Why you need a password manager

A good password manager means that you’ll be able to instantly create and store strong, unique passwords for every service and application login you use.

It’ll encourage you to protect them behind a strong passphrase that only you know, help ensure that they’re backed up somewhere safe, and make it easy to auto-type or auto-fill them when you need them.

If you want to use the safest passwords possible, it’s time to stop auto-saving passwords on your phone or browser, and set aside the post-it notes or old-school password book in your desk drawer. But before you do here are a few things you should look out for when picking a password manager.

Password manager must-haves

• Cross-platform, multi-device access – if you need them,your passwords should be as easy to get at on your phone as on your desktop PC
• Zero-knowledge master password – you should be the only person who has your password; not the company providing password management service
• Independent – not tied to another subscription or service that you may one day no longer need
• Easy import/exporting to other managers – you should be able to stop using the product or service if you need to
• Secure, unique password generation

Password manager nice-to-haves

• Free functionality – even for services with paid tiers, your password manager should remain functional if you can’t pay the bill
• TOTP (time-based one time password) generator
• Choose where to host your password database
• Breach checking
• Emergency access for a chosen contact
• Desktop application for easy use outside the browser
• Support for hardware 2FA such as YubiKey dongles
• Auto-type for paste- and autofill-resistant scenarios
• Password auto-saving
• Browser plugins to enter and save passwords

What’s the best password manager to use?

Still not sure which to get? Thankfully there are plenty of good choices. Below are a summary of some of the top scoring ones we’ve reviewed.

Bitwarden

Bitwarden is one of the best password management services around, with fully functional free tiers for both private individuals and small organisations of up to two people. Unlike LastPass, free users don’t have to choose between desktop browsers or mobile devices, and there are no restrictions on how many passwords you can store for free.

Upgrade to a $10 per year paid subscription, and you get extra features, including additional 2FA options, emergency contacts, encrypted file storage, health checks to see if your accounts have been in any breaches, Bitwarden Authenticator Time-based One-Time Password (TOTP) support, and the ability to host your own Bitwarden server.

KeePass Password Safe

Fully free and open source, KeePass – and specifically its KDBX encrypted password database standard – is a perfect choice for more technical users who want to take charge of their own security and password storage. Unlike almost every rival, you get to choose where you passwords are stored, whether that’s a Google Drive, Dropbox, a USB stick, or your own server.

The official KeePass app is regularly security audited, making it the best implementation for enterprise, but for a more modern interface and better cross-platform support, I’m a fan of KeeWeb (Windows, Linux, macOS, web app) and AuthPass (Windows, Linux, macOS, Android, iOS), all of of which use the same secure database file standard.

There are plenty of other great choices – check out our Best Password Managers list for more recommendations and reviews.

Why not use your browser’s password manager?

Despite efforts at improvement, Google Passwords has extremely minimal security features and poor default behaviours. Firefox is a little better, but depends on you syncing your entire browser across devices.

Microsoft is well on the way to merging genuinely robust password management into Edge with Microsoft Authenticator for Android and iOS. This looks like it’ll be a very solid solution in the future, but it’s not quite there yet, particularly when it comes to cross-browser and desktop password support.

Safari similarly has robust integration with Apple’s iCloud Keychain – do make sure that you’re using this, rather than storing passwords locally. However, cross-platform support is severely limited, so it’s not a good choice for anyone who’s not totally embedded in the Apple ecosystem.

Right now, in-browser password managers still tend to encourage bad habits, like rarely or never requiring you to re-enter a strong master password or using a potentially weak system password as their master password, and often only work on a limited range of platforms.

How to migrate to a password manager

While you can manually enter all your passwords in your new password manager for a fresh start, if you’re been saving them in browser, you’re luck – you can easily export saved passwords from your browser.

Google Android, Chrome and Chromium users can go to https://passwords.google.com/, select the gear icon to open Settings, then then Export Passwords to download them in a plain text CSV file.

To export your passwords from Firefox, open the menu (three horizontal lines at the right of the main toolbar), select Passwords, click the … menu, then select Export Logins…

Edge users should open the … menu, Select Passwords, click the … menu on that page and then select Export passwords.

With your password archive in hand, go to your chosen password manager’s import tools to bulk add them to your collection. Remember to delete your insecure exported file, delete the passwords from your browser or device, and disable its password auto-save feature when you’ve finished.

Check out Kaspersky Password Manager – now just £10.49 per year