I made a Comparison Table to find the Best Password Manager

Hey everyone! Recently I started thinking about purchasing a password manager for my family and myself. With all the cyber threats going around recently (did you know that a random, eight-character password can be hacked within eight hours?), I am starting to lose all trust in saving my password anywhere else.

After a brief research, I don’t know why, but I was very surprised about how many different options we have here. And boy, it is hard to choose the one you like from the first sight. Also to know which product is legitimate and which is just the work of an excellent marketing team.

So I took some time over the past few days and did an in-depth research myself (my inner nerd was very happy about it). And thought that I would share it with you as well.

The top criteria I was looking for:

• Privacy features: I looked mainly into 4 different areas (MFA, Biometrics, Data Breach alert, and Encryption) as it was most important for me, and made a separate table for them as well evaluating it by numbers.
• Credit card safety: Another feature I was looking for was saving a credit card. As I shop online quite often, I wanted to have my credit card details on hand and autofill them instantly and still feel safe about it.
• Password health check: I think it is a great feature to see if my passwords are easy to hack as sometimes I am not as creative as I think I am with my passwords. I guess the password generator feature will be helpful in this area too.

Here is the Comparison Table.

As it was done for my own research, let me know if there are other brands that you think I should include. Also feel free to suggest any other criteria for the table. Let’s make this as helpful as it can be for everyone like me who has no idea how to choose the best password manager out here.

***

Table updated on 2024-08-28. Edits made: prices and features of some of the providers updated, new provider added.

It has been brought to the moderators attention a few times from concerned users that this post might be product promotion for NordPass, paid for by NordPass. OP has promoted NordVPN and NordPass with their account, which may have been the motivation for creating the spreadsheet. Whether or not OP is paid for or associated with NordPass is unclear. Curiously missing are LastPass, KeePass and KeePassXC, arguably a few of the most common password managers on the market.

NordPass gets the highest rating based on the scoring towards the bottom of the spreadsheet. But the scores are inaccurate. For example, Bitwarden got a 0 for a lack of data breach reporting, even though data breach reports have been a feature for years.

On top of that, this post has received a steady stream of spam. Almost 20% of the comments are removed due to coming from spam bots promoting VPN products, cryptocurrencies, and other password managers. Many times, the reply is benign, only to get changed to spam some days/weeks/months later. I’m tired of battling it, so the comments are now locked.

We’re keeping this post up in the sub, because we believe it gives value to the community and it compliments the pinned post well. But approach it with a critical eye and skepticism about its integrity.

ProtonPass should probably be added, as it’s the new open source darling in password managers.

Are you only focusing on cloud-based password managers? If not, KeePass and KeePassXC should probably get added to the list.

Adding LastPass to that table after they got 5 breachs in a year is just a joke

This turned out to be a lot longer than I thought it would be when I started. So I want to preface this by saying kudos to you for making this and it is certainly a lot more than I have ever done (and probably better done than I would have). Please take all of the following as constructive criticism and feel free to implement or ignore as you see fit.

A criterion I would add to the privacy score is whether or not the password manager is open-source or closed-source, with points being given for being open-source (personally I consider this a top criterion for security apps). More points should be given if the password manager is regularly audited by independent 3rd parties.

Another criterion I would consider is if the password manager is the only product made by a developer or part of a suite of products they offer (whether or not related to password management and security). The reason is if the password manager is part of a suite then its development must be balanced against the resources and priorities of the other products.

Personally, I wouldn’t factor in Data Breach Alerts as those are easily available elsewhere and more of a convenience than a password manager function (to be fair I’m a little salty as it is dragging down my preferred password manager Bitwarden who is apparently the only one not to offer it). I would reclassify it, along with VPN, file storage, and other not-really password management features (such as Bitwarden’s Send feature or ability to generate TOTP authentication codes) as miscellaneous or bonus features and then I guess quantify how useful you think they are (which is of course totally subjective) or don’t quantify them at all and just let people know they are there.

Something else to look for is if the password manager has backup/export functions. Can backups be generated encrypted and unencrypted? Can it import/export to/from other password managers?

Can you access the password from a web browser (not using an extension)?

Does the password manager have a password generator? If so can it also generate passphrases? Can it generate logins and integrate with services like addy.io to anonymize your email address?

I would also note which password managers support the superior Argon2 key derivative function (KDF) as an alternative to PBKDF2 and give weight to that. Ideally, Argon2 should now be the default KDF when setting up a new account. I would rank this in your privacy score (more on this in a bit).

Password sharing and passkeys are not the same thing. For instance, Bitwarden does support password sharing but currently does not support passkeys (passkeys should hopefully be supported within the next month). I would separate them into two different criteria. Right now I wouldn’t weigh passkeys too highly as it is very new, and not widely supported across the Internet yet (and will probably be a bit before they are if widely supported at all). Mostly I would want to know if the password manager plans to support them if they don’t already.

