Best Password Manager Free & Paid (Why Is It Worth Paying for)

Hi Guys!
I'm pretty good at making sure my important accounts have unique passwords and try to change them at regular intervals however I had a recent scare when my main email has someone attempt to log-in with the correct password and also had an attempt to port my phone number on the same night (so glad I recently changed from pre-paid to contract) so I'm looking into using a password manager to completely randomise all my passwords, I'm wondering which ones ppl use and what you like about them? Are they easy to use on different devices (Android, PC, iOS) & if you decided to use a paid version what was your reasoning.
It's only for my personal use but as someone who's switched almost everything to online over the past years the thought of what they could've done with control of my main email and phone over the weekend terrifies me.
Thanks everyone :)

Comments

  • +22 votes

    LastPass….
    Bitwarden….

    By the way anyone has succeeded exporting data from LastPass vault and importing it to bitwarden? It says format wrong something like that.. I wanted to migrate to bitwarden…

  • Bitwarden comes pretty highly ragarded iirc.

  • Top Password Managers 2020 & Password "Vaults" or storage options

    Password managers are easy to use and are cross compatible for different platforms.

    Enable Two-Factor Authentication (2FA).

  • What do people do when they lose access to the passphrase apps?

    It's easier to memorise passphrases just in case they are needed in an emergency and can't use the apps. Formulate a sequence of characters and one can easily remember 30 to 40 different passphrases.

    • Password mangers work offline and any changes made won't be saved until your online again. Some websites let you print out multiple 1 time backup codes.

      • So the apps store all the passwords on the device as well as in the cloud? If the site goes down you can still use it in the interim, is that right?

        • Yeah passwords are stored locally on the device. Cloud syncing can be on or off depending on which password manager you choose.

        • Just like Keychain on your iPhone, passwords are accessible even in airplay mode, but will sync between all devices when it is online.

    • What do people do when they lose access to the passphrase apps?

      I had concerns about that before I started using a password locker, but then I realised any account that I desperately needed access to and couldn't/didn't have access to the locker (for whatever reason), I could just reset the password.

      Formulate a sequence of characters and one can easily remember 30 to 40 different passphrases.

      What about people like Scotty with around 300 passwords? Hell, I've got over 200 passwords in my locker.

      And don't say reuse passwords, or even similar passphrases. That's a bad idea.

  • Thanks for replies guys! I've been recommended LastPass my a few ppl I know but was interested to hear others experiences.

    Oh crap. I didn't think of that, had there been issues in the past where they've gone down for any significant time? Losing access to banking, email ECT ECT could be a big issue if it went down. Maybe use this for all your various random shopping sites ECT ECT & just use a very strong passphrase for primary email, banking ECT I guess you could print it and laminate it then hide it somewhere for emergencies lol

    • I still like to remember my email and banking password. In saying that the last time I used them was 5+ years ago.

      • Haha it's so true, I'm so used to using my fingerprint/pin to access banking these days when a phone update means I need to re-enter my passphrase it can be a struggle sometimes. I'm sure they'll figure out a way to extract DNA from our breath soon enough and passwords/pins even fingerprints will be so 2020 lol

        • If you want to you can use your fingerprint or face recognition to unlock the password manager. Every now and then it will ask for the master password again.

          Use a 2FA app as the primary method instead of SMS codes when the website allows you to. Put the SMS codes as a secondary backup. Some password managers can also generate 2FA codes. There are standalone 2FA apps called Microsoft Authenticator and Authy.

          Physical Yubikeys can be used too.

          You can use auto-fill or copy and paste to enter the password.

          You can login to your password manager vault on the web. In those situations it's recommended to use a 1 time backup code and not to use your master password on someone else's device.

  • Really depends on how you use your passwords and how you want to secure them.

    KeePass - free/open source but you need to manage backups/storage. You can get it working with apps on your phone (some free/some paid)
    LastPass1Password/Dashlane/Bitwarden - free (but limited features) and paid plans. They store your passwords, they have apps for phones/extensions for browsers
    Bitwarden (self hosted) - free. Your servers stores your passwords, they have apps for phones/extensions for browsers

    I personally l think the choice is more about how techy you are and how much control you want over where your data is stored. What I'd recommend for a tech is very different to what I'd recommend to my grandmother!

    Personally I like KeePass - but that suits my style of working…

    And yes, totally agree with using 2FA/MFA on every account you can, especially your primary email account. Its the gateway to so many other accounts. I suggest the app "Authy" (for TOTP MFA) as a cross between usability and recoverability and security.

