Information Security

Guidance for Selecting a Personal Password Manager

Last modified 2/19/2024

Disclaimer

We cannot formally endorse, recommend, or support a specific password manager for personal use.

Also, service passwords used for official departmental or business functions are not to be stored in a personal password manager. Contact your direct IT support team for assistance on the proper solution to manage those passwords.

Personal password managers are essential tools designed to securely store, manage, and auto-fill your passwords and other sensitive information.

In today’s digital age, where the number and complexity of passwords an individual needs to remember have dramatically increased, password managers play a crucial role in enhancing online security. They help in generating strong, unique passwords for each account and securely storing them in an encrypted vault, accessible through one master password. This not only simplifies the task of password management but also significantly reduces the risk of password-related breaches.

Use the following criteria to identify and select a personal password manager that is right for you.

  • Search with Care

When search for a personal password manager, or anything security or financial related, it's important to do so with care:

  • Do not click on advertisements in searches: A growing attack method involves bad actors paying for advertisements that impersonation legitimate apps or services. Since the advertisement can have a title and description exactly like the actual product, users can miss that they are being sent to an illegitimate website.
  • Do not rely on app store/catalog searches: Malicious apps can end up in controlled app store and app catalogs for mobile devices. They are often reported and removed after some time, but it is best to first find your choice and then go to the app store for that exact option.
  • Use review sources you trust: Search the news media services you regularly visit or trust to see if they have any articles about password managers. Be mindful that they can sometimes be a paid endorsement or advertisement, so look for coverage that has multiple services mentioned, and not just one.

If you don't know where to start, consider these articles (last updated February 2024):

  • Security Features

When selecting a personal password manager, it's crucial to prioritize the following security features:

  • Multi-Factor Authentication (MFA): MFA adds an additional layer of security by requiring two or more verification methods to prove your identity when logging into the software/app. Given the sensitive nature of data stored within a password manager, enabling MFA is strongly advised to ensure that access is restricted to the account owner.
  • Breached Password Detection: This feature compares your passwords against databases of known compromised passwords. If a match is found, it alerts you to change the password, thereby reducing the risk of using a password that has already been exposed in a data breach.
  • Encryption in Transit: This type of encryption protects your data as it moves between your device and the password manager's servers or between devices when syncing. It's essential for preventing unauthorized interception and access to your data during transmission.
  • Encryption at Rest: This security measure encrypts your data while it is stored on any device or the service provider's servers. It's crucial that a password manager encrypts all user data at rest, not just the passwords. This should encompass usernames, website URLs, and any other associated data. If only the passwords are encrypted, other information such as usernames and service details left unencrypted could be exploited by attackers in targeted phishing schemes or other forms of cyberattacks.

Zero-Knowledge Design

It's important to choose a personal password manager that guarantees comprehensive encryption of all user data, both at rest and in transit. While it may require some research to verify these details, ensuring that all aspects of your stored information are encrypted minimizes the risk of data exposure, even in the event of a data breach. Look for providers who transparently affirm their encryption practices, covering not just passwords but all stored data, to protect against unauthorized access and enhance your overall digital security.


  • Ease of Use

When selecting a personal password manager, it's important to consider the following ease of use features:

  • Cross-Platform Compatibility: Ensure the password manager is available and fully functional on all operating systems and platforms you use, including Windows, macOS, Linux, Android, and iOS. A password manager should offer seamless integration across your devices, allowing for a consistent experience whether you're on your computer, tablet, or smartphone. This cross-platform compatibility ensures that you can access your passwords and other sensitive information from anywhere, at any time.
  • Browser Integration: A crucial aspect of ease of use is the password manager's ability to integrate smoothly with the web browsers you use regularly, such as Chrome, Firefox, Safari, and Edge. Look for features like automatic password filling, login detection, and the ability to save new passwords directly from the browser. This integration simplifies the process of logging into websites and securely storing new passwords, making your online experience both faster and more secure.
  • User-Friendly Interface: Choose a password manager with an intuitive and accessible interface, ensuring it's easy to navigate and use for everyone. It should offer simple processes for managing passwords and provide clear guidance for new users. Accessibility features and responsive support are essential for a seamless experience across all user capabilities.
  • Export Capability: Opt for a password manager that includes the ability to easily export your passwords and other stored data. This feature is critical for maintaining flexibility and control over your information, allowing you to seamlessly transfer data to another password manager if your needs change. A straightforward export process ensures that you're not locked into a single provider and can enhance your data portability and security strategy without hassle.

Avoid Auto Form-Fill

It's important to know that some ease-of-use features can expose you to risk. In the case of a personal password manager, automatically filling in login forms on websites seems like a great benefit for ease of use. However, this feature has been successfully exploited by attackers that results in the password being sent to forms they control on compromised websites or ad networks you may visit.

Some personal password managers will provide you with the option to prompt before automatically filling in the password. This is crucial as you still have the benefit of it entering the password for you, but you can choose when it occurs.


  • Licensing

 When selecting a personal password manager, it is important to consider which features may be limited to paid offerings:

  • Free vs. Paid Options: Some password managers offer a basic version for free, which may be sufficient for minimal needs but often lacks advanced features. Paid versions, on the other hand, typically unlock a broader range of functionalities such as secure sharing, advanced encryption options, and more extensive storage capacities.
  • Subscription Models: Many password managers operate on a subscription basis, requiring monthly or yearly payments to access the service. Evaluate whether the subscription offers value for the features provided and if it fits within your budget over the long term.
  • Feature Restrictions: Be aware of key features that may be locked behind payment barriers. For example, the ability to share passwords securely with family or team members, access to emergency contacts, or advanced multi-factor authentication options might only be available in premium versions.
  • Long-Term Value: Consider the long-term value of the licensing model. A subscription model might offer regular updates and continuous security enhancements, which is crucial for protecting your digital identity over time. However, ensure that the cost aligns with the benefits and that you're not paying for features you don't need.

  • Reputation and Reviews

When choosing a personal password manager, it's essential to consider the reputation of the service and what others have said about it. Pay attention to the following aspects to gauge reliability and trustworthiness:

  • Privacy Policy: Review the password manager's privacy policy to understand how your data is handled. Look for assurances that your information is encrypted, not shared with third parties, and that the company follows strict privacy standards. A transparent privacy policy that prioritizes user data protection is a good indicator of a reputable service.
  • Company Ownership: Research the company behind the password manager. A company with a solid reputation in the tech or cybersecurity industry is more likely to offer a reliable and secure product. Consider the company's longevity, mission, and values to ensure they align with your expectations for security and privacy.
  • Frequency of Updates: Regular updates are crucial for maintaining security and adding new features. Check how frequently the password manager is updated and if the company proactively addresses vulnerabilities. A good track record of regular, security-focused updates indicates a commitment to user safety and product improvement.
  • History with Data Breaches: Investigate any past incidents involving data breaches or security flaws with the password manager. While no service is immune to threats, how a company responds to such incidents is telling. Look for companies that have transparently handled breaches, quickly implemented fixes, and taken steps to prevent future issues.


By carefully considering these criteria, you can select a personal password manager that not only enhances your online security but also fits seamlessly into your digital life.