I would note which browsers they have extensions for - specifically Chrome, Firefox, Edge, and Safari. Since almost every other browser uses one of those engines (most of them being Chromium) it can probably be assumed they will be supported whether listed or not.

I’m a little confused by what you mean by “service is using more than 2 authentication factors”. Do you mean it supports using more than 2 steps during login or has multiple types of 2FA methods? For instance, you gave Bitwarden a 3 even though it supports FIDO2 Webauthn, TOTP (authenticator apps), email, as well as security keys and DUO Security through its premium tier. Meanwhile, you give NordPass a 5 even though it only offers security keys, TOTP, and recovery codes (which technically Bitwarden does as well if you consider that 2FA method). Bitwarden also supports passwordless login with a device (ie a passkey for Bitwarden) which by default is 2FA (although not two-step) login whereas NordPass currently does not (they are working on it).

Continued…

Although it is interesting to see all these features listed on a table, I think that your approach is very much mis-guided and frankly wrong. A password manager is not just yet another piece of software you download. It is a critical part of your life, and security and integrity are not only paramount but they easily tramp bells and whistles that a password manager may offer. It is not different to selecting a bank. Would you select a well-known bank or will you go for a bank that few people know much about but may offers a few more features.

The “winner” in your list is Nordpass, the VPN seller known as Nord VPN. Although I cannot fault them much, VPN companies in general are notoriously dodgy. I would never trust a VPN company as my password manager. Some exceptions to this would be Proton, which has a well established reputation, and even Mollvad if they had a password manager.

As far as I am concerned, the main serious contenders are 1Password (the one I use), Bitwarden, Keepass, and Proton. Lastpass my previous password manager has already shown that they are incompetent and liars (as they never disclosed that some data was not encrypted).

I would generally avoid any password manager that does not have its executive team on its website.

​

EDIT: I replaced Bitlocker with Bitwarden

I’m assuming that you took a while putting this together and I think the online community thanks you tremendously. I think the data you have needs updating but otherwise we are all thankful!

Please extent this list to become like that one guys vpns list
Nice Job

Also inklude self-hosted alternatives and open source stuff like KeePass

u/barnabebro would be great to have not only individual paid, but individual free plans either

For example a free BitWarden plan could be great choice for a first password manager for “grownup” kids

Thank you for putting together the comparison table. After careful consideration, I decided to go with NordPass. I found it to be incredibly user-friendly, and I even managed to get my family on board with it. While I initially hoped to like Bitwarden and avoid any costs, I found it to be quite cumbersome and difficult to use. Although some people may enjoy nerding out on the technical details of a product like Bitwarden, I found its product and information architecture lacking. It would have been challenging to convince my family to adopt a product like that. Nevertheless, for those weighing their options, any of these products are a significant improvement from the practice of password sharing across accounts!

First off this table is great! One question, did you happen to capture which offer Dark Web Monitoring and which do not?

The only extra data that may be nice is a quick tidbit on the limitations of the free version (Ex: one device only, logout when switching devices, etc.)

Very nice, thanks for sharing that! I’ve been doing a lot of the same work, but I tend to write long notes. Your very organized presentation of the details is impressive and helpful.

LastPass is in my top of worst support services. They have no understanding what kind of service password manager should deliver:

1. They answers only at USA daytime (I was lucky?).
2. They answers with link on inapropriate FAQ article.
3. They closed ticket about not worked FaceID recovery with tag SPAM from paid customer (WTF?!).
4. Recovery tools from LastPass - is ugly, buggy software.

Nice job on the sheet!

I haven’t seen anyone else talking about this, so here’s my take. Extra features in a password manager are super important. It’s cool to see NordPass and its email masking feature mentioned in this comparison table. It’s important tool for private freaks like myself. While it’s crucial to have strong passwords, being constantly asked to provide your email, address, or even your SSN (like with AT&T) can undermine your security efforts.

Wow! Outstanding work! If there are password managers that are better for Apple devices, it would be nice to include that as one of the variables to consider. LastPass, along with some of the ones you reviewed, was listed as a password manager to consider in the January / February 2024 issue of AARP Bulletin. Thanks!

FYI. Proton Pass have launched Windows, macOS and Linux apps since you created this.

thank you . very helpful.

Thank you sm this is such an amazing consolidation!

Thank you for your research. I have a lot of experience with password managers and have used LastPass before breaches, 1Password, NordPass, Bitwarden, and many more before. Some of them are really decent options. I can share some analyses too, but I don’t have much time at the moment. Hope to do it one day.