    • Yes I use 2fa on most important stuff if it's available that's why them trying to get control of my phone alarmed me so much with that generally being the 2nd factor.
      I'm far from being a techie but I'm fairly proficient and don't mind spending time getting it set up properly, I don't have my own server so I'd want cloud backup & once it's set up the simpler it is to use ie automatically filling in passwords when needed or at least a popup that auto opens for me to copy paste would be ideal.
      Being able to access the passwords through a web portal would also be a huge plus for any situation where I don't have access to my phone/tablet.
      Thanks again, Trent

      • If you want web portal/cloud backup you're pretty pushed into using one of the paid ones - bitwarden, dashlane, 1password or lastpass (or other smaller companies). Either on a paid plan or on the free plan… and live with the restrictions on the free plan. I've used lastpass for work and its been good. But for me I'd probably go with 1password if I was going to go with an online password manager. Both Lastpass and 1password have web portal

    • I'm also a long time user of Keepass, but like you, I wouldn't necessarily recommend it to everyone. I've been trying to get the wife and son to use a password manager and still haven't made any headway yet. If I started them on Keepass, I'd probably never succeed.

      • I got the missus using KeePass now. The trick is to be around when they get frustrated having to reset their password for that one account they always forget what they set it to.

        • Good for you. In my case, that particular issue has cropped up multiple times. And I keep offering to set it up. Still haven't gotten anywhere.

          • @tebbybabes: I set keepass up for my wife and a while later she'd forgotten the password to it.

            Now my solution is to just store all her passwords in my keepass so at least I know what they are when she forgets them. She doesn't have access to our main internet banking because of this (and she doesn't actually want it).

    • I like Keepass too. I run Keepass on Windows and AuthPass (KeePass compatible) on ios. While I understood the benefits of cloud storage, I feel more comfortable keeping the encrypted password file on my devices and doing the sync manually.

      I have been happy with running AuthPass on ios. However I would like to hear opnions from other AuthPass users.

  • BitWarden seems cheaper than LastPass

  • What are the features you think are worth paying for? Obviously I can read what they are but I'm interested in perspectives of people who've used these daily for a while as you will know the features that really make a difference. I like the idea of the physical cards that you can use for 2fa with Bluetooth/NFC/USB I'm looking into those now to see if they're easily applied for personal use or more for company data protection.

    • I personally think the physical ones are overkill for the average user, and the last thing I want is to have to carry another thing around. Something like Authy which I use for 2FA is going to stop all but the most determined attackers, the small increase in security of hardware tokens vs software ones is not worth the hassle.

      Even for corporate use I wouldn't generally recommend them for most things, the average user will consider them a pain, but for administrators of particularly sensitive systems they may be worthwhile.

      • Agree. I wish the physical ones ie yubikey can be transformed into a chip and then planted into our finger….

      • Use Authy as well. Physical key seems overkill

        Was debating whether or not to keep everything within Bitwarden as that can do 2FA as well, but decided to keep it separate for now.

        • Bitwarden 2fa? need to pay, right?

        • Yes, I've never looked into Bitdefender but I don't like the idea of my password manager and MFA being in the same ap/vendor. I'd much rather keep them separate then a breach of one shouldn't compromise all of the authentication factors.

  • The free version of BitWarden pretty much has all the basics covered..

    I pay for the premium subscription for a couple of things - most of which you could solve elsewhere - but having everything (like one-time-password generation for your logins) in one place is a real killer feature.

    BitWarden lets you export your entire set of data to file as a backup. Save it out, store it away somewhere safe.

  • We use Keeper.

    • How are you finding keeper ?

      • Great been using it for years.

      • I would never recommend Keeper after my awful experience with it about 7 years ago when they shutdown their original iOS app which I paid for, and tried forcing everyone to the paid subscription model.

        Now I use Keepass, which is free and more reliable, proper encryption, simple and honest application and Windows program.

  • I've used both Dashlane and Bitwarden with the latter being what I use currently. Dashlane is closed source so it's not safe for privacy compared to Bitwarden that's open source.

  • Bitwarden #1

  • I've been using LastPass for years (free). I like it because I can move between my Android and IOS devices without being tied to any ecosystem.

  • Bitwarden +1

  • I used to be a paid subscriber to Lastpass when it was US$12/12 months, now it's $54/12 months, so I use the free version. Has everything I need.

  • Thankyou everyone, I've decided to download LastPass & BitWarden so I'll give them both a go for a while before I decide.
    Appreciate everyone's input, thanks again.

    • Hey Clarky, another experience you should look out for is the app experience on iOS/Android. I've tried both apps on Android and I found Bitwarden to be easier to use in terms of automatically inputting passwords and saving new passwords. But you give it a go and see what works for you. Good luck!

      • The opposite I found sometimes bitwarden doesn offer to save new password automatically (chrome browser window). LastPass does.
        I still want to migrate from LastPass to bitwarden but can't import my vault…

        • Hey I saw your comment above. Did you try the steps in this article already?

