
Data storage is decentralized.
Auto sync with git repository.
Compatibility with other password management projects.
It can run on Linux, macOS, Windows and BSD(Unix-like operating system).
Compatible with iOS, Android, Chrome, Firefox apps.
Only accessible via the command line interface.
Lacks key password management features like MFA.

QtPass: Best for Unix users

QtPass is a cross-platform password manager designed to simplify password management while adhering to the Unix operating system. The tool is known for its compatibility with Pass, a popular Unix password manager.

With QtPass, each password is stored securely in an encrypted file, named after the related website or service. These files can be organized into folders and easily moved between devices. QtPass offers multi-platform support on Linux, BSD, macOS and Windows.

In addition, the solution offers configurable shoulder surfing protection options, per-folder user selection for multi-recipient encryption, support for multiple profiles for grouping passwords based on different repositories and GPG keys, and an easy onboarding process with clear installation instructions.

Why we chose QtPass

We identified QtPass as the best option for Unix users due to its compatibility with a Unix-based operating system.

QtPass is free.

Cross-platform compatibility with Linux, BSD, macOS and Windows.
Secure password storage using GPG encryption.
Multi-key and multi-recipient encryption support.
Integration with Git.
Clipboard integration for copying passwords.
Free and open-source software.
Cross-platform compatibility.
Secure encryption with GPG.
Integrates with existing Pass ecosystem.
Relies on external tools like GPG and Git for full functionality.
No built-in cloud synchronization (requires Git or WebDAV setup).
Limited features compared to some proprietary password managers.

KeePassX: Best open source offline password manager

KeePassX is an open-source password manager that is compatible with Mac, Linux and Windows. It is a community-developed fork of KeePass, a well-regarded password manager for Windows.

The software can manage passwords, login details, attachments, notes and documents. It includes a customizable password generator, browser integration and options to import databases. However, it does not support plug-ins, unlike the original software.

SEE: Are Password Managers Safe to Use? (TechRepublic)

KeePassX operates offline, which can be an advantage for users who prefer to manage their passwords independently. However, the absence of built-in password synchronization might be a drawback for some users. Additionally, some users might find the interface outdated.

While KeePassX is a secure and reliable open-source password manager for Mac users, its lack of certain features and its interface might not appeal to all users.

Why we chose KeePassX

KeePassX is our best offline password manager due to its non-reliance on the cloud to perform its functions.

KeePassX is a free service.

Password generator.
Search function.
Import and export of entries.
Database security.
Offline access.
It is completely free.
Allows automatic generation of secure passwords.
Allows import and export of entries.
Can operate offline.
Allows sorting of entries in groups.
KeePassX is cross-platform compatible.
Auto-type is not supported on Mac.
The interface is not built to support plug-ins.
User-interface is somehow outdated.
Lacks built-in password synchronization.

Passbolt: Best for team-level password management

Based in Luxembourg, Passbolt is one of the open source password managers with a focus on teams and business password management. It distinguishes itself with security measures like end-to-end encryption, user-controlled keys and regular security evaluations by expert testers.

Its team features make it possible for users to organize their passwords and other data in private and shared folders, enhancing data management and collaboration. Passbolt allows for the efficient management of users and groups through its role-based access feature. It supports two-factor authentication and multifactor authentication, adding an extra layer of security.

In terms of compatibility, Passbolt can be used from your browser — Google Chrome, Firefox and Microsoft Edge — as an extension and on mobile phones. This makes it suitable for Mac users, as well as those using Linux, Windows, Android and iOS.

Why we chose Passbolt

We identified Passbolt as the best choice for team password management due to its robust security features and emphasis on collaboration.

Passbolt offers three pricing tiers:

Community: Offers basic features and comes free.
Business: Priced at $49 per 10 users per month. Suitable for businesses with 10–250 members.
Enterprise: For teams with advanced security and compliance requirements. Reach out to Passbolt for a quote.
Single sign-on with Microsoft, Google and OpenID.
Password management and sharing.
Supports native and cloud deployments.
Auditing tools for tracking password usage.
Can be installed from GitHub.
There is a free plan.
User-friendly interface for easy navigation.
Mobile app support for on-the-go access.
Robust community of maintainers.
Single sign-on for fluid login management.
No desktop app.
The free plan lacks key features like SSO and account recovery.

Visit Passbolt

How do I choose the best open source password manager for my business?

Selecting the best open source password manager for your business depends on a variety of factors. Since we are talking about open source password managers, the first consideration should be security and maintainability. All the password managers mentioned above offer robust encryption methods to ensure your data is secure, as well as a rich history of maintenance.

