The best Android password managers

Protecting your online accounts is more important now than ever — and in spite of some recent high-profile hacks, relying on a third-party password manager is still the easiest and most effective way to ensure your most important credentials remain secure.

Why? It’s simple: Reusing passwords puts you at a heightened risk for hacking. If someone discovers your password at just one website — via any sort of breach, be it large-scale or targeted — they can then use that same password to crack into your accounts at countless other places. It happens all the time.

And until our still-very-theoretical password-free future arrives, virtually any security guru will give you the same advice: The key to keeping yourself safe is relying on long, random passwords (in conjunction with two-factor authentication, whenever possible). Remembering even a few such passwords is tough enough, but doing so for dozens or hundreds of sites and services is nigh impossible for most mere mortals.

And that’s where the password manager comes into play: It empowers you to generate and keep track of all that info without requiring a Rainman-caliber brain. You just remember a single master password, and the app takes care of the rest.

Figuring out which password manager is right for you, though, isn’t so easy — especially with the way this field has evolved in recent months. But I’m here to help. I’ve spent a ton of time evaluating and revisiting each of the major password managers available for Android. I’ve looked at both what they’re like to use on the phone front and how they perform in different desktop computer environments, since most of us also require their services in those domains.

Here are my recommendations.

Let’s start by addressing the elephant in the room, shall we? Its name is LastPass.

And yes, indeed, in a significant shift from years of recommendations, LastPass has lost its long-held spot in the best-all-around Android password manager arena. LastPass has suffered an escalating series of disconcerting hacks in recent years, but the company’s most extreme breach, in late 2022, and the confidence-killing communication around it — with a barely-there, limited-detail announcement landing months after a major incident and right at the start of the winter holiday period, when attention was at a minimum — is what really makes the service impossible to recommend now.

The good news, though, is that there’s a first-rate replacement. After an awkward start and several years of a less-than-optimal Android existence, 1Password has matured into a fully featured, singularly secure, and all-around exceptional Android password manager.

And better yet: Migrating your data from LastPass or any other service into 1Password couldn’t be much easier. The entire process took less than five minutes for me and was almost shockingly painless.

Basic trustworthiness aside, 1Password offers some nice usability improvements over what LastPass provided. It really feels like a more polished and contemporary version of the same core concept — one that LastPass had let languish in recent years while its competitors continued to push forward.

For instance, when you tap on any username or password field in any app or website on your phone, 1Password instantly prompts you to authenticate — using biometrics, if available on your device — and then places a chip with all of your available credentials right in the top row of the Gboard Android keyboard. It’s a far more consistent and seamless experience than LastPass’s clunky-feeling pop-up (which increasingly didn’t even appear when it was supposed to). The app can even remember when you sign into a service using your Google account or other such existing identity and then handle that for you whenever the situation arises.

One tap on the appropriate sign-in within the top row of your on-screen keyboard, and kaboom: 1Password fills in all your info and gets you where you need to go.

Searching through your 1Password vault is a similarly smooth and pleasant experience that makes LastPass’s long-standing interface feel clumsy and outdated in comparison.

On the security front, 1Password adds an extra layer of protection into the equation with its unique Security Key concept. The Security Key is a special code that’s created locally on your device when you sign up for the service. It’s never transmitted to 1Password’s servers. And it’s impossible for you to sign into your account on any new device without it.

That means even if 1Password were to be hacked in a similar way to what LastPass experienced, hackers still wouldn’t be able to get at your actual data — something that, unfortunately, can’t be said for LastPass and its comparatively lackluster security setup.

Beyond all of that, 1Password offers pretty much every advanced password management feature you could ask for, including intelligent options for sharing credentials securely with co-workers or family members and a system that can alert you if one of your passwords is ever involved in a breach. It can store and auto-fill credit card info, too, and it boasts a host of impressive business-specific capabilities — including full admin and management tools and easy access to team-wide analytical info. And, of course, it supports two-factor authentication via both one-time code generators and physical FIDO keys.

1Password is regularly updated with new features and improvements, and that’s true for Android as well as all of the service’s other supported platforms. On that note, 1Password is available in native apps for Windows, macOS, and Linux as well as in a fully featured and easy-to-use browser extension that works reliably well in virtually any browser and allows you to access your data in a seamlessly synced, effortless manner. (And, yes, it’s available on iOS, too, so no need to worry about your iDevice-carrying cousins, colleagues, or companions.)

1Password costs $36 a year for an individual subscription or $60 a year for a family membership that includes up to five people. On the business front, the service offers a $239-a-year Teams Starter Pack that allows up to 10 users or a more flexible $96 per user per year setup that also includes a slew of advanced management options.

It’s an all-around stellar option for practically any purpose, and it handily fills the void left behind by LastPass as the best Android password manager for most people.

While 1Password takes the top Android password manager title, it does come at a cost — and it requires you to use its own self-contained storage setup for syncing (a shift from the service’s previous, more versatile approach).

If you can’t justify the ongoing expense for the service or you prefer a password storage setup that’s completely in your control, Bitwarden is an admirable alternative to consider.

