I have so many passwords! One for Facebook and one for Twitter. One for Netflix and three for other streaming services. Four Google IDs, two Apple IDs, and one old Yahoo! ID. I pay all my bills online and have logins for a bunch of online stores and four banks. I use online fitness services and productivity apps, and my computers, phone, iPad, and even modems and routers all have passwords.

I’ve hardly scratched the surface. I have hundreds of passwords, some I use regularly and some almost never. If each one was a key, I’d look like a jailer at a high-security prison. It’s a hindrance, a frustration, and a burden. How can you keep track of so many passwords?

password manager for Mac

You can’t remember them all, and it’s dangerous to try. Why? Because you’ll be tempted to compromise on security by making them too simple, or reusing the same one. And if you write them down, you never know who might come across your list.

So use a password manager instead. There are a bunch of Mac password management apps available, and the list is growing. They’re not expensive—just a few dollars a month—and most are easy to use. In this guide, we’ll look at eight of the leading programs and help you decide which one is best for you.

Only LastPass has a free plan that most of us could use long-term, and it’s the solution I recommend to the majority of computer users. It’s easy to use, works on most platforms, doesn’t cost a cent and has many of the features the more expensive apps have.

If you want the best Mac password manager and are willing to pay for it, look at Dashlane, a relatively new app that has come a long way over the last few years. It has taken on many of the features of its competitors and has often done a better job. It looks great, works effectively, and comes with all the bells and whistles.

Those two apps are our winners, but that’s not to say the other six apps aren’t worth considering. Some have unique features and others focus on usability or affordability. Read on to learn which one is best for you.

Why Trust Me for This Guide?

My name is Adrian Try, I’ve been using computers since 1988, and Macs full time since 2009. I believe everyone can benefit from using a password manager. They’ve been making my life easier for over a decade and I recommend them.

In 2009 I started using LastPass’ free plan, and my life became much easier. It learned the login details of any new website I signed up for and automatically logged in to any site that asked for my password. I was sold!

Things went to another level when the company I worked for also started using the app. My managers were able to give me access to web services without me knowing the passwords and remove access when I no longer needed it. And when I left the job, there were no concerns about who I might share the passwords.

But eventually, I felt it was time for a change, and switched to Apple’s iCloud Keychain. That meant I had to commit to Apple. I already used a Mac, iPhone, and iPad, but now I had to switch to Safari as my main (and only) browser. Overall, the experience has been positive, though I don’t get all the features of the other apps.

So I’m keen to revisit the features and benefits that a Mac password manager provides and evaluate the best way forward. Is it time to switch to a different app, and which one should I choose? Hopefully, my journey will help you make your own decision.

Should You Use a Password Manager on Your Mac?

Every Mac user needs a password manager! It’s not humanly possible to keep all the strong passwords we use in our heads, and it’s not secure to write them down. Every year computer security becomes more important, and we need all the help we can get!

A Mac password manager app will ensure that a strong, unique password is automatically generated every time you sign up for a new account. All of those long passwords are remembered for you, made available on all your devices, and filled in automatically when logging in.

Beyond this, we regularly hear of popular websites being hacked and passwords compromised. How can you keep track if yours is still safe? The best password managers will find out and tell you automatically.

So if you’re not already using a password manager on your Mac machine, it’s time to start. Read on to discover what makes a good one.

Best Password Manager for Mac: Our Top Picks

Best Free Option: LastPass


LastPass is the only password manager to offer a usable free plan. It syncs all of your passwords to all of your devices and offers all the other features most users need: sharing, secure notes, and password auditing. The paid plan provides more sharing options, enhanced security, application login, 1 GB of encrypted storage, and priority tech support. It’s not as cheap as it used to be, but it’s still competitive.

LastPass is easy to use, and the focus is on the web app and browser extensions. There is a Mac app, but you probably don’t need it. This is in contrast with most other password managers that focus on desktop apps, sometimes at the neglect of the web interface. Read our full LastPass review.

LastPass works on:

  • Desktop: Windows, Mac, Linux, Chrome OS,
  • Mobile: iOS, Android, Windows Phone, watchOS,
  • Browsers: Chrome, Firefox, Internet Explorer, Safari, Edge, Maxthon, Opera.

