Best free password managers 2023: Online security doesn’t have to cost a thing
Let’s just start by saying that you should definitely be using a password manager. Data breaches are happening more frequently, and that flood of stolen info has made cracking passwords even easier. And it’s not just the “password12345” variety that is at risk—passwords that use variations on a single password or substituting numbers for letters are also vulnerable. Even if you’re using unique, random passwords, storing them in a document or spreadsheet is not truly keeping them safe and secure.
While paid password managers offer nice extras, a free password manager still protects you from the risks of using weak passwords (or worse, using the same one everywhere). Instead of remembering all of your passwords, you just have to remember one password to access a single, secure place where all of the rest are stored.
And because free password managers come in different flavors and styles, you should be able to find one that fits your needs. Even Google’s password manager, built into Chrome and Android, can soon double as a no-cost option after receiving some killer upgrades recently. Plus, if you find that the free versions aren’t enough, down the road you can always upgrade to a paid service as your needs grow.
Remove your personal data from the web
Incogni scrubs your personal data from the internet. Data brokers profit from your sensitive info—phone number, DOB, SSN—selling it to the highest bidder. And who’s buying it? Best case: companies target you with ads. Worst case: scammers and identity thieves.
Not sure what features you’ll need? Generally, you want a service that offers password generation, autoform filling, two-factor authentication, and the ability to move between different devices -and- device types. For more info, you can read our explanation of what you need to know about password managers.
Bitwarden – Best free password manager for most people
Free plan offers unlimited vault entries and device syncing
Paid plan is 70% cheaper (or more!) than rival services
Supports two-factor authentication
Send feature allows you to securely share notes and files with others
Has occasional trouble capturing and filling credentials on websites
Requires more manual setup than many paid password managers
Like several other services, Bitwarden offers a free tier and a paid tier—but its free tier packs in so many features that most individuals won’t need more. You can access the service across an unlimited amount of devices and a multitude of device types, enable basic TOTP two-factor authentication, and fill your vault with as many passwords as you’d like. The free personal plan also allows privacy-minded users to avoid the company’s cloud hosting and instead self-host. And in recent months, Bitwarden has added security features that let you generate random user names and email aliases (via integration with email masking services) in addition to random passwords.
Rivals dole out far less to their free users, and it’s particularly rare for them to grant unrestricted movement between multiple device types. (LastPass and Dashlane begin charging as soon as you want to leave the confines of a single device.) Most competitors are also not open-source like Bitwarden, which prevents their communities from being able to hunt for hidden backdoors or security holes.
The free personal plan even now includes real-time password sharing with one other account—perfect for couples or people otherwise closely linked. This feature allows unlimited password sharing between the two users, thus allowing both individuals to safely access current passwords for shared accounts.
Bitwarden’s other advantage is that should your needs expand down the road, the transition to a paid plan won’t cost much. A premium personal plan is just $10 per year (compared to $36-plus per year for rivals), and a family plan is $40 per year for up to six users (compared to $48-plus per year for rivals). And moving up to a paid tier does come with concrete benefits: support for more sophisticated forms of two-factor authentication, evaluations of your passwords’ health (e.g., strength, public exposure, etc.), encrypted file storage, and emergency access for trusted individuals.
Finally, if you decide to move elsewhere one day, Bitwarden allows you to export your passwords—with the option to do so as an encrypted file. But with such a generous and thorough set of features, you’ll likely not want to go elsewhere.
KeePass may not look like much, as our review points out, but under the hood this desktop-application-based password manager has all the features the privacy- and security-minded could want, provided you don’t mind rolling up your sleeves a bit.
You return full control over who accesses your password vault—the program and its encrypted database file(s) are stored locally on your computer by default, unlike a cloud service, where you have to trust that servers are set up correctly and that the employees are trustworthy. Moreover, you don’t even have to install it on your system, but can run it via a portable .exe application kept on a USB stick.
KeePass is also an open-source program, which means that the community can always vet it for any hidden backdoors or just plain old security-crippling bugs. And you can enable two-factor authentication through the use of key files (which augments your master password), plus lock the database file to the Windows account that created it, too.
