Our content is funded in part by commercial partnerships, at no extra cost to you and without impact to our editorial impartiality. Click to Learn More
Nowadays, password managers are a safe and secure way to manage your passwords. They use strong encryption to protect your passwords, so even if a hacker were to gain access to your password manager, they would not be able to read your passwords without your master password.
In addition to encryption, password managers also offer other security features, such as two-factor authentication. This means that you will need to enter a code from your phone in addition to your master password in order to log in to your password manager.
According to the Pew Research Centre, half of users have up to 25 password-protected accounts online. That’s far too many for the average person to remember, making it hard to stay secure. A secure password manager will automatically store all your logins, meaning that you’ll never have to remember one ever again, and can even generate passwords for you.
Given that even industry leader LastPass was once the victim of a hack, concerns remain over using password managers. Besides, you may be questioning the wisdom of storing all your passwords in one place. These are legitimate concerns, but research has shown that using a password manager is far more secure than not using one. The risk of your business getting hacked is high, particularly during the pandemic, so we’d strongly recommend getting one yourself.
As for which password manager you should choose? We’ve tested some of the best password managers around, and while they’re all safe and secure, the best on test was LastPass. This stands out thanks to a simple interface, secure setup, and brilliant family-sharing options. Plus, you can try LastPass for free to see if you like it.
Is it Safe to Use a Password Manager?
Password managers are secure and use encryption to protect your data. The best password managers use advanced encryption like AES-256 bit or RSA-4096 bit to scramble and unscramble your data. This makes it extremely difficult for anyone without your master password to access your information.
Leading password managers also have zero-knowledge architecture, meaning only you can see inside your vault – not even the password manager company. So you can trust that your sensitive information is safe inside a password manager.
A good quality password manager is a safe, trustworthy and highly recommended security tool that will make it difficult for a hacker to crack your password. In fact, security experts almost uniformly believe that password managers are infinitely safer than virtually every alternative there is, for businesses and individuals alike. A secure password manager can contribute to good data hygiene.
Top password managers, such as 1Password, Dashlane, or NordPass, can be trusted to protect your account logins thanks to secure encryption that keeps your passwords secret. But not all passwords have a squeaky-clean reputation when it comes to security.
Here’s how it works in practice. You create an account with a password manager, then create a single “master password” to log into it. To keep your password manager safe to use, it’s essential that your master password isn’t anything obvious. So that’s no to “12345,” “qwerty,” or “passwd.” Instead, pick a longer phrase or mix and match cases and special characters – just ensure it’s unique and memorable.
Then, the password manager can get to work automatically generating complex, unique passwords for every service you log into online – one for your Amazon account, email account, Facebook account and so on. You won’t need to memorize these – whenever you login in, the password manager will automatically apply the password (and you enable the password manager via that single master password).
This entire process is far more secure than re-using the same password over and over on multiple sites – the single biggest risk you can take with you and your business’ online security. It’s also far easier than attempting to remember multiple unique passwords.
So, if it’s all win, why are there any questions around password manager safety? Largely, these come down to an understandable concern over the security of handing over your logins to a third-party service. That’s why we’d recommend only using a trustworthy, well-rated password manager. So which ones would we recommend?
Most Secure Password Manager
If you want a secure password manager, you should opt for a paid one. Free password managers tend to be restricted in some way, and are usually supported with adverts. Additionally, free password managers are simply not set up to handle a full business’ security needs, which means paid for is always the way to go.
In our testing, we found NordPass to be the most secure password manager. For a few dollars a month, it could save you a lot of headaches, as well as time spent waiting for password reminder emails to drop into your inbox.
| Local Storage Option | Two-Factor Authentication | Failsafe Function | Password Generator Function A password manager can create secure, complex passwords for you. You won't need to remember them yourself. | Help Instructions | Email Support | Live Chat Support | Phone Support | Price | Business Plan? | Business Price Cheapest available business plan | Click to Try | ||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| FEATURED  | TOP PICK  |  |  |  | |||||||||
| NordPass | LastPass | Dashlane | Sticky Password | ||||||||||
| | | | | | |||||||||
| | | | | | |||||||||
| | | | | | |||||||||
| | | | | | |||||||||
| | | | | | |||||||||
| | | | | | |||||||||
| | | | | | |||||||||
| | | | | | |||||||||
| $1.69/month | $2.40/month | $8 per user/month | $19.99 per year | ||||||||||
| | | | | | |||||||||
| $19.95/10 users | $2.51 user/month | $3.20/user/month | $60/user | $29.99/user/year | |||||||||
| Try 1Password | Try NordPass | Try LastPass | Try Dashlane | Sticky Password |
Want to know more? Check out our dedicated Best Password Managers guide.