The free plans of other Mac password managers are too restrictive to be used long-term by most users. They either limit the number of passwords you can store, or limit use to just one device. But most users today have hundreds of passwords that need to be accessed on multiple devices. LastPass has the only free plan able to provide this, plus everything else most people need in a password manager.

You can easily get your passwords into LastPass by importing them from a number of other password managers. These don’t import directly from the other app—you’re required to first export your data into a CSV or XML file. That’s typical of other password managers.

Once your passwords are in the app, your username and password will be filled in automatically when you reach a login page. But this behavior can be customized site-by-site. For example, I don’t want it to be too easy to log in to my bank, and prefer to have to type a password beforehand.


The password generator defaults to complex 12-digit passwords that are almost impossible to crack. You can customize the settings to meet your requirements.


The free plan allows you to share your passwords with multiple people one-by-one, and this becomes even more flexible with the paid plans—shared folders, for example. They’ll need to use LastPass too, but sharing this way brings many benefits. For example, if you change a password in the future you won’t need to notify them—LastPass will update their vault automatically. And you can share access to a site without the other person being able to see the password, which means they won’t be able to pass it on to others without your knowledge.


LastPass can store all the information you need for web forms and online purchases, including your contact details, credit card numbers and bank account details. These will be filled in automatically when required.

You can also add free-form notes. These receive the same secure storage and syncing that your passwords do. You can even attach documents and images. Free users have 50 MB of storage, and this is upgraded to 1 GB when you subscribe.


You can also store a wide range of structured data types in the app.


Finally, you can perform an audit of your password security using LastPass’ Security Challenge feature. This will go through all of your passwords looking for security concerns including:

  • compromised passwords,
  • weak passwords,
  • reused passwords, and
  • old passwords.

LastPass (like Dashlane) offers to automatically change the passwords of some sites. While Dashlane does a better job here, neither app is perfect. The feature depends on cooperation from the other sites, so while the number of supported sites is constantly growing, it will always be incomplete.

Best Paid Choice: Dashlane


Dashlane arguably offers more features than any other password manager, and these can be accessed just as easily from the web interface as the native applications. In recent updates, it has outpaced LastPass and 1Password in terms of features, but also in price.

Dashlane Premium will do everything you need except type the passwords for your Windows and Mac applications. It even throws in a basic VPN to keep you safe when using public hotspots. And it does all of this in an attractive, consistent, easy-to-use interface.

For even more protection, Premium Plus adds credit monitoring, identity restoration support, and identity theft insurance. It’s expensive—$119.88/month—and not available in all countries, but you may find it worthwhile. Read our full Dashlane review.

Dashlane works on:

  • Desktop: Windows, Mac, Linux, ChromeOS,
  • Mobile: iOS, Android, watchOS,
  • Browsers: Chrome, Firefox, Internet Explorer, Safari, Edge.

Like LastPass, Dashlane offers to give you a jump start by importing your passwords from a range of other password managers. Unfortunately, some of the options didn’t work for me, but I did manage to import my passwords successfully.


Once you have some passwords in your vault, Dashlane will start to fill in your login pages automatically. If you have more than one account on that site, you’ll be offered to choose the correct one.


Like LastPass, you can specify whether you should be logged in automatically, or asked for a password first.

When signing up for new memberships, Dashlane can assist by generating a strong, configurable password for you.


Password sharing is on par with LastPass Premium, where you can share both individual passwords and entire categories. You choose which rights to grant each user.

Dashlane can automatically fill in web forms, including payments. First, fill in the Personal Info and Payments (digital wallet) sections of the app, and the information will be filled in when completing forms or making purchases.


You can also store other types of sensitive information, including Secure Notes, Payments, IDs, and Receipts. You can even add file attachments, and 1 GB of storage is included with paid plans.


Dashboard has a number of security features that will warn you when you need to change a password: Security Dashboard and Password Health. The second of these lists your compromised, reused, and weak passwords, gives you an overall health score and lets you change a password with a single click.

The password changer didn’t work for me. I contacted the support team, who explained that it’s only available by default in the US, France, and the UK, but they were happy to enable it for this Australian user.

The Identity Dashboard monitors the dark web to see if your email address and password have been leaked due to one of your web services being hacked.

As an additional security precaution, Dashlane includes a basic VPN. If you don’t already use a VPN, you’ll find this additional layer of security reassuring when accessing the wifi access point at your local coffee shop, but it doesn’t come close to the power of full-featured VPNs for Mac.

