It’s never a good idea to use the same password for every account. But remembering dozens of complex and unique codes for every website and service is a serious headache. Keeping a master list of all your passwords is just asking for trouble, so if you want a safe and convenient way to remember them all, you’ll want to invest in a password management service. And to help you find one you can trust, we’ve rounded up the best password managers of 2023 below.
A weak password is just as easy for criminals to hack as it is for you to remember. Once your password has been compromised, you’re vulnerable to credential stuffing attacks, which can result in many of your online accounts being breached. At that point, you may as well tweet out all of your online login credentials to the world.
A password manager is an online service that provides an encrypted vault where you can store the login credentials for all of your online accounts so you don’t have to remember them. You only need to remember a single master password to access the encrypted vault — from which you can access all of the other passwords you have stored. Password manager services usually offer user-friendly web interfaces, apps or browser extensions where you can access your encrypted vault using your master password.
The best password managers are cross-platform-compatible and can automatically sync your entire vault across all of your devices. This means that once you’ve entered your passwords into the password manager on one device, they’ll automatically show up on all your other devices on which you’ve installed the app — whether you’re using Windows, MacOS, Linux, iOS, Android or a browser extension. Keep in mind that, by their nature, password managers are extremely attractive targets for cybercriminals, so it’s important that you choose one with a track record for security and transparency.
Why you need a password manager
NordPass estimates that the average internet user has between 70 and 80 passwords. It’s virtually impossible to remember each individual complex password that you should be creating for each account, which means you need another mechanism to keep track of them all.
Using a password manager is a far more effective and convenient mechanism for keeping track of your passwords. You can use one to create strong, unique passwords that are exponentially more difficult to hack than something like Fido1986. And if you’re unsure of how to create a strong password, a good password manager will always include a strong password generator feature that will create them for you. A password manager can even help guard against phishing attacks because if the password manager doesn’t recognize the URL on which you’re entering your login credentials (i.e. if you’re on a phishing site), its autofill function won’t offer to fill the credentials.
And password managers have benefits beyond just storing passwords. You can use your password manager to securely store other items including credit card numbers (to autofill in online stores), identification documents, travel documents, medical records, PIN codes, bank account numbers and secure notes. Many of the top password managers also offer additional features like cloud storage and attachments, password health reports, data breach notifications and dark web monitoring (which alerts you if any of your personal information has been detected on the dark web). You can also use your password manager to securely share passwords and other items with family members, friends or other trusted contacts.
Best password managers in 2023
Other password managers I tested
Enpass is unique in that it allows you to store your vault in a location of your choosing. It doesn’t have centralized servers that store your data. You can either store your vault on your devices themselves, or in your own personal cloud storage like Dropbox or iCloud. Unless you’re storing it on your own device, you’ll need to trust the third-party cloud service you’re using just like you’d need to trust any other password manager with your vault. But with your vault stored locally on your device, you can access your vault items while offline or in areas of limited internet access.
Enpass is a great option for anyone who wants complete control over the storage of their password manager vaults and anyone who may be jaded by the way LastPass has failed to secure user vaults. If that’s you, and you don’t mind using an app that’s a bit outdated and clunky but still fully functional, then give Enpass a look. There’s a ton of options for customizations as well, so it’s a solid option for the more techy crowd or anyone who likes to tinker around. Enpass costs $24 per year for individuals or $36 for the first year (then $48 per year) for a family plan that includes six licenses. You can also purchase a lifetime individual plan for $100.
KeePass is completely open source and completely free. It’s a powerful password manager, but geared primarily toward the techie crowd. The interface is outdated and cumbersome to navigate compared to what other password managers offer. KeePass is optimized for use on Windows machines, but unofficial ports for other platforms including MacOS, Linux, Android and iOS are available for download on the site. But if you have a great deal of technical know-how and want a free password manager that’s open source and highly customizable, then KeePass may be an option for you.
Apple iCloud Keychain
Apple’s built-in password manager for Macs and iOS devices is probably already familiar to most Apple users. It’s a secure and convenient password manager solution that’s included with your Apple ID at no additional cost. It includes basic features like storing and autofilling your passwords and other items like credit card numbers and passkeys. And with the release of iOS 17 this fall, Apple will allow you to share passwords and passkeys with trusted contacts. You’ll be able to create sharing groups and choose a set of accounts to share with others, with the option to remove anyone in the group at any time. Still, Apple’s iCloud Keychain lacks the full breadth of options offered by other premium password manager solutions. You can set up iCloud Keychain on a Windows machine as well, but you’ll need to initiate the process from your Apple device. So it’s really only a viable (albeit very basic) password manager solution if you already own an Apple device.
See iCloud Keychain details at Apple
ExpressVPN, CNET’s Editors’ Choice best overall VPN, is getting into the game with a new password management solution called Keys. The password manager is currently in beta and only available to a select number of ExpressVPN users, but will be rolled out more broadly and included with all ExpressVPN accounts at a later date. Though it’s still in beta, Keys is already a feature-rich password manager that’s intuitive and user-friendly. Keys offers many of the features that other top password managers offer, including a customizable password generator, password health reports, 2FA, auto-sync and autofill. Express also just added an authenticator feature to Keys, which can generate six-digit time-based one-time passwords (TOTP) that rotate every 30 seconds. The TOTP feature is only available to select Android users at this time, but will be rolled out universally in the near future, Express said.
Keys will be available as a browser extension on Chrome, Edge, Opera, Brave and Vivaldi, and included on ExpressVPN’s iOS and Android apps. Once Keys is rolled out to all users, it will be an ideal password manager choice for ExpressVPN users. I’m impressed with the service so far, and it’s evident the Express team is working continuously to improve the offering and add new features. But at this point, it doesn’t belong among the top picks because it’s still in beta and not available to all ExpressVPN users yet, let alone to folks who don’t use ExpressVPN. Once it is rolled out broadly to all ExpressVPN users, it would be nice to see Keys also made available to non-users as well, à la NordPass.
What about LastPass?
LastPass is one of the most well-known and popular password managers on the market, with more than 33 million personal users and 100,000 business users, according to the company. However, in light of its lengthy history of security incidents — including the data breach at the end of 2022 in which an “unauthorized party” stole customer account information and sensitive vault data — CNET cannot in good conscience recommend LastPass to our readers.
Even considering that LastPass has completed its investigation into the incident and has prioritized “investments in security, privacy and operational best practices” in the wake of the breach, the password manager remains off CNET’s list at this time. The alarming nature of that latest data breach has severely undermined trust in the company’s security tool for individual consumers and businesses.
That said, CNET will be conducting a thorough re-review of the service in the future, after which we will reevaluate whether LastPass has earned an opportunity to appear on our list of best password managers again. In the meantime, you can turn to any of the password managers featured above.
Password manager FAQ
More computer advice
- Best VPN Services
- Best Identity Monitoring Services
- Best Web Hosting Providers
- Best WordPress Hosting for 2023
- Best Website Builder for 2023: Squarespace, Wix and More Compared
- Best Antivirus Software for 2023
- Best Credit Monitoring Services in 2023
- The Best LastPass Alternative in 2023
- Best Gear for Video Chats From Home: Webcams, Lights, Mics and More
- Best Android VPNs for 2023
- 7 Must-Have Ergonomic Upgrades for Your Home Office
- Best Mac VPN for 2023
- Best Cheap VPN for 2023