How to Choose a Password Manager
A password manager solves a problem almost everyone has: reusing the same handful of passwords across dozens of accounts, which means one breach can cascade into many. Instead of remembering (or reusing) passwords, you remember a single master password that unlocks an encrypted vault, and the manager generates and autofills strong, unique passwords everywhere else. The best tools go further — storing payment cards, secure notes, and identity documents, and warning you if any of your saved credentials show up in a known data breach.
The core decision points are encryption model, platform coverage, and price. Every reputable password manager uses zero-knowledge encryption, meaning the provider itself cannot read your vault — but the specific cipher (AES-256 vs newer options like XChaCha20) and how key derivation is handled can differ. Platform coverage matters just as much in practice: a manager is only useful if it has a polished browser extension and native apps for every device you actually use, since friction is what causes people to abandon password managers and fall back to browser-saved passwords or sticky notes. On price, most vendors offer a genuinely usable free tier (often capped at one device or a limited number of saved items) with premium plans unlocking breach monitoring, secure file storage, and family or team sharing.
Individual, Family, and Business Plans
Most password managers price around three tiers of use. An individual plan covers one person across all of their own devices — this is the right starting point if you're moving off browser-saved passwords for the first time. A family plan typically covers five or six accounts under one subscription, each with their own private vault plus the ability to selectively share specific logins (a streaming account, a Wi-Fi password, a shared bank login) without exposing the rest of anyone's vault. Business and team plans add centralized admin controls — provisioning and deprovisioning employee access, enforcing password policies, audit logs of who accessed what, and integration with single sign-on providers. If you're evaluating a manager for a small team, check specifically for SCIM/SSO support and per-seat pricing, since some consumer-focused tools don't scale cleanly past a handful of users.
One migration detail worth planning for upfront: switching password managers later is straightforward (nearly all support CSV export/import), so it's reasonable to start on a free plan and upgrade only once you hit a real limitation — a second device, a breach alert you want, or a family member who needs shared access. Don't over-buy a business tier before you actually have a team to manage.
Key Features to Look For
- Zero-knowledge encryption — the provider should never be able to see your master password or decrypt your vault, even under a legal request.
- Cross-device autofill — a browser extension plus native mobile/desktop apps that reliably fill logins, not just copy-paste from a web vault.
- Data breach monitoring — an ongoing scan that alerts you if a saved email or password appears in a known leak, so you can rotate it before it's exploited.
- Secure sharing — the ability to share a login with a family member or teammate without ever exposing the plaintext password to them.
- Emergency access / recovery — a way to regain access if you lose your master password, without undermining the zero-knowledge model.
- Two-factor authentication support — either built-in TOTP code generation or compatibility with a hardware security key.
Frequently Asked Questions
Are password managers actually safe to use?
Yes — reputable password managers use zero-knowledge, end-to-end encryption, meaning your vault is encrypted on your device before it ever reaches the provider's servers, and the provider has no way to decrypt it. This is a significantly stronger security posture than reusing a handful of memorized passwords across every site, which is the realistic alternative most people are comparing against.
What happens if I forget my master password?
Because most providers use zero-knowledge encryption, they cannot simply "reset" your master password the way a website resets a login. Instead, look for a manager with a documented emergency-access or account-recovery feature (such as a designated trusted contact or a recovery code you store separately) — set this up when you first create your account, not after you're already locked out.
Is a free password manager good enough?
For an individual just getting started, a free tier that covers autofill and unlimited passwords on one device type is a real security upgrade over no password manager at all. Paid plans typically add cross-device sync, breach monitoring, secure file/document storage, and family or team sharing — worth it once you're relying on the tool daily across a phone and a computer.
Can I switch password managers without losing my data?
Yes — nearly every password manager supports exporting your vault to a CSV file and importing it into a new provider. Export from your old manager, import into the new one, verify a sample of entries transferred correctly, then securely delete the CSV export (it's stored in plaintext on disk during the transfer window).
