Passwords aren't a great way to prove—or protect—your identity, but for now, we're stuck with them. The problem is, anybody who cracks or guesses your password can log in to your bank, your social media, your email—any secure site. And it gets worse. A hacker with access to your email account can take over plenty of other accounts by requesting password resets via email. Don't make it easy for them by using lame passwords like password or 123456. Enlist the help of a password manager and use it to change all your logins to crazy-tough passwords like VodW4tavq3HkB01R or tREzCLfn5Cy65&nZ. Hey, you don't have to remember the password, so it can be long and strong.
What's that you say? You can't afford to buy yet another security tool? In truth, you can't afford not to. The potential hit, financial and otherwise, that could result from using cheesy passwords could cost you plenty. But never fear, you can get full-featured, high-powered password management for a net outlay of exactly zero.
Your typical password manager integrates with the browser and captures the username and password when you log in to a secure site. Occasionally you'll find one that doesn't automate password capture and replay, but these may have other virtues, such as filling in passwords for secure applications, not just webpages.
The best password managers capture your credentials during account creation. When you change your password online, they offer to update the stored password for that site. Of course, password capture only works if the password manager recognizes that you're logging in to a secure site, so non-standard login pages can cause trouble. Some products cleverly solve this problem by letting you manually capture all data fields on a page. Others actively analyze popular secure sites whose login pages don't fit the norm, creating scripts to handle each site's oddball login process.
When you revisit a site for which you've saved credentials, most password managers automatically fill the saved data, offering a menu if you've saved more than one set of credentials. Another handy (and common) feature is a browser toolbar menu of available logins, so that with one click you can navigate to a site and log in.
One great thing about free password managers is that you can try several and find out which one you like best. If you're thinking of making such a survey, look for products that can import from other password managers. Otherwise, you'll have to go through the password capture process over and over for each candidate.
The point of adding a password manager to your security arsenal is to replace your weak and duplicate passwords with strong, unguessable passwords. But where do you get those strong passwords? Most password managers can generate strong passwords for you; many let you take control of things like password length, and which character sets will be used. The very best ones offer a password strength report that eases the process of identifying and fixing poor passwords. A very few can even automate the password-change process.
Filling in usernames and passwords automatically isn't so different from filling other sorts of data in Web forms. Many commercial password managers take advantage of this similarity and thereby streamline the process of filling forms with personal data. Not many free password managers offer this feature.
When you put all of your passwords into one repository, you had better be really, really careful to protect that repository. Yes, your master password should be as strong as possible, but you really need two-factor authentication to foil any possible hack attack. Two-factor authentication could be biometric, requiring a fingerprint, facial recognition, or even voice recognition. Some password managers rely on Google Authenticator; others can be configured to require an authentication code texted to your smartphone.
Speaking of smartphones, many of us are just as likely to log into a secure site from a mobile device as from a desktop computer. If that describes you, look for a password manager that can sync your credentials between your desktop and the mobile devices that you use. Note, though, that in some cases you'll have to pay to extend protection to mobile devices.
In addition to using your passwords on multiple devices, you may find you want to share certain logins with other users. Not all free password managers support secure sharing; many of those that do allow you to share the login without making the password visible. A very few let you define an inheritor for your passwords, someone who will receive them in the event of your demise.
Free Editions of Paid Programs
If you're willing to give up a little something, you can use many commercial password managers for free. If you see something you like in our roundup of the best password managers, you may be able to get it without paying. For example, some companies let you use all the features of their product for free as long as you give up syncing across multiple devices.
Another common tactic is to let you use the product for free, but limit the number of passwords you can store. The limit for free usage tends to range between about five and 15 passwords. If you can stick to that, you needn't pay. If not, the company will happily accept your payment for upgrading to the paid edition.
The venerable LastPass 3.0 remains Editors' Choice for free password manager, joined by relative newcomer LogMeOnce Password Management Suite Premium. Both offer a breadth of features just not found in the free competition.