The Best Password Managers in 2023

I second the recommendation for Bitwarden.
I switched over from Dashlane and never looked back. They even have a browser extension for mobile Firefox (the browser you should be using anyways) so it's easy and convenient on all my devices.
- +1 for Bitwarden. There were growing pains at the start to move off of iCloud Keychain. Once done and being more proactive with managing passwords it’s so good and trustworthy
  
  Agreed. Bitwarden has been fantastic. I just wish it was easier to swap between accounts on the browser extension. You can do it on desktop and mobile pretty easily.
  
  Is there another way than just going back and forth and manually putting them in?
- Is there a reason to use the mobile extension over the app itself? The app can input into other apps as well
  
  The desktop application runs on Chromium, so that’s something to consider.
  
  I have never even got the mobile extension to work. When I set it up and enter in my email and master password, the Captcha that is supposed go show up is missing entirely. There is just a blank space under the password field where the Captcha is supposed to have appeared.
  
  Don't know honestly - I've never tried the app so I don't have a comparison. Didn't even know they had one.

Been using KeePassXC (and before that, KeePassX) since I abandoned LastPass about a decade ago. The apps integrate with Nextcloud perfectly and at least for me, it's a breeze. I use it for TOTP too, and I second the recommendation of a hardware token for an additional layer of security. There are some USBc options that work on phones (I'm using a pixel 7 pro).
- yup, no need to pay for a password manager. and far more secure.
- I never got YubiKey to work on desktop with it. Key files seem to work good enough and easy to manage.
  
  YubiKey works for me, both on desktop with KeePassXC and on Android with KeePassDX to the same DB
  
  It does require some configuration within yubikey manager. I did not find it straightforward but once set up its really reliable.
  
  While we're on the topic of open source products, may I suggest the SoloKey:
  https://solokeys.com
- I'm curious about using the same store for passwords and TOTP. Technically if someone gets screwed to your database, they have both your factors, yes? But I guess it does thwart someone trying to brute force your password.
  
  Adding a hardware key, like Nitrokey, would be an additional level of safety there. I would not use the database without some kind of additional key (something you know and something you physically have).
  If there's something nefarious that has user access, you've already lost in that regard.
  
  Technically you do lose the second factor, but nowadays 2FA is often mandatory or they force some crap like SMS/email verification onto you. If you are aware of the risk then it isn't a huge deal.
  Though you might want to consider not using it at least for the most important stuff like banking (here you don't even have an option; banks have their own 2FA apps that you have to use) and primary/recovery email.

when lastpass screwed around with it's free tier offering, i switched to bitwarden and haven't felt any reason to use or even try anything else, it's rock solid
- Same. Been very happy. Great iOS integration.
- Exact same boat. It was so easy to migrate from lastpass, I didn't even feel any friction.

+1 for BitWarden.
Plus, it's ridiculously easy to self-host with VaultWarden.

Bitwarden gang

Bitwarden - does everything, and is free. You can even setup a shared vault so 2 people can have access to shared stuff like online shopping and streaming sites. Takes a bit of admin work but it is not hard.
- Sadly that second but requires the other person to care enough to make an account and not just text you when they need the password 😂
  
  Just send a photograph of your screen showing the requested password of 25 random characters so they have to type it out. Guaranteed their next question will be where they sign up for an account.

Bitwarden, Been using it since 2021

I’ve settled in with Keep Ass myself.
- I too like to keep my pet Donkey to myself. I love it. 🙂
  Also KeePassXC -- KeePassDX + Nextcloud + (encrypted container dropbox backup)
  
  Why the need to encrypt on Dropbox? Shouldn’t KeePass be secured enough by itself?

Proton Pass pisses me off. Proton is such a money grubbing company that takes FOREVER to release stuff.
I pay $120 per year for ProtonMail, and they want me to pay $180 to unlock the full Proton Pass. $60 per year, for something that BitWarden does for only $12 per year.
Not to mention you'll be waiting years for apps to come out. They're such a fragmented company. The Android remake is already so far past the estimated release date it's sad. Proton Drive Windows app finally came out, but fuck Mac and Linux users, I guess.
BitWarden is available for Windows, Linux, Mac, 9 browsers, iOS, Android, and CLI. - Premium is $1/month.
ProtonPass is available for iOS, Android, and 4 browsers. - Premium is $5/month.
Can't wait for Proton to release a few more half baked services with outdated apps and a promise to update them in a year, but then 3 years later there's still radio silence. Perhaps use your paid services money for developing in a timely manner? Holy shit.
- It's actually 10$ a year.
  