Read on for a list of other Mac password manager apps that are worth considering.

Other Good Mac Password Manager Apps



1Password is a leading password manager with a loyal following. As a newcomer, the interface felt a little quirky to me at times, and since the codebase was rewritten from scratch a few years ago, it still lacks a few features it had in the past, including form filling and application passwords.

A unique feature of the app is Travel Mode, which can remove sensitive information from the app when you’re entering a new country. Read our full 1Password review.

1Password works on:

  • Desktop: Windows, Mac, Linux, Chrome OS,
  • Mobile: iOS, Android,
  • Browsers: Chrome, Firefox, Internet Explorer, Safari, Edge.

The first hurdle that a new user will encounter is that there is no way to import your passwords into the app. You’ll have to enter them manually or let the app learn them one-by-one as you log in to each website. Once you’ve added them, your login details will be automatically filled in. Unfortunately, this can’t be configured like it can with LastPass and Dashlane. There isn’t an option to force you to type a password first.

1Password can even autofill passwords on iOS (but not Android)—something not all of the competition can do. Whenever you create a new account, 1Password can generate a strong, unique password for you. By default, it creates a complex 24-character password that’s impossible to hack, but the defaults can be changed.

Unlike LastPass and Dashlane, password sharing is only available if you subscribe to a family or business plan. To share access to a site with everyone else on your family or business plan, just move the item to your Shared vault.


To share with certain people but not everyone, create a new vault and manage who has access.

1Password isn’t just for passwords. You can also use it to store private documents and other personal information. These can be stored in different vaults and organized with tags. That way you can keep all of your important, sensitive information in one place.

Finally, 1Password’s Watchtower will warn you when a web service that you use will be hacked, and your password compromised. It lists vulnerabilities, compromised logins, and reused passwords. One unique feature is that it also warns you when you’re not taking advantage of a site’s two-factor authentication.

McAfee True Key


McAfee True Key doesn’t have a lot of features—in fact, it doesn’t do as much as LastPass’s free plan. You can’t use it to share passwords, change passwords with a single click, fill in web forms, store your documents, or audit your passwords. But it’s inexpensive, offers a simple web and mobile interface, and does the basics well.

And unlike most other password managers, it’s not the end of the world if you forget your master password. Read our full True Key review.

True Key works on:

  • Desktop: Windows, Mac,
  • Mobile: iOS, Android,
  • Browsers: Chrome, Firefox, Edge.

McAfee True Key has excellent multi-factor authentication. Besides protecting your login details with a master password (which McAfee doesn’t keep a record of), True Key can confirm your identity using a number of other factors before it gives you access:

  • Face recognition,
  • Fingerprint,
  • Second device,
  • Email confirmation,
  • Trusted device,
  • Windows Hello.

What makes True Key unique is that if you forget your master password, you can reset it—after using multi-factor authentication to prove who you are. But note that this is optional, and the option is turned off by default. So if you’d like to be able to reset your password in the future make sure you enable it in settings.

You can get started by importing your passwords into the app, but only if they are in LastPass or Dashlane. If necessary, you can also add them manually. Unlike other apps, there’s no way to organize or categorize them.


After that, the app will fill in your username and password for you—but only if you use Chrome, Firefox or Edge. Other web browsers are not supported.

Like LastPass and Dashlane, you can customize each login with two additional options: Instant Log In and Ask for my Master Password. The first offers extra convenience, the second extra security.

In my experience, the password generator is not as reliable as other apps. It wasn’t always available through the browser extension when I needed it, and I’d need to navigate to the True Key website to create a new password.

Finally, you can use the app to store basic notes and financial information securely. But this is just for your own reference—the app won’t fill in forms or help you with online purchases.

Sticky Password


By comparison, Sticky Password is only a little more expensive than True Key but offers additional features. It’s not perfect: it looks a little dated, and the web interface does very little. Its most unique feature is security-related: you can optionally sync your passwords over a local network and avoid uploading them all to the cloud.

And if you’d prefer to avoid another subscription, you’ll appreciate being able to purchase a lifetime license for $199.99. Read our full Sticky Password review.

Sticky Password works on:

  • Desktop: Windows, Mac,
  • Mobile: Android, iOS, BlackBerry OS10, Amazon Kindle Fire, Nokia X,
  • Browsers: Chrome, Firefox, Safari (on Mac), Internet Explorer, Opera (32-bit).