          • @ozziekhoo: Yes. I think I was doing something wrong with step 4
            Highlight the printed text, and copy and paste it into a new export.csv file.

            Just couldn't get it recognised by bitwarden later on

  • -2 votes

    keychain on iOS, Mac and Safari. done.

  • Bitwarden
    Lastpass
    RoboForm

  • A question for those that use Bitwarden with iOS. Does it work well with Apps? Password prompts OK?

    A big plus for me that is making me want to move from LastPass is integration with Have You Been Pwned. Checking for data breaches is a big plus and not sure what LastPass offer here.

  • I use KeePass (free) and save my files in DropBox so they are backed up online, but also local files and I can the files on multiple devices.

  • I highly recommend Bitwarden. Features which compelled my migration to that service:
    - Open source
    - Widely recommended
    - I work in IT and asked the opinion of my company's IT security team who liked it (they had also recommended my last password safe)
    - Web interface
    - Clients for Android, Windows, Linux, iOS (I've not used the iOS client)
    - Good integration with browsers; Plug ins for Firefox, Chrome (including new Edge using Chromium engine)
    - Easy user interface
    - Centrally hosted.

    For people heavily integrated with Apple/iOS, I've not seen Bitwarden in use. I have seen LastPass used in that space which also is highly recommended by many people.

    If only using PCs, I'd also recommend KeePass which I had used a long time. I found didn't meet all my personal requirements in the mobile space but I still recommend it.

    • I'm using KeePass on my PC too. Could you please elaborate KeePass deficiencies in the mobile space? Thanks.

      • I just found it a bit clunky in keeping synchronised with the other places in which it was used. I would have to keep a file updated on 3 PCs and 2 android devices.
        I've found it much easier to use Bitwarden where it synchronises to all these devices and provides a web interface too.
        Also, KeePass doesn't support bio-metrics in the Android app and I found the Android integration lacking. It works much better in BitWarden.

        Don't misunderstand me though; I am still a big KeePass fan (I donated) and use it for one continued use case that is on one PC. But now, for my everyday personal password safe, BitWarden is suiting me perfectly.

        • Keepass2Android has quick unlock using fingerprint if that was what you were after. I'm not sure I understand the issue with keeping synchronised either - just use Google Drive and it does it automatically.

  • I have been using Lastpass for years but switched to Bitwarden 2 years ago and I will stay with them no worries

    • Did you use the export import vault? (When moving from LastPass to bitwarden

      • I can't really remember if I did or not as it was awhile ago, but I must have as I have thousands of passwords, and I was not going to do it one by one, I would be still going today :p

  • Bitwarden

  • Enpass - You store your database, encrypted wherever you want, dropbox, One Drive, GDrive, etc.
    - They used to be pay once use forever which I have but I saw that they changed to a subscription model which I wouldn't buy.

    I would suggest Keepass. This is what I will be moving towards soon.

  • Interesting to see a few comments of people who migrated from Lastpass to Bitwarden, but none the other way round.

  • No one mentioned 1password yet? I use it and find it works reasonably well in chrome, Android, ios. It even let me install a version on my work computer without getting IT permission. Nice interface, auto generates passwords, notifies me if 2FA becomes available or if a sure has been compromised.

    Are the others mentioned much better than 1password?

    • I've been using this too for about 2 years, no issues whatsoever on any devices. As I'm happy I haven't shopped around for cheaper prices.

    • 1Password is one of the top rated password managers. Password managers are all similar.

      The more important thing is enabling 2FA and not using the same password everywhere.

    • I used to use 1Password and really like it.

      Only reason I moved to Bitwarden is that it does everything just as well and was far cheaper.

  • I use Keepass, I just feel safer with local storage and I can make multiple copies of my database for PCs/Laptop/USB sticks, and don't like the idea of losing access if the site dies or goes down a while, plus you can extend it's functionality with plugins. I like to use the comment field for backup 2FA authy codes for various website accounts or to make notes of stuff I may need to remember about that account. Plus, it has a built-in password generator, since I can't be bothered thinking up new passwords for every account on my own.

    This is everything I need, so I can't see anything that would temp me into paying for a password manager service.

  • I use password store https://www.passwordstore.org/

    It’s a bit more technically oriented but for techies it’s great. Open source, backed by a git repo (so i push all the changes to my NAS, not out in the cloud) and works across every platform i use.

    • I use password store as well with git master on a local NAS — good thing is that it stores more than just password but free form text. A bit hard to use on the phone though, as I use it inside Termux, having to type in the gpg passphrase all the time.

  • I just have all my passwords saved in chrome.
    Is that a problem? No one has mentioned it yet.

  • Bitwarden and msecure for me

  • so, once you have all the things setup in any pass.manager, everyone should turn off the chrome/edge password manager feature, right?