Password Managers for Beginners

Passwords are often the only thing standing between a hacker and your online accounts. This guide helps you choose a password manager to help you create strong, unique passwords. It’s an easy way to make browsing the web easier, faster, and more secure.

Why it’s a good idea to use unique passwords

I don’t think I need to convince anyone that passwords are annoying. It’s hard to remember them, so everyone uses the same password for all of their accounts. You know this, I know this. But hackers also know this.

If you use the same password everywhere, a hacker only needs to get your password once in order to break into many of your online accounts. And it seems like every week, we hear about a massive new password breach. (Think about how we learned that all of Yahoo’s 3 billion accounts were breached.)

Imagine if an attacker used your single, easy-to-remember password to access your health care records, your home address, credit card numbers, or your social security number. To minimize the damage from a breach, you should use unique passwords on each account. But it can be a challenge to remember each password.

Enter password managers

Password managers make it easy to remember a single password, and still have long, unique passwords on all of your accounts. How is this possible? You use just one password to unlock your secure password “vault.” From your vault, you can quickly fill out login forms on all of your devices.

How do you get started?

Finding your password manager

A header image reading, “Choose your password manager” with a screenshot from a Pokemon video game in the background, where the player chooses their starter Pokemon.

A few password managers are usually recommended by security specialists, including Bitwarden, KeePassXC, and 1Password. They are all good options, but have different features that may impact which you want to use. Let’s quickly highlight some of the features of each tool. I’ve written guides for each, and pointed to links below.

1Password

An animation of a 1Password user typing their password to unlock their password vault.

Happy! Easy to use, and well-designed. Perhaps the easiest for unfamiliar users. Syncs to a desktop application so you can access your passwords offline, and allows “offline only” passwords.
Not so happy. More expensive than alternatives ($36 annually OR $65 one time).

Want to try 1Password? Check out 1Password for Beginners.

Bitwarden

Screenshot of an empty Bitwarden vault.
Screenshot of an empty Bitwarden vault.

Happy! Well-designed, easy to use, and it’s free for nearly everything. (You can optionally support the project and access specialty features for $10/year.) Supports all major desktop and mobile operating systems.
Not so happy. By default, it starts with less-than-ideal security settings. (You should usetwo-factor authentication, to ensure no one can log in with only your master password.)

Want to try Bitwarden? Check out Bitwarden for Beginners.

KeePassXC

A screenshot of an empty KeePassXC password vault.
A screenshot of an empty KeePassXC password vault.

Happy! Free and open source. KeePassXC can work on most platforms and operating systems. With KeePassXC, you control where your data are located (e.g., you can be “offline only” if needed).
Not so happy. Not as intuitive, and not as well-designed as alternatives. Unlike 1Password or Bitwarden, KeePassXC isn’t really one tightly integrated application — it’s a small part of the larger ecosystem of open source KeePass software. It will also require you to find a sync tool (e.g., Dropbox) if you want to sync across devices.

Want to try KeePassXC? Check out KeePassXC for Beginners.

Get started!

These are just a few of the great password management options available, but I hope these guides are helpful. Choose the tool you like most and get started. Feel free to reach out with any thoughts or questions here, or on Twitter at @mshelton. I’ll occasionally update each guide, and may add more password managers (e.g., Dashlane) in the future.

Last updated March 30, 2021. Due to problematic changes in the company’s ownership, I no longer suggest LastPass. “LastPass for Beginners” is now deprecated.

Writing about security for journalists, as well as beginners. Principal researcher at @freedomofpress. freedom.press/training

Writing about security for journalists, as well as beginners. Principal researcher at @freedomofpress. freedom.press/training