Sticky Password’s cloud service is a secure place to store your passwords. But not everyone is comfortable storing such sensitive information online. So they offer something that no other password manager does: sync over your local network, bypassing the cloud altogether.

The Windows app can import your passwords from a number of web browsers and other password managers. Unfortunately, the Mac app can’t. You’ll either have to do that from Windows or enter your passwords manually.


Once you’ve done that, the app’s browser extension will automatically fill in your login details. There’s an option to “auto-login” without any action from you, but unfortunately, I can’t require that a password be entered before logging into my bank.

The password generator defaults to complex 20-character passwords, and this can be customized. You can store your personal and financial information in the app, and it will be used when filling in web forms and making online payments. You can also store basic notes for your reference. You’re unable to attach or store files in Sticky Password.

Password sharing is quite strong. You can share a password with multiple people, and grant each one different access rights. With limited rights, they can log in and no more. With full rights, they have complete control, and can even revoke your access!

Keeper Password Manager


Keeper Password Manager is a basic password manager with excellent security that allows you to add on the features you need. On its own, it is quite affordable, but those extra options add up quickly.

The full bundle includes a password manager, secure file storage, dark web protection, and secure chat. Read our full Keeper review.

Keeper works on:

  • Desktop: Windows, Mac, Linux, Chrome OS,
  • Mobile: iOS, Android, Windows Phone, Kindle, Blackberry,
  • Browsers: Chrome, Firefox, Internet Explorer, Safari, Edge.

Like McAfee True Key, Keeper gives you a way to reset your master password if you need it. They’re the only two password managers I’m aware of that allow this. You’ll be asked to set up a security question as part of the sign-up process, and that can be used to reset your master password when necessary. Be secure: make sure you don’t choose a predictable question and answer! If you don’t, that’s a potential security hole.

If you’re concerned that someone might try to access your account, you can turn on the app’s Self-Destruct feature. All of your Keeper files to be erased after five login attempts.

It’s easy to get your passwords into Keeper. I found the import process very straightforward.


Like other apps, your login credentials will be auto-filled. If you have a number of accounts at that site, you can choose the correct one from a drop-down menu. Unfortunately, you can’t specify that a password needs to be typed to access certain sites.

When you need a password for a new account, the password generator will pop up and create one. It defaults to a 12-character complex password, and this can be customized.

Application passwords can be filled in as well, both on Windows and Mac. Keeper is the only app to offer this feature to Apple users. This is achieved by defining hotkeys to fill in the username and password, and I found the whole process to be quite fiddly.

Password sharing is full-featured. You can share either individual passwords or complete folders, and define the rights you grant each user individually.

Keeper can auto-fill fields when filling in web forms and making online payments. It uses the information you added to the Identities & Payments section of the app.

Documents and images can be attached to any item in Keeper Password Manager, but you can take this to another level by adding additional services. The KeeperChat app ($19.99/month) will let you share files securely with others, and Secure File Storage ($9.99/month) gives you 10 GB to store and share sensitive files.

The basic plan includes Security Audit, which lists weak and reused passwords, and gives you an overall security score. To get this, you can add BreachWatch for an additional $19.99/month. It can scan the dark web for individual email addresses to see if there has been a breach, and warn you to change your passwords when they have been compromised.

Here’s a bonus. You can run BreachWatch without paying for a subscription to discover if a breach has occurred, and if so subscribe so you can determine which passwords need to be changed.



RoboForm is the original password manager, and it feels like it. After two decades the apps feel a little dated and the web interface is read-only. Accomplishing anything seems to take a few more clicks than with other apps, but it’s affordable and includes all of the features you need.

Long-term users seem quite happy with the service, but new users may be better served by another app. Read our full RoboForm review.

RoboForm works on:

  • Desktop: Windows, Mac, Linux, Chrome OS,
  • Mobile: iOS, Android,
  • Browsers: Chrome, Firefox, Internet Explorer, Safari, Edge, Opera.

You can get started with RoboForm by importing your passwords from a web browser or other password manager. Alternatively, the app will learn them each time you log in, but you can’t enter them manually. Unfortunately, an error occurred when I tried to import my Chrome passwords, but my Keeper passwords were added successfully.

