Password security is getting more and more important with each coming year. It’s estimated that cybercrime generated at least $1.5 trillion dollars in 2018, and that number will only increase as computers become more and more widespread around the world[*].
One of the most common ways users are scammed or robbed is through poor password management. Humans are predictable, and hackers have become extremely sophisticated with their brute force attacks, often using phished or stolen information to guess passwords and force their way into sensitive information and accounts. They can then use that information to conduct transactions, sell the information for cash, or hold sensitive information for ransom.
We’ve all been told how important it is to diversify your passwords across your accounts and to use “strong passwords”. The thing is, with an increasingly complex internet landscape, it isn’t unreasonable to have 100+ internet accounts. Having separate passwords across all of your accounts would be a serious commitment of time and memory and will almost certainly rely on some type of storage system, which when stored in the wrong place will carry its own risks.
The solution? Password managers. These vaults auto-generate passwords for you across all of your accounts and can be accessed with one central password. There are myriad options, both free and paid, for you to try. If you haven’t taken the step to use one yet, now is the time.
The best option for you depends on if you want to stay strictly free, how much technical expertise you have, and how you plan on using your password manager.
In this blog, we’re going to cover a few commonly asked questions about free password managers and then outline our top free password manager recommendations.
What Is a Password Manager?
A password manager is a digital vault that uses encrypted databases to store, generate, and fill in your login details across any online services that you choose.
Digital vaults are typically stored on remote cloud servers but can also be stored within local applications and hardware. Most password managers function by having one master password that unlocks the vault, and then the vault can automatically communicate with online services via your browser.
The variability between services is primarily found in the degree of security and user experience. For example, some password managers allow you to recover your master password if lost, others don’t. Some have a physical hardware “key”, and some are completely cloud-based. There are many options to choose from and those choices will be determined by your personal risk.
Are Free Password Managers Safe?
Most “free” password managers are entry-level plans or trials from highly reputable password management companies. As long as you choose an established service (you can use any of our recommendations below), then yes. They are generally safe.
It also depends on your definition of safe. The security needs of a high-profile corporate executive will vary dramatically from a casual work-from-home freelancer. You need to analyze your own sensitivity and choose your degree of security accordingly.
For most of you, a basic cloud-based password manager that prioritizes user experience will be just fine, but for some of you, a local server-based application with a hardware key may be the best option. There is often a tradeoff between convenience and level of security.
Do I Need a Password Manager?
We recommend most people use a password manager. Even if they aren’t perfect systems, the password vault is certainly better than using similar or the same passwords across multiple online services.
Most free password managers won’t take more than a few minutes to set up, and the extra security you get from doing so is worth it.
Can Password Managers Be Hacked?
In general, your password manager is as secure as your master vault password. Yes, there have been instances of password management companies being breached, but these are rare. What’s clear is that using a password manager is always better than reusing passwords.
If you adopt good security habits within your password manager, you won’t have much to worry about outside of an extremely sophisticated attack. And in those instances, the company you’re using to store your information is generally more much prepared to defend against those attacks than you are. It’s what they think about every day, after all.
That being said, there are ways you can make your vault more secure. Here are a few ways to increase the level of security within your free password manager experience:
- Do what you can to prevent your phone or computer from getting “pwned” (having information confiscated) and make sure your master password isn’t stored anywhere on your computer or being used for any other service. See if you’ve been “pwned” here.
- Write down your password on a piece of paper and store it somewhere safe.
- If necessary, use a service with a local server instead of a cloud server. This ensures that if the service you use is compromised, your vault won’t be exposed.
- Install two-factor authentication in every instance possible.
- Make your master password as unique and strong as possible. Our advice is to group strange words and phrases together with a loose string of numbers.
- Append a memorized password string to auto-generated passwords. This way if your vault is compromised the hackers will only have half of each password. For example, if the suggested vault password for a new service is GUEO093, you would add in GREYSHEEPBUS947 to the end, making the entire password GUEO093GREYSHEEPBUS947. If your vault is compromised, the hacker would only get GUEO093, and only you would know that you’ve added the extra string to the end. Is this more work? Yes. Is it more secure? Most definitely.
Is It Worth Paying for a Password Manager?
Password managers are sometimes free and generally cheap, and the extra convenience and shareability you get from paying a few bucks a month are usually worth it.
One of the most common features that are restricted for paid versions is device syncing, so if you would like to have your password manager across your phone and computer(s), you will probably have to pay.
Some paid password managers also include services that tell you if any of your information is being sold or moved around on the dark web.
What to Look for in a Password Manager
Here’s what we recommending thinking about when choosing a password manager, and these are some of the criteria we used to judge our choices in the list of recommendations below:
- Two-factor authentication
- Ease of use
- Company culture
Okay! With all of this in mind, let’s look at our top choices for free password managers.
The Best Free Password Managers
We’ve chosen a few of our favorite free password managers and listed them along with their key features and distinctions below. We’ve tried to include a variety of vaults that can speak to different levels of users (casual vs. power).
Most of these operate on a freemium model, so if you’re trying to not spend a dime, you’ll either need to set up your own vault via open-source software like KeePass (#4 on this list) or settle for limited features.
