What do Oculus CEO Brendan Iribe and rapper Drake have in common? They both lost control of their Twitter accounts because they used the same password for those accounts as for MySpace, and millions of MySpace passwords were stolen recently. Using the same password for multiple websites is a big mistake, clearly. If any site gets breached, or if one password gets stolen (as happened to the CEOs of Facebook and Google), the other sites are also at risk. All of them should have used a password manager to set a different, strong password for every site. And so should you.
For your own sanity and security, install a password manager and change all of your passwords so every single one is different, and every single one is long and hard to crack. Until our Internet culture evolves into some post-password Nirvana, everybody needs a password manager, from the most carefree Web surfers to the CEOs of globe-spanning corporations. There are plenty of good choices. All the commercial password managers listed here earned 3.5 stars or better. Strapped for cash? We've rounded up the best free password managers in a separate story.
The typical password manager installs as a browser plug-in to handle password capture and replay. When you log in to a secure site, it offers to save your credentials. When you return to that site, it offers to automatically fill in those credentials. And, if you've saved multiple logins for the same site, the password manager offers you multiple account login options. Most also offer a browser toolbar menu of saved logins, so you can go straight to a saved site and log in automatically.
Some products detect password-change events and offer to update the existing record. Some even record your credentials during the process of signing up for a new secure website. On the flip side, a password manager that doesn't include password capture and replay automation needs to offset that lack with significant other assets.
Getting all of your existing passwords into the password manager is a good first step. Next, you need to identify the weak and duplicate passwords and replace them with tough ones. Many password managers flag weak and duplicate passwords, and some offer help with the update process. The very best ones can automate the password-change process for you.
When you create a new secure account or update a weak password, you don't want to strain your brain trying to come up with something strong and unique. Why bother? You don't have to remember it. All but one of our top-rated products include a built-in password generator. Make sure your generated passwords are at least 16 characters long; all too many products default to a shorter length.
Entering a password like [email protected] on your smartphone's tiny keyboard can be tough. Fortunately, almost all of our top password managers can sync across all of your Windows, Mac, Android, and iOS devices. A few even let you authenticate on iOS or Android with your fingerprint rather than typing the master password. Most include some form of two-factor authentication, be it biometric, SMS-based, Google Authenticator, or something else entirely.
Fill Those Forms
Since most password managers can auto-fill stored credentials, it's just a small step for them to automatically fill in personal data on Web forms—first and last name, email address, phone number, and so on. Most of the top-rated products include Web form-filling. The breadth and flexibility of their personal data collections vary, as does their accuracy when matching Web form fields with their stored items. Even if they miss a field or two, the ones they do fill are ones you don't have to type. Think about how many sites you go to that want all the same information; this feature is a huge time-saver.
Different products handle form-filling in their own ways. Some immediately fill all recognized fields, some wait for you to click in a field, some pop up and ask what you'd prefer. You'll even find products that offer your choice of credit cards using realistic images with the correct color and bank logo!
Given that all these products take care of basic password management tasks, how can one product stand out from the pack? One handy advanced feature is managing passwords for applications, not just websites. Another is provision of a secure browser, designed to protect sensitive transactions and invoked automatically when you visit a financial site. And of course automating the password change process is a big plus.
As noted, these top products let you sync your passwords across all of your devices. Some of them also include a built-in mechanism for securely sharing passwords with other users. Some let you share a login without making the password visible, some let you revoke sharing, and with some the sharing goes both ways—that is, if the recipient makes a change it will change the original.
On a grimmer note, what happens to your secure accounts after you've died? A few products include some provision for a digital legacy, a method to transfer your logins to a trusted individual in the event of your death or incapacity.
The Very Best
Veteran password manager LastPass 4.0 Premium offers an impressively comprehensive set of features. Slick and polished Dashlane 4 also boasts a ton of features, even some that LastPass lacks. Sticky Password Premium handles essential tasks better than most, and a portion of every purchase goes to help an endangered species. But even the products not named as Editors' Choice have their merits; you may prefer one of them. Read our reviews to decide which will serve you best.