When you navigate to a website that RoboForm knows about, the login details aren’t filled in automatically for you like they are with other password managers. Instead, click on the browser extension icon and select the appropriate login details. If you have several accounts with that website, you’ll have a number of options to click on. On Windows, RoboForm can fill in application passwords as well.

The app’s password generator works well, and defaults to complex 16-character passwords. As with other apps, this can be customized.


RoboForm is all about filling in web forms, and it does a pretty good job, though I didn’t find it better than other apps in this review. I was surprised that some of my credit card details weren’t filled in when making an online purchase. It seems the problem was that the Australian website labeled the fields differently than in the US, but that didn’t stop other apps such as Sticky Password from filling them in successfully the first time.

The app allows you to quickly share a password with others, but if you want to define the rights you grant them, you’ll have to use shared folders instead.

The SafeNotes feature allows you to securely store your sensitive information. But this is for text-based notes only, and file attachments are not supported.

Finally, RoboForm’s Security Center rates your overall security and lists weak and reused passwords. Unlike LastPass, Dashlane and others, it won’t warn you if your passwords have been compromised by a third-party breach.

Abine Blur


Abine Blur is a privacy service with an integrated password manager. It provides ad tracker blocking and masking of your personal information (email addresses, phone numbers, and credit cards), as well as quite basic password features.

Due to the nature of its privacy features, it offers the best value to those living in the United States. Read our full Blur review.

Blur works on:

  • Desktop: Windows, Mac,
  • Mobile: iOS, Android,
  • Browsers: Chrome, Firefox, Internet Explorer, Opera, Safari.

With McAfee True Key, Blur is one of the only password manager that let you reset your master password if you forget it. It does this by providing a backup passphrase, but make sure you don’t lose that too!

Blur can import your passwords from your web browser or other password managers. I found the process straightforward. Once in the app, they’re stored as one long list—you’re unable to organize them using folders or tags.

From then on, Blur will automatically fill in your username and password when logging in. If you have a number of accounts at that site, you can choose the correct one from a drop-down menu. However, you can’t customize this behavior by requiring a password to be typed when logging in to certain sites. Blur really does focus on just the basics.

With the browser extension installed, Blur will offer to create a strong password right on the new account web page. It defaults to complex 10-character passwords, but this can be customized.

The Wallet section allows you to enter your personal information, addresses, and credit card details that will be filled in automatically when making purchases and creating new accounts. But Blur’s real strength is its privacy features:

  • ad tracker blocking,
  • masked email,
  • masked phone numbers,
  • masked credit cards.

Masking provides an effective way to protect yourself from spam and fraud. Instead of giving your real email addresses to web services you may not trust, Blur will generate real alternatives, and forward email to your real address temporarily or permanently. The app can give a different address to each person, and keep track of it all for you.

The same principle applies to phone numbers and credit cards, but these aren’t available to everyone worldwide. Masked credit cards only work in the United States, and masked phone numbers are available in 16 other countries. Be sure to check which services are available to you before making a decision.

How We Tested These Mac Password Manager Apps

Available on Multiple Platforms

You need your passwords on every device you use, so carefully consider which operating systems and web browsers are supported by the software. Since most offer a web app, you shouldn’t have problems with any desktop operating system. They all work on Mac, Windows, iOS, and Android, so most people are well covered, and most (except True Key and Blur) also work on Linux and Chrome OS.

Some apps have versions for less common mobile platforms:

  • Windows Phone: LastPass,
  • watchOS: LastPass, Dashlane,
  • Kindle: Sticky Password, Keeper,
  • Blackberry: Sticky Password, Keeper.

You also need to make sure the app works with your web browser. All work with Chrome and Firefox, and most work with Safari and Internet Explorer (not True Key) and Edge (not Sticky Password or Blur).

Some less common browsers are supported by a few apps:

  • Opera: LastPass, Sticky Password, RoboForm, Blur
  • Maxthon: LastPass

Ease of Use

I found all of the apps quite easy to use, but some are easier than others. McAfee True Key, in particular, focuses on ease-of-use, and as a result offers fewer features. But I didn’t find it to be significantly easier than other apps like LastPass and Dashlane. Keeper and RoboForm allow you to use drag-and-drop to organize passwords into folders, which is a nice touch.