  Not where I am from.
- 100% They attack so many fronts in the worst way possible.
  
  Also why would someone who want enhanced privacy put all their eggs in the basket by trapping themself in Proton's ecosystem. Compartmentalize is important, and it ends up being cheaper too. Proton's pricing is cutthroat.
- I'm using proton mail for free, paying like $12 a year for proton pass.
  
  How?
- Can't say I share your sentiment. I've been quite happy with their rate of progress over the years and the applications they offer. I've been using them since they only offered mail and haven't ever had any issues. I'd rather them take their time to do things right then try to release new things at a frantic pass. While they might not have all the bells and whistles, for the average user I think they provide more than enough value.
  Also, your pricing is just completely wrong and off base. Pass by itself is $5/month ONLY if you pay per month. If you pay for 1 year worth it's $4 a month and $3 month if you pay for 2 years. And that's only if you for some reason only want to pay for proton pass.
  Likewise, if you're paying $120 year for protonmail then you're most likely on the proton unlimited bundle for $10 per month paying for 1 years worth at a time. In that case you already have access to proton pass (and in fact all of their proton apps and premium features), so I'm not sure why you think you need to pay again for proton pass.
  While I agree the proton pass pricing (even at 2 years) is high compared to similar companies, getting the proton unlimited subscription OTOH is (IMO) great value for money: the mail, password, & vpn are all great. The drive seems pretty good and useful but isn't something I normally use anyways, and the calendar is the weakest of their offerings (and also something I normally don't use anyways).
  edit: I should also note, you don't have to pay for any of their services. You could get by just using the free versions of everything if you didn't need the extra bells and whistles offered for paying customers.
  
  Can’t say I share your sentiment. I’ve been quite happy with their rate of progress over the years and the applications they offer. I’ve been using them since they only offered mail and haven’t ever had any issues. I’d rather them take their time to do things right then try to release new things at a frantic pass. While they might not have all the bells and whistles, for the average user I think they provide more than enough value.
  They redesigned their Android app and missed the promised deadline TWICE and took 2 YEARS to release it. Now they're working on the Android remake, to add threaded view, to finally catch up to year 2023. Already missed the deadline once.
  Also, your pricing is just completely wrong and off base. Pass by itself is $5/month ONLY if you pay per month. If you pay for 1 year worth it’s $4 a month and $3 month if you pay for 2 years. And that’s only if you for some reason only want to pay for proton pass.
  It's $5 when I add it onto my Mail Plus for 12 months. Not sure what country you're from, but it's $5 in my country.
  Likewise, if you’re paying $120 year for protonmail then you’re most likely on the proton unlimited bundle for $10 per month paying for 1 years worth at a time. In that case you already have access to proton pass (and in fact all of their proton apps and premium features), so I’m not sure why you think you need to pay again for proton pass.
  Again, I am on Proton Plus. The second highest tier. The next tier is Proton Business, and it doesn't go higher than that. I need more than 3 measely custom domains, so instead of ProtonMail offering the ability to pay for just more custom domains, they nickel and dime you and force you to pay for the business account. Like I said in my initial comment, they are money grubbing.
  edit: I should also note, you don’t have to pay for any of their services. You could get by just using the free versions of everything if you didn’t need the extra bells and whistles offered for paying customers.
  Except the features BitWarden hides behind a $1/month subscription, Proton locks behind a $5/month subscription. So unless I want to switch from BitWarden to ProtonPass and LOSE features, then yes, I do.
- I agree with the fragmented part. Even their apps have different unlock interfaces, like they're each made by a different company
- Not the point.
  Paying for something is great. Not allowing paying customers to add a simple service without having to upgrade to the next tier, forcing them to buy shit they don't want, is scummy.

- I'm happily using YubiKey, wish everyone implemented U2F
- I'm in the exact same boat with these 3. couldn't be happier
  
  Yep, me too. Unbelievable that it was LastPass, Authy and Gmail a few years ago. What a shift for me :-).

Wow, so 1Password is not recommended anymore? How come? I’ve been using them for years.
- Possibly because it is not open source and doesn't have anything to offer that the other recommendations do not.
  
  Ya I think so. These are always tech articles and Foss software is always a big feature.
  But 1password has on going audits and a sane ui and mobile apps that pass the boomer-parent test. Canadian company too which is nice given the US centric tech world.
  
  Fastmail integration for masked emails! If you already have an email provider you like then yeah not much to offer. But if you're like me a few years ago and was looking to get off of chromes password manager and gmail, then 1password and fastmail is a nice combo.
- It's in their honorable mentions.
  Have no source available clients is the author's main nit pick.
  