You’re not restricted to a Windows desktop system, either—because the program is open source, you can find community-created ports of KeePass for MacOS, Linux, Android, and iOS, as well as a boatload of plugins that let you customize it to your taste. With plugins, you can re-create most of the features you’d find in paid cloud-based services, like checking to see if any of your passwords have been found as part of a data dump.
You can also get creative with how you store your database file—for remote access, you can put it on a home server, or if you’re comfortable, a cloud service of your own choosing. (Perhaps you’re more comfortable with how Google safeguards its accounts than a dedicated password manager service, for example.) And should you ever decide to hang up your hat as a DIY password manager administrator, KeePass allows for easy exports of your passwords.
So an online password manager makes you nervous. Or you instead prefer to have 100 percent control over your passwords. You could use KeePass, but that program can be…a little intense.
A great middle ground is KeePassXC, a streamlined alternative of the official KeePass app. It boasts a more modern interface, and is much more newbie-friendly. It also has a few features you’d expect from an online manager, like a browser extension.
Despite its simplified interface, you’ll still find many of KeePass’s best attributes in KeePassXC. It’s equally open source and free, for starters. Its file format is also the same as KeePass (and generally visa versa), so switching between the two programs is easy. You can download it for Windows, Linux, or macOS as well. And the app stores its encrypted database files on your device by default, so you have full control over your passwords. You can keep them offline, or upload to the cloud if you wish.
Using KeePassXC is a cinch. It’s hard to get overwhelmed by it—you can only create one type of entry in a database: Just logins, and you only get five fields to fill out within each entry. Set up of two-factor TOTP tokens, attaching files, and adding custom text fields is also supported, but that’s it. And unlike the official KeePass app, KeePassXC doesn’t support plugins.
You will still need to apply a little elbow grease to get the most of this app—for example, password sharing isn’t enabled out of the box. But good documentation makes light work of configuring the app. Generally, with KeePassXC, what you see is what you get, and that’s exactly the appeal of this offline password manager. Even leaving it (by exporting all your passwords) is an easily found option in the menu.
Password managers within mobile operating systems and major browsers have come a long way. Just a few years ago, we wouldn’t have advised using them at all, but now they’ve shored up their security and features to become a viable (though basic) option.
But basic isn’t bad—when it comes to password managers, the best service is the one that you’ll use. For some people, using a dedicated password manager can be too much to keep track of. In those cases, leaning on Google, Apple, or even Firefox can help upgrade your password security with little extra effort necessary. Their built-in password management tools can do the heavy lifting of creating and remembering unique random passwords across the web, and you won’t need to switch to a different app to make it work.
Of course, you will lock yourself into those ecosystems by doing so, but if you live your whole life within those waters already, you won’t be bothered by that fact. Google probably will appeal to most people, as Chrome is ubiquitous, but those who worry about data privacy can instead turn to Firefox and its pledge to not sell your data. Apple also shares Firefox’s commitment to privacy, but it’s the hardest platform to leave, as the company doesn’t provide an easy method to export passwords. We advise choosing Google or Firefox for the widest reach across devices, and Apple if you own both MacOS and iOS devices (and don’t plan to leave). Microsoft’s password manager in Edge can also be worth a look for people deeply enmeshed in the Windows ecosystem.
The one primary downside to using your Google, Apple, or Firefox account to store passwords is that they’re not as tightly safeguarded as with a third-party service. Even if you secure your account with two-factor authentication (and you absolutely should if you’re storing passwords in it!), Google, Apple, or Firefox tend to be more lax about accessing passwords from a device that’s logged in. Often they don’t ask for reauthentication to use a stored password, unlike most dedicated password managers—and that can be a security hazard on a shared device.
Free vs. paid password managers
Why bother with a paid password manager if you can use a free one? Paid services provide premium features that enable more control over your passwords and how you secure them. For example, you’ll often gain access to password sharing (handy if your household members all need to know the Netflix password), support for YubiKey and other more “advanced” forms of 2FA authenticators, and alerts that tell you if your password turned up in a data dump. Some paid services even have a signature feature that makes them stand out from competitors—for example, 1Password has a “travel vault” feature that hides some passwords when you’re traveling, as an extra security measure when you might encounter aggressive airport screening or simply lose access to your devices due to theft or lost baggage.