However, different businesses have different needs. For instance, if your business heavily relies on team collaboration, Passbolt stands out with its user management and sharing features. If your business prioritizes a clean and intuitive user interface, Bitwarden and MacPass are worth considering.

Note that the best password manager for your business is the one that fits your specific needs, so, when making a pick, include factors like cost, ease of use, customer support and compatibility with your existing ecosystem. It’s also important to consider the future scalability of the software as your business grows.

Review methodology

In this round-up of the best open source password managers, my evaluation was conducted based on a comprehensive review of their features, usability, security measures and customer reviews. While I had hands-on testing on Bitwarden and Passbolt on my Chrome browser, I watched video demos to understand some of the solutions reviewed. During my testing, I focused on the usability of the interface, feature performance and the setup process.

In addition, I relied on the documentation provided by each vendor to understand the standout feature of each password manager. External reviews and user feedback were also analyzed to gain insights into each product’s pros and cons.

Subscribe to the Cloud Insider Newsletter

This is your go-to resource for the latest news and tips on the following topics and more, XaaS, AWS, Microsoft Azure, DevOps, virtualization, the hybrid cloud, and cloud security. Delivered Mondays and Wednesdays

Top 6 Passwordless Authentication Solutions for 2024
Microsoft: 87% of UK Businesses Are Unprepared for Cyberattacks
8 Best Enterprise Password Managers
Network security policy
Cybersecurity: More must-read coverage

Create a TechRepublic Account

Get the web's best business technology news, tutorials, reviews, trends, and analysis—in your inbox. Let's start with the basics.

* - indicates required fields

Sign in to TechRepublic

Lost your password? Request a new password

Reset Password

Please enter your email adress. You will receive an email message with instructions on how to reset your password.

Check your email for a password reset link. If you didn't receive an email don't forgot to check your spam folder, otherwise contact support .

Welcome. Tell us a little bit about you.

This will help us provide you with customized content.

Want to receive more TechRepublic news?

You're all set.

Thanks for signing up! Keep an eye out for a confirmation email from our team. To ensure any newsletters you subscribed to hit your inbox, make sure to add [email protected] to your contacts list.