To be sure, Bitwarden lacks many of the creature comforts and advanced business benefits 1Password provides. It’s also just generally less polished, fully featured, and pleasant to use — on Android and on the desktop front alike.

But the service packs plenty of appeal for its generous free offering, which includes all the individual password management basics, as well as for its open-source nature and its ability to let you store your encrypted vault on your own self-hosted server. That self-hosting approach really isn’t advisable for most people, but it could be an intriguing possibility for a specific sort of tech-savvy organization that appreciates the added assurance of total control — so long as it’s confident in its ability to protect that data as well as or better than a known provider.

Bitwarden’s cross-platform apps are basic but functional and available for free at their simplest level.

Bitwarden’s free personal plan has no device limits or time constraints. The service also offers a $10-a-year individual plan that adds in support for physical two-factor authentication keys, advanced reporting, and priority support, along with a $40 family plan that includes credential sharing for up to six people.

On the business front, Bitwarden has a $36 per user per year plan that includes company-wide sharing and a $60 per user per year enterprise plan that adds admin and management tools into the mix.

Now, for the million-dollar question…

It sure is tempting, isn’t it? After all, Google’s Chrome-centric password manager setup is perfectly decent as a simple solution, and it’s right there and waiting.

To be clear, relying on the password manager built into your browser is much better than using no password manager at all. But that sort of setup has some distinct disadvantages compared to the standalone, third-party password manager programs we just went over — particularly for professionals or anyone who’s serious about security.

First, relying on a browser-integrated solution limits how and where you can access your credentials and have them reliably auto-fill outside of that one specific browser environment. And on a similar note, if you ever want to use a different browser, even just temporarily, you’re gonna be in a bit of a pickle.

More broadly, though, for as much as they’ve improved over the years, the browser-centric password setups still lack many of the more advanced security features the standalone password managers provide — particularly when it comes to business-oriented options like secure access sharing and administrative tools.

And more broadly yet, there’s something to be said from a security standpoint for not keeping all of your eggs in one basket. Your Google account likely already holds a large amount of sensitive and critical data. Adding every password for every other site and service you use into that same mix puts an awful lot of info behind one single gate — and unlikely as it is for that gate to be breached (given proper Google account security), it only increases your protection to keep that data locked up in a separate, equally secured environment.

Ah, yes: You may have noticed that some reasonably popular password managers are conspicuously absent from this list. That’s because 1Password and Bitwarden now most effectively address the needs for the vast majority of people, companies, and situations, and even other perfectly decent options don’t quite match the poise, polish, all-around user experience, and security promises those services deliver.

LastPass, most notably, lost its spot on the list largely because of our loss of confidence in the company behind it, as noted higher up in this story. But all security and customer communication concerns aside, the app has also stagnated for a number of years now, with little to no meaningful development or improvements, while its competitors have consistently moved forward with more modern-feeling, effective, and pleasant-to-use products on Android as well as on the various desktop platforms.

Dashlane works well on Android and on the desktop front and is a fine solution, but it’s less polished and pleasant to use than 1Password. It has a less intuitive, advanced, and contemporary-feeling interface on Android in particular, and it lacks the added Security Key layer of protection 1Password provides. Dashlane doesn’t offer native desktop apps, either, which means access to your credentials is limited to your browser when using the service on a computer.

Enpass, meanwhile, has an outdated-feeling and inelegant Android experience that pales in comparison to 1Password’s approach. It is relatively unusual in that it relies on your own cloud storage — in Google Drive, Dropbox, OneDrive, or other similar services — instead of providing its own self-contained solution. But the result is a clunkier and less intuitive experience and one that’s tough to recommend for most folks when better options exist.

Keeper is generally a commendable service and a reasonable alternative to 1Password, particularly when it comes to its business and enterprise management options. It’s just not as intuitive or pleasant to use on Android, once more, and there’s nothing about it that really sets it apart in any meaningful way that’d warrant an additional recommendation at this point.

Finally, there’s KeePass (and for the love of all things holy, make sure you capitalize that “P”). KeePass is a free, open-source password manager that relies on local software and optionally also your own self-hosted synchronization setup. That sort of arrangement can be great for the technically inclined who don’t mind taking on a project, but the service is clunky, complicated, and filled with potentially security-jeopardizing caveats — and it also doesn’t have any sort of official Android app, leaving you to choose from a variety of independently created clients with varying levels of poise, polish, and trustworthiness. Suffice it to say, that’s not exactly optimal, and it’s not something that’s easy to recommend to the masses or to anyone working in a corporate environment.

Beyond that, there’s a long list of also-rans — adequate but unexceptional apps that fail to stand out from the pack or to match the aforementioned titles in areas like feature availability, user experience, cross-platform support, and established trust.

That’s why 1Password and Bitwarden earn my current recommendations and are the Android password managers I’d advise you to turn to for your personal, family, or company use.

This article was originally published in April 2018 and most recently updated in February 2023.

http://www.computerworld.com/category/security/index.rss

Leave a Reply