  Which personally I think does a disservice to their readers. If their article ends up high in search results for “best password manager 2023” for whatever reason, most people aren’t going to care if there’s a source available client or not.
  Dash lane and 1Password might not have source available clients but they likely have better UI/UX than these more open source alternatives that are made for people with technical expertise.
- Former 1password user, current Bitwarden user. Jumped ship when 1password dicked local vaults. Never been happier.
  And it’s a FUCKLOAD cheaper. 1password is very overpriced.
  
  Bitwarden is practically free. You can pay for some extra features but all the core features and unlimited passwords storage works. Nobody should pay for a password manager.
- Same. We’ve been using it for about a decade I think. One vault for my wife and I to share. Hosted on their end in case all our self hosted stuff takes a crap our passwords are still available. Been considering looking at bitwarden but haven’t had the time.
- I've been thinking about trying it.. I like Windows Hello integration which seems to easily break in Bitwarden
  
  I can personally recommend 1Password, the Windows Hello integration works really well. Asks for your PIN code to unlock (or your master password after a reboot). If you put your computer to sleep rather than turn it off overnight, you won’t need the full master password.
  Also, if you’re so inclined, 1P has an excellent CLI tool you can use for accessing vaults programmatically. I use this for auto filling TOTP codes for my Final Fantasy XIV login.
- I love 1Password. Works well.

I use KeePass and keep it synced with self hosting Nextcloud. I get the appeal of bitwarden, but I'm really trying to get off other people's computers.
- You can host Bitwarden. It's open source. I do it myself.
  
  Now the open source version is called vaultwarden
  
  Now the open source version is called vaultwarden
- Bitwarden with the self hosted vaultwarden server then, that way you get the nice bitwarden experience, apps, browser plugins, but all hosted on your own hardware. I run my vaultwarden server on my synology.
- Vaultwarden can be easily hosted for free
- Syncthing is another good cloud-free option.
- KeePass for me for the same reason.

Bitwarden. Tried Proton Pass but ultimately stuck with Bitwarden.
It has been my password manager of choice for quite some time and I didn't see any reason to change.

pass

Self-hosted bit warden works like a charm plus you get to learn reverse proxies if you use docker on a Nas, it's pretty fun, would recommend
- OK, I understand some of those words. I have a nas and I want to self host with docker. I have read a little but its confusing. Do you have any links that explain the whole process? Especially the reverse proxy and making your containers available outside your lan? Thanks
  
  There are many tutorials on YouTube. I recommend SpaceinvaderOne's tutorials. Very in-depth and easy to follow.
  
  It definitely is confusing, and I didn't full grasp it when I did it 😅
  The installation process will vary depending on your OS. I have a synology, so I followed this walkthrough and some youtube videos as well: https://mariushosting.com/how-to-install-bitwarden-on-your-synology-nas/ but QNAP, FreeNas, etc will have their own install process. They should be pretty similiar, though, if you use docker.

GNU Pass, has been the best one so far. Set up your own git to sync it to all devices.
- Yes, used it for a long time. But moved to keepassxc for easier android and Windows compatibility
- Is pass really part of GNU?
  
  Pardon me, pass uses GNU PGP. I got that mixed up!

15 years ago the common logic was the most likely way for a password to get stolen is by writing it down and leaving it in an accessible spot, and somebody stealing the password there.
I don't think that logic holds anymore, and with the LastPass breach I think that's proof you want to step away from the cloud not towards it. Imo the most secure way to store passwords is to generate multiple random codes, use a portion of each and then just write those down.
- 15 years ago you had to worry about the people around you. Now you have billions of bots trying to force shit all the time.
- You can also use a password manager that's not connected to a cloud. Or an encrypted usb stick. The problem with writing it on paper is, that people tend to use too short passwords or repeated passphrases. Using a really long master key and a key file with an encrypted database is safer than a cloud.
  
  Usb sticks corrupts damn easily. Even faster carrying them around. Learnt that the hard way.
  Or does anyone know about an usb stick that is practically immortal, that they can recommend?

I made a hardware-based password manager that I keep on me with the 3-2-1 rule. (One on me, one at home, one in a remote location) It's barely-secure, but the data is not accessible except when I'm updating it. It's similar to the mooltipass but all the passwords are stored on eeprom.
Could the eeprom be hacked by someone and all my passwords probably read in cleartext? Yeah. How many fucking people actually know how to do that though? Virtually none.
Honestly, I'd love to just simply be able to afford a mooltipass though. :(
This is what I based my personal one on: https://www.instructables.com/PasswordPump-Passwords-Manager/
And I usually generate the passwords with an online tool so that I'm never using the same password twice.
- Why not keepass and its editors and just keep the vault file on a flash drive?
  
