You need a password manager. Data breaches are now a regular occurrence and that flow of stolen information has made password cracking even easier. Not only the ‘password12345’ variant is at risk, but also all variants that use strategies such as variations on a single password or replacing letters with numbers. Even if you use unique, random passwords, storing them in a document or spreadsheet leaves you vulnerable to prying eyes.
While paid password managers offer nice perks, a free password manager still protects you from the risks of using weak passwords (or worse, using the same one everywhere). You only need to remember one password to access a single, safe place where all your other passwords are stored.
And because free password managers come in a variety of flavors and styles, you should be able to find one that fits your lifestyle. Even Google’s password manager, built into Chrome and Android, may soon double as a free option after receiving some great upgrades over the summer months. Along the way, you can always upgrade to a paid service as your needs grow.
Not sure what features you need? In general, you want a service that allows password generation, form autofill, two-factor authentication, and device switching. -and- device type. For more info, read our explanation of what you need to know about password managers†
Best Free Password Manager for Most People: Bitwarden
computer world
- Website: https://bitwarden.com/
- devices: Windows, MacOS, Linux, Android, iOS, browser extensions, web, command line
- open source: Yes
- Two-factor authentication (2FA): Yes
Like several other services, Bitwarden offers a free tier and a paid tier, but the free tier packages contain so many features that most people don’t need anymore. You can access the service on an unlimited number of devices and a wide range of device types, enable easy two-step TOTP authentication and fill your vault with as many passwords as you want. The free personal plan also allows privacy-conscious users to avoid the company’s cloud hosting and host themselves instead.
Rivals spend a lot less on their free users, and it’s extremely rare that they allow unrestricted movement between multiple device types. (LastPass and Dashlane start charging as soon as you reach the limits of a only device.) Most competitors are also not open-source like Bitwarden, so their communities can’t hunt for hidden loopholes or security holes.
The only thing that the free personal subscription not offer is real-time password sharing, but you can get around that in part by signing up for a free two-person org plan instead. It allows unrestricted sharing of passwords between the two users, allowing both individuals to securely access the current passwords for shared accounts. However, the downside is that this free business plan doesn’t allow self-hosting.
Bitwarden’s generous array of features for its free service makes it our top pick. Choose the free 2-person organization plan to enable password sharing with one other account.
computer world
The other advantage of Bitwarden is that if your needs expand later on, switching to a paid plan won’t cost much. A personal premium subscription costs just $10 per year (compared to $36+ per year for rivals), and a family plan is $40 per year for up to six users (compared to $48+ per year for rivals). And moving to a paid tier brings tangible benefits: support for more advanced forms of two-factor authentication, assessments of your passwords’ health (e.g., strength, disclosure, etc.), encrypted file storage, and emergency access for trusted individuals.
Finally, if one day you decide to go elsewhere, Bitwarden allows you to export your passwords, with the option to do so as an encrypted file. But with such a generous and thorough set of features, you probably won’t want to go anywhere else.
Best Free Password Manager for DIYers: KeePass
computer world
- Website: https://keepass.info/
- devices: Windows (official), MacOS (unofficial ports), Linux (unofficial ports), Android/iOS (unofficial ports)
- open source: Yes
- Two-factor authentication (2FA): Yes
KeePass may not seem like much, but under the hood, this desktop application-based password manager has all the features you could want, especially if you’re privacy and security conscious.
Because the program and its encrypted database file(s) are stored locally on your computer by default, you retain full control over who can access it, unlike a cloud service, where you have to trust that the servers are set up correctly and that the employees are reliable. Plus, you don’t even need to install it on your system, but you can run it through a portable .exe application kept on a USB stick.
KeePass is also an open-source program, meaning the community can always check it for hidden backdoors or just plain old security-crippling bugs. And you can enable two-factor authentication using key files (which complement your master password), plus locking the database file to the Windows account that created it.
KeePass’ numerous plugins let you access much of the premium features you’d get with a paid service, as long as you’re willing to put in some elbow grease. This is only part of the full list!
computer world
You’re not just locked into a Windows desktop system either – because the program is open source, you can find community-created ports of KeePass for macOS, Linux, Android, and iOS, as well as a boatload of plugins that let you customize it to your taste. Plugins allow you to recreate most of the features found in paid cloud services, such as checking if one of your passwords was found as part of a data dump.
You can also be creative with how you store your database file: for remote access, you can place it on a home server, or, if you’re comfortable with that, a cloud service of your choice. (You may be more comfortable with how Google secures its accounts than, say, a dedicated password management service.) And should you ever decide to don your hat as a DIY password manager, KeePass makes it easy to export your passwords.
Best Free Password Manager for Simplicity: Google, Apple or Firefox
Password managers within mobile operating systems and major browsers have come a long way. Just a few years ago, we wouldn’t have advised using them at all, but now they’ve beefed up their security and features to become a viable (though simple) option.
But basic isn’t bad – when it comes to password managers, the best service is the one you’ll be using. For some people, using a dedicated password manager can be too much to keep track of. In those cases, leaning on Google, Apple, or even Firefox can help you upgrade your password protection with little extra effort. Their built-in password manager tools can do the heavy lifting of creating and remembering uniquely random passwords on the web, and you don’t need to switch to another app for it to work.
If you’re going to choose a browser-based password manager, Firefox is one of the best options of the bunch.
Of course you lock yourself up in those ecosystems, but if you’ve been living in those waters your whole life, you won’t be bothered by that. Google will probably appeal to most people as Chrome is ubiquitous, but those concerned about data privacy can turn to Firefox and its promise not to sell your data instead. Apple also shares Firefox’s commitment to privacy, but it’s the hardest platform to leave because the company doesn’t offer an easy method to export passwords. We recommend choosing Google or Firefox for the widest reach on all devices, and Apple if you have both macOS and iOS devices (and don’t plan to leave). Microsoft’s password manager in Edge may also be worth checking out for those deeply entangled in the Windows ecosystem.
Stick to Apple and iCloud Keychain? Follow these tips how to set it up and make the most of it†
The only primary downside to using your Google, Apple, or Firefox account to store passwords is that they aren’t as secure as a third-party service. Even if you protect your account with two-factor authentication (and you absolutely should if you store passwords in it!), Google, Apple, or Firefox are generally more lax about accessing passwords from a device running is logged in. don’t ask for re-authentication to use a saved password, unlike most dedicated password managers – and that can pose a security risk on a shared device.
Free vs Paid Password Managers
Why bother with a paid password manager when you can use one for free? Paid services offer premium features that give you more control over your passwords and how you keep them secure. For example, you often get password sharing access (useful if your family members all need to know the Netflix password), support for YubiKey and other more “advanced” forms of 2FA authenticators, and alerts telling you if your password has been changed to one. data dump. Some paid services even have a signature feature that sets them apart from competitors. For example, 1Password has a “travel safe” feature that hides some passwords when you travel, as an extra security measure when you do aggressive airport screening or simply lose access to your devices due to theft or lost luggage.
If you need this kind of feature, check out our list of the best paid password managers to see which ones offer the best bang for your buck.