Do Password Managers Get Hacked?
No online system is infallible. Password managers – just like any other online service you use, such as Amazon, Twitter, or Facebook – run the risk of being hacked. In fact, some have been.
The best password managers, however, will take your security very seriously – after all, you’re paying for the service. If you lose trust in them, they lose your patronage, and with it, your payment.
When LastPass was hacked, users were right to be concerned – after all, if a hacker could get into the system, they could, in theory, have access to every password that LastPass users had stored there.
However, even though its security was breached, hackers were unable to steal any information – all of the passwords were protected by the users’ Master Password, which is not stored on the LastPass servers. This meant that the encryption on the passwords stored by LastPass was unable to be cracked. And that is why you should pay for a password manager.
But at the same time, however, repeated breaches are not a good look, and LastPass has suffered two subsequent breaches of their systems, both in 2022, the former taking place in August and the latter in November. Although LastPass maintains that no actual passwords were stolen thanks to its zero-knowledge infrastructure, customer information was, and this can be used to conduct phishing attacks.
Two security incidents during 2022 has tarnished LastPass’s reputation significantly.
This string of security incidents has certainly damaged LastPass’s reputation, although it’s likely to remain one of the world’s most widely-used password managers. But then again, if you can choose a provider like NordPass or 1Password, which have never suffered breaches like this, why take the risk?
Password managers are also a common target for ‘ethical hackers’ — those who like to test the security of online systems to flex their coding muscles. Password managers are their white whale – crack one of these open, and they’ll win the acclaim of the industry.
This isn’t as scary as it sounds though. In fact, ethical hackers are offering a great service, finding exploits in online systems before more nefarious people do. Once they’ve found a vulnerability, these hacklers will make contact with the service and let them know, allowing the provider to then fix the issue.
Verdict – Should You Use a Password Manager?
We can’t state this clearly enough – a password manager is a safe, recommended way to secure your online logins. The alternatives are far, far riskier – in particular, that old habit of re-using the same old password again and again across multiple websites (please, just don’t).
No system is guaranteed bulletproof, and as the LastPass hack showed, even password managers can be vulnerable. However, as that very incident showed, there are serious protections in place, and these prevented the LastPass hack from being a disaster for any customers.
In the age of hybrid work and vast security breaches, we’d strongly recommend getting up and running with a password manager for proper online peace of mind. In the meantime, use a free tool to test the strength of your passwords and ensure your first lines of defense are strong.
With LastPass, to de-encrypt passwords that are saved server-side, one would need the Master Key. But this is held locally on your machine. This means that even in a worst-case scenario, hackers can only access heavily encrypted data, with no way to unpick it all. It’s like being given all the materials to paint the Mona Lisa, without ever having seen what it looks like.
As is the case with LastPass, 1Password requires a Master Key to unlock your passwords, which is stored locally on your machine. This means that unless a hacker has direct access to your laptop, tablet or mobile, your details are safe.
Check our full 1Password Review to learn why it’s our top-rated app, or see how 1Password compares to LastPass.
While it gets the job done, it’s rather basic, and it can’t compete with the rich feature-set of a dedicated password manager. But is it safe? Although flaws have been found by ethical hackers (and since fixed), there have been no large scale breaches of the system.
Is it safe? Well, that depends. It’s as safe as your Google account is, which means that if anyone gets hold of your login details, they could also in theory log into any of the sites and services that you have used in Chrome. However, Google does make this slightly harder by alerting its users when the details are used to sign into a new device.
If you click on, sign up to a service through, or make a purchase through the links on our site, or use our quotes tool to receive custom pricing for your business needs, we may earn a referral fee from the supplier(s) of the technology you’re interested in. This helps Tech.co to provide free information and reviews, and carries no additional cost to you. Most importantly, it doesn’t affect our editorial impartiality. Ratings and rankings on Tech.co cannot be bought. Our reviews are based on objective research analysis. Rare exceptions to this will be marked clearly as a ‘sponsored’ table column, or explained by a full advertising disclosure on the page, in place of this one. Click to return to top of page