  Exactly. Plus, if you're a windows user, you can keep the portable version of KeePass on the drive as well.
  
  Not OP but this is exactly what I do and it works great
- That's a lot of trouble to go into to have questionable security. Though it's admittedly really cool.
  I guess this is only great if you have to use potentially compromised computers often, so you are risking leaking at most a single password at a time, but still...
  Unlike a proper password manager this still has issues though; for one, saving in cleartext is just bad, reading EEPROMs is trivial, and (perhaps more importantly) unlike a normal password manager this doesn't protect you against inputting data on a wrong (phished) domain.

While I find a discussion about password managers great, I found the article to be underwhelming.

LastPass did not make the list, I am shocked, shocked, well ok not that shocked.
- How are you shocked? LastPass is trash
  
  Yeeeerp. Oh boy, a password manager with a recent data breach!

have being using Enpass for a long time, it’s really good, you can choose any cloud provider or host your vault yourself, subscription based payment or one time only
- I am also using Enpass since a decade or so and never had the urge to switch to another provider. Everything works, you got all the features (TOTP, pawned password auto-checks, native apps and autofill, storage of other things than passwords; …) and pricing is still very reasonable.
  It can be fully used offline too (with WiFi sync) or with any local storage or online cloud option.
  I bought it one time back then but still pay the small subscription fee since I don’t want Enpass to go away.
  
  Many of these tools share practically the same set of features, so I like Enpass's ability to store files (i.e. certificates) and any kind of key/value pairs even more.

Your homegrown script opening a gpg encrypted file in runtimedir in a text editor.

- Depends on how it's implemented. IMHO the best ones are password managers external to the browser but with a plugin which detects the domain name. The risk with autofill is stuff like spoofing and malicious iframes, a secure plugin can detect that and refuse to autofill.
  Alternatively, just set it to always ask when it detects a login form.
  
  Most browser autofills already work off the domain name? Unless you're saying there's plugins that work off of security certs instead?
  
  That is, in fact, more secure than having to copy the login manually.
- Isn’t that, like, the whole point of a password manager?
  
  automatic auto fill is where your u/p is filled when you load the page with no interaction required
  requiring an interaction to fill the u/p means you expect there to be a login box to fill, which can mitigate certain kinds of compromise
  
  I would guess so, although the real purpose is likely to keep your passwords somewhere so that you can find them when you need them. I'm not sure why autofill is bad since your password manager generally already knows which password works on which website.

Also worth reading https://www.privacyguides.org/en/passwords/

I use KeepassXC for years, but lately I'm having problems connecting it. I use it only offline and the Firefox plugin doesn't work very well. It has many options, too many in my opinion. I don't like having my passwords in a company's cloud. The selfhosting is the solution, but i dont have to know

They forgot to include the best one: 1Password
- yeah… you can’t publish a “the best” list like this that doesn’t include the most popular/well-know options without at least writing a little bit about why not those alternatives
  to me, it feels a little less like a “the best” and more a “the best that happens to be developed in a reasonable OSS-friendly fashion”

Personally I'm using Dashlane, I'm pretty comfortable with it and as far as I know there have been no breaches in security
- Dashlane is fantastic. I was a bit hesitant about the price, but it's so much sleeker and functional than everything else I've tried.

I use ironvest, it's had two name changes now, was originally maskme and then blur. I'm sure I found it originally because of an article but I've never seen it mentioned since but for free it's done me well over the years.

Bitwarden, been using it for 3yrs

I've been using gopass+Yubikey for years, with gopass syncing to a remote git repository. Works great on my phone too with Open Keychain+Password Store. I'm really happy with it, but do realize it doesn't fit into most people's workflow.
Put my wife on bitwarden though, and she's pleased with it. At some point I'll migrate her over to a self-hosted variant with Vaultwarden, but that's mostly because I prefer to have services in-house, not because either of us are dissatisfied with BW.

Quick question - any issue with just saving passwords on Firefox? I use FF across all my devices and the sync between them without the need of an extra app is super convenient.
Or am I just being naive?
- On Desktop you should set a Primary Password , then it is very secure.
  https://support.mozilla.org/kb/use-primary-password-protect-stored-logins-and-pas
  
  Hope they're encrypted/hashed at least