COMMENTS

Are Password Managers Safe In 2024?
Password managers—especially cloud and browser-based password managers—are the safest way to back up your passwords. Password manager providers back up your passwords over multiple secure data ...
Safari Password Manager: How to save, view and manage passwords in
On Mac, the Safari password manager is located by choosing Safari on the menu bar at the top left of your Mac. From there, click Settings from the pull-down menu. Next, click on the Passwords ...
How safe is storing Safari passwords in t…
Without this, you can try reading through the file's contents, but you will get garbled information. Passwords are stored in your keychain, which is an encrypted storage platform for secured notes and passwords. These can be managed through Apple's Keychain Access utility in your Applications > Utilities folder.
Password managers: Is it OK to use your browser's built-in ...
To delete the saved passwords from a Mac, go to Safari > Preferences > Passwords. Sign in using your user account password, press Command+A to select every entry in the list, and then click Remove ...
How Safe Are Password Managers?
Password Managers Are Safer Than the Alternative. A password manager stores your passwords in a secure vault, which you can unlock with a single master password---and, optionally, an extra two-factor authentication method to help keep everything extra secure. Password managers let you use strong, unique passwords everywhere.
Are Browser Password Managers Safe?
Today, the use of two-factor authentication (2FA) makes in-browser password managers safer, and reduces the risk of unwanted computer access. With this feature turned on, anyone trying to access your account needs more than just your password to succeed. In terms of additional safety, the browsers in Safari, Chrome, Firefox, and Edge all offer ...
How to Use Apple's New All-In-One Password Manager
Importing and Exporting Passwords. Note that if you have an existing password manager, you can import your passwords to Apple's system. Head back to Passwords in the settings app and hit the three ...
Is it Safe to Use a Password Manager?
Whatever you do, choose a password manager that does not allow for recovery of the master password. "If a malicious actor is able to get ahold of the master password through account recovery ...
How to Use the Password Manager in Safari on iPhone or iPad
Using the Passwords Manager on Safari for iOS. Access the passwords manager by first opening the "Settings" on your iOS device. Scroll to and tap open "Safari" in the left column, then tap open the "Passwords" category. Before you can access your passwords, you will need to verify your identity using Touch ID.
How to Safely Share Passwords Stored in Safari From Your iPhone ...
The process works the same on an iPhone, iPad, or Mac. Go to Settings ( System Settings on a Mac) and select Passwords. In the Share Passwords with Family section, select Get Started ...
How to Manage Your Passwords in Safari
Open the Settings app. 2. Tap Safari then Passwords. 3. Use Touch ID or enter your passcode to continue. Safari will list the passwords it has saved for you: To view saved passwords: 1. Tap on the ...
Can You Trust Firefox, Safari, and Chrome with Your Passwords?
It's so simple that anyone can do it, and it can reveal a browser-saved password in less than a minute: Open a website login where the browser autofills the password field. Open the browser's Inspect Element (or Inspector) tool. In the window that pops up, find and replace "type=password" with "type=text". Hit enter.
The best password managers in 2024
Best on a budget. 5. Bitdefender. Bitdefender Password Manager. $19.99. Visit Site at Bitdefender. The best password manager on a budget. Bitdefender Password Manager is available in individual ...
A Full Guide to Safari Password Manager on Mac
This excellent password manager for Safari allows users to view, add, delete, or save credit cards and contact information on the browser. Meanwhile, you're able to import and export passwords saved on the Safari browser via the Safari password manager. Since you know the basic information about the password manager for Safari, then learning ...
How to view, edit, delete and manage Safari passwords
Safari password list on Mac. To sort the list by website, username, or password, just click the column header. Editing passwords on Mac. To see details for the site, username, and password, select one and click Details or simply double-click it.. Here you can make edits to your saved username or password; however, this will not change those credentials on the actual website.
Apple's password manager is compatible with third-party browsers in
Safari automatically fills out login information, generates passwords when you create a new account and saves your passwords in Apple's password manager. Safari is also a great web browser but ...
Are Password Managers Safe to Use in 2024?
Fact-checked by Ieva Jociūtė. Yes, password managers are safe to use, and that's a fact that not only the vast majority of cybersecurity specialists agree with, but we do as well. After all, a password manager uses advanced encryption to protect your credentials, while without it, your passwords are accessible to anyone.
Why You Shouldn't Use Your Web Browser's Password Manager
Using a password manager is crucial. The biggest risk to your accounts online is password re-use. If you use the same passwords over and over, a breach at one website means your email and password is out there. Attackers will try to use that email and password to log into other sites.
Best Password Managers For Mac
NordPass. Price When Reviewed: From free ($1.99 per month for Premium) Best Prices Today: $0 at NordPass. One of the newest additions to the password manager arena is NordPass, which is made by ...
How to Disable Safari Password Manager in 4 Steps
Click Settings. Click the Autofill icon. Uncheck all settings in Autofill. For Safari users on iOS: Tap Settings. Head to Passwords and Accounts. Tap AutoFill Passwords. Turn off iCloud KeyChain. Pro-tip: Don't forget to delete all cached passwords and auto-fill passwords before using a third-party password manager!
Password security recommendations
Weak, reused, and leaked passwords are either indicated in the list of passwords (macOS) or present in the dedicated Security Recommendations interface (iOS and iPadOS). If the user logs in to a website in Safari using a previously saved password that's very weak or that's been compromised by a data leak, they're shown an alert strongly ...
Is it safe to save passwords in Chrome or Safari
When you save your passwords in a web browser, they are automatically saved to the computer. It makes it convenient for you the next time you want to log in to your accounts. But it comes at the cost of security. It's risky to save passwords in your web browser like Chrome, Safair or Firefox because if someone else has access to your computer ...
Which Is Better: Your Browser's Password Manager or a Standalone ...
Standalone password managers are designed to be used across browsers and devices. For example, you can access 1Password through the service's website in any browser, through a browser extension ...
The 2 Best Password Managers of 2024
In 2024, we tested 11 password managers: 1Password, Bitwarden, Dashlane, Enpass Premium, Keeper, mSecure, NordPass, Proton Pass, RoboForm Premium, Sticky Password, and Zoho Vault. We installed ...
Using Apple's iCloud Passwords Outside Safari
In Arc, it's Extensions > Manage Extensions. Click the Details button next to iCloud Passwords. On the iCloud Password Details screen, click the button next to Extension Options, and in the dialog that opens, deselect Turn Off Chrome AutoFill. That double-negative allows Chrome's AutoFill to operate independently again.
6 Best Open Source Password Managers for Mac in 2024
Best for multiplatform support: Bitwarden. Best for tech-savvy Mac users: gopass. Best for Unix users: QtPass. Best open source offline password manager: KeePassX. Best for team-level password ...
Is iCloud Keychain safe?
An alternative to Apple password manager; Is Apple password manager safe? The iCloud Keychain is secure from outside attack. It uses advanced encryption (new window) to keep your data secure, and Apple is open (new window) about how it encrypts your data and when (though the code itself is not open source, as we'll explain below). As for ...