LastPass is a powerhouse player in the password vault space and for good reason. Its free version is comprehensive, the service is cheap, it is very user-friendly, and it only takes a few minutes to get set up.
- All major browsers, phones, and operating systems
- Fantastic free version
- Browser extension
- Multi-factor authentication
- Autofill passwords
- Auto-generated passwords
- Mobile and tablet apps
- AES-256 bit encryption with PBKDF2 SHA-256 and salted hashes to ensure complete security in the cloud
Why We Like It
LastPass is cheap, easy to use, and perfect for anyone wanting to get a password vault without worrying about the specifics. Its free option doesn’t leave too much off the table, so you can still get a bunch of features without paying a cent. It’s perfect for people looking for an easy introduction to password management.
Cons of LastPass
- Cloud-based storage. This could be an issue for some people with high-security risks.
- The sharing functionality can feel a bit clunky at times.
- The user interface is good but the folder layout is a bit awkward.
- Not open-source, so the user community can’t audit it entirely.
Free version available. Paid plans starting at $3/mo.
1Password has a fantastic UX and prioritizes collaboration within their password vault without sacrificing security. If you’re a family who shares a lot of passwords or a business that often trades passwords with employees or clients, then 1Password is a great choice.
- Good family sharing functionality.
- Fantastic user experience
- End-to-end Encryption
- Server ignorance (1Password never sees your passwords)
- Complete sharing authority
- Activity log for businesses to see who is changing what and why
- Custom group functionality for organizing teams
- Autofill passwords
Why We Like It
1Password has an excellent and vibrant security culture. They are very proactive and have integrated with Troy Hunt’s pwned passwords and are regularly improving their product based on the latest cybersecurity trends. They also take pride in their transparency, offering whitepapers like this to show you exactly how their product functions.
Cons of 1Password
- Not as much browser flexibility as LastPass
- Only has a 30-day free trial
Free version available. Paid plans starting at $2.99/mo.
Bitwarden is an open-source password manager built to be transparent and user-friendly. Its paid options are super cheap, and even its free version gives an individual user enough features to get by without paying anything.
- You can host your vault locally on your servers
- Good UI
- Sync across all devices
- Yubikey with its paid plan
- End-to-end encryption
- Extensions for a variety of browsers
- Autofill passwords
- Two-step login: YubiKey, U2F, Duo on the paid version
- Vault health reports
- Priority customer support
Why We Like It
Bitwarden’s free version is comprehensive enough for casual users working alone, and if you’re looking for a bit more security and sharing features, it’s only $1/month. You can’t beat the price. They also have a great company culture and are clearly devoted to security.
Cons of Bitwarden
- If you lose your master password it can’t be recovered.
- Sharing isn’t available on the free version
- The sharing features aren’t as developed as services like 1Password
Free version available. Paid plans starting at < $1/mo.
KeePass is the best choice for people who have a tech background and need extra customization within their security apparatus. Whatever you need to do with your passwords, with a bit of work, KeePass can become your perfect system.
- Unofficially supports Android and iOS
- Completely free to use
- Local hosting
- End-to-end encryption
- Complete control over your local database
- Lots of plug-in and integration flexibility
- Can communicate with other password managers
Why We Like It
For any power users, KeePass is probably your best choice. You can’t beat the customization and the user community around this open-source software is fantastic. It’s also free to use in its entirety.
Cons of KeePass
- Non-recoverable password. If you lose it, that’s it! This can also be a benefit if you are focused on security
- Requires a bit of tech experience to set up
- Built primarily for Windows
- Limited user experience features in its basic form
Free version available. No paid plans, all open source.
Enpass is an offline password manager that prioritizes shopping security and the creation of “separate vaults” for different personal and work environments. It’s flexible and can accommodate casual and free users but offers enough security upgrades and features to appease the securityphiles out there.
- Chrome OS
- Extra focus on shopping security
- SQLCipher 256-bit AES encryption engine
- Fingerprint login
- Password generator
- Family sharing
- Server ignorance
- Free desktop application
- Easily import existing passwords
Why We Like It
Enpass is a nice blend of casual and power users. You have a lot of freedom in how much you decide to dig into Enpass, and the one-time payment option of $55.99 is a nice option to have if you want to set it and forget it.
Cons of Enpass
- The free version limits your mobile password limit and vault capabilities
- The user experience isn’t quite as developed as some other options
Free version available. Paid plans starting at $2/mo.
The Bottom Line on Free Password Managers
Using a password manager is smart and easy, and the variability between services really isn’t that big unless you have special security needs. And while free versions are available, unless you have a tech background it’s probably worth it to pay a few dollars a month for the premium versions. It’s your security after all! You can think of it as insurance, and the time you save filling form fields out and generating passwords pays itself back.
Use the list above to pick the right service according to your needs, and enjoy your new password management system.
Password management is one way to optimize your internet experience. Enhance the way you engage with the web even further by getting rewarded for the data you share online.
Permission.io is revolutionizing internet advertising as we know it by paying users for their data.