However, I did find that some apps had quite a dated interface that sometimes required extra steps. RoboForm’s interface feels as old as it is. Compared with other apps it requires a little extra clicking and is a little less intuitive. I found that entering personal details into Sticky Password was more work than it needs to be, and the Mac version lacks some important features.

Password Management Features

The basic features of a password manager are to securely store your passwords on all of your devices and log in to websites automatically, and to provide strong, unique passwords when you create new accounts. All password apps include these features, but some are better than others. Two other important features that most of the apps cover secure password sharing, and a security audit that warns you when your passwords need to be changed.

All of the apps in this review strongly encrypt your data and don’t keep a record of your password. That means that they don’t have access to your data so even if they were hacked your passwords would not be exposed. It also means that in most cases if you forget your master password the company won’t be able to help you. True Key and Blur are the only exceptions, so keep that in mind if that’s a feature you might find handy. All of the apps we review offer some form of two-factor authentication (2FA), which provides an extra level of security by requiring more than your password to log in.

Here are the features offered by each app.

password manager feature comparison


  • All apps automatically fill in your log in details, but three services offer some useful options: the option to completely log in automatically so you don’t even have to click a button, and the option to require that your master password is typed before logging in. The first just makes life easier, and the second gives extra security when logging into bank accounts and other sites where security is most important.
  • Sharing passwords via an app is more secure than doing it via text message or on notepaper, but requires that the other person use the same app. 1Password only offers this feature in its family and business plans, and True Key and Blur don’t offer it at all.
  • A security audit checks for weak, reused and old passwords, as well as passwords that may have been compromised when a site you use was hacked. True Key and Blur don’t offer this feature, and Sticky Password doesn’t check for hacked passwords. Neither does Keeper unless you add the BreachWatch service as an additional paid subscription.

Additional Features

Since you’ve been provided with a convenient, secure place to store sensitive information, it seems a waste to just use it for your passwords. So most apps take it to the next level, allowing you to store other personal information, notes, and even documents securely.

And websites aren’t the only place you need to enter passwords—some applications also require you to log in. A number of apps try to help here, but none do an amazing job. And finally, two apps add features to further enhance your privacy.

Here are the extra features each app offers:

Password Manager Additional Features


  • All but two apps fill in web forms, including the ability to fill in credit card numbers when making online purchases. 1Password used to do this, but the feature hasn’t been added back since the rewrite. And True Key has a focus on simplicity, so it offers very few additional features.
  • Four apps can fill in passwords on Windows apps, and only Keeper tries to do the same on Mac. I didn’t find this feature to be all that useful, but it’s nice that it’s there.
  • Many apps allow you to store additional information and even images and documents in the app. That’s convenient for storing your driver’s license, social security number, passport, and other sensitive information/documents that you’d like to be handy but protected from prying eyes.
  • Dashlane includes a basic VPN to protect your privacy and security when using public wifi hotspots. Abine Blur has a huge focus on privacy, and provides a range of additional features such as masked email addresses, phone numbers, and credit card numbers, and blocks ad trackers.


This category of software isn’t expensive (it ranges from 5-16 cents/day), so price probably won’t be the determining factor in your decision. But if it is, you’ll get better value by going free rather than cheap. LastPass’s free plan will meet most people’s needs, and contains better value than most of the more affordable paid plans.

Though all of the websites advertise monthly subscription costs, all require you to pay for 12 months in advance. Here are the yearly subscription prices for each service:


  • Only LastPass has a usable free plan that lets you store all of your passwords on all your devices.
  • If you prefer to avoid another subscription, only Sticky Password has an option to purchase the software outright (for $199.99) and avoid subscriptions. 1Password also used to offer the purchase of a license, but I can no longer find it mentioned on their website.
  • Keeper has a usable affordable plan, but doesn’t have all the features of the competition. You choose the features you want by adding on additional subscriptions, but that can become expensive.
  • Family plans offer excellent value. By paying a little more (typically double), you can cover your entire family (typically 5-6 family members).
Password Manager pricing comparison

What You Need to Know about Mac Password Manager Apps

You Need to Commit

How do you get the most out of a password manager for Mac? Commit. Choose one good app and use it every time on every device. Otherwise, if you continue to try to remember some of your passwords, you’re unlikely to change your bad habits. So give up and learn to trust your app.

That means you need an app that will work on every device you use. Your computers at home and at work, your phone and tablet, and any computer you may use casually from time to time. You need an app you can rely on. It needs to work wherever you are, every time.

So the best password manager for Mac will also work on Windows and on your phone, whether that be an iPhone, Android phone, or something else. And it should have a functional web interface if you need to access a password from somewhere unexpected.

The Danger is Real

Passwords keep people out. Hackers want to get in anyway, and it’s surprisingly quick and easy to get past a weak password. According to a password strength tester, here’s how long it would take to break a few passwords:

  • 12345: instantly,
  • password: instantly,
  • passw0rd: still instantly!
  • obnoxious: 9 minutes,
  • lifeisabeach: 4 months,
  • ob!NOX@ious#: 26 thousand years,
  • 2Akx`4r#*)=Qwr-{#@n: 14 sextillion years.

We don’t really know how long it would take to crack them—it depends on the computer being used. But the longer and more complex a password, the longer it will take. The trick is to choose one that takes more time to crack than the hacker will be willing to invest. Here’s what LastPass recommends:

  • Use a unique password for each account.
  • Don’t use personally identifiable information in your passwords like names, birthdays and addresses.
  • Use passwords that are at least 12 digits long and contain letters, numbers, and special characters.
  • To create a memorable master password, try using phrases or lyrics from your favorite movie or song with some random characters added unpredictably.
  • Save your passwords in a password manager.
  • Avoid weak, commonly used passwords like asd123, password1, or Temp!. Instead, use something like S&2x4S12nLS1*, JANa@sx3l2&s$, 49915w5$oYmH.
  • Avoid using personal information to answer security questions—anyone can find out your mother’s maiden name. Instead, generate a strong password with LastPass and store it as the answer to the question.
  • Avoid using similar passwords that differ by just a single character or word.
  • Change your passwords when you have a reason to, like when you’ve shared them with someone, a website you use has been breached, or you’ve been using it for a year.
  • Never share passwords via email or text message. It’s more secure to share them using a password manager.

That first recommendation is important, and some celebrities recently learned it the hard way. In 2013 MySpace was breached, and the passwords of millions of people were compromised, including Drake, Katy Perry, and Jack Black. The bigger problem was that these celebrities used the same password on other sites. Hackers were able to access Katy Perry’s Twitter account and send out offensive tweets, and leak an unreleased track. Even Facebook’s Mark Zuckerberg had his Twitter and Pinterest accounts hijacked. He was using the weak password “dadada”.

Password managers are a big target for hackers, and LastPass, Abine, and others have been breached in the past. Fortunately, due to their security precautions, the password vaults were not able to be accessed, and the companies were quick to respond with fixes.

The Price of Freedom is Eternal Vigilance

Don’t think of a password manager as an easy fix. Too many people who use password managers still use weak passwords. Fortunately, many of these apps will perform a security audit and recommend password changes. They will even warn you when a site you use has been hacked so you know you need to change your password.

But there’s more than one way to get your passwords. When private iPhone photos of celebrities were leaked a few years ago, it wasn’t because iCloud was hacked. The hacker tricked the celebrities into giving their passwords through a phishing attack.

The hacker emailed each celebrity individually, posing as Apple or Google, claimed that their accounts had been hacked, and asked for their login details. The emails looked genuine, and the scam worked.

So make sure that your password isn’t all that’s required to log into your accounts. Two-factor authentication (2FA) ensures that hackers won’t be able to access your account even if they have your username and password. A second layer of security is required—say a code sent to your smartphone—before access is granted.

Final Thoughts

A password manager is a secure web service that will learn and remember every password and username you have, make them available on every device you use, and automatically type them for you when you log in. That’s smart and takes the pressure off you and your memory. Now there’s nothing stopping you from using long, complex passwords because you don’t need to remember them. Well, you do have to remember one: your password manager’s master password.

But don’t forget this: your web browser already remembers your passwords!

You might already be using your web browser—say Chrome, Firefox or Safari—to store your passwords and generate new ones. After all, they’ll often pop up a message offering to save your passwords for you.

You may be wondering whether it’s worth switching to a dedicated Mac password manager app. The answer is a clear “Yes!” The first reason is security, though the holes are slowly being filled.

As outlined in a TechRepublic article, it’s too easy for others to gain access to your passwords when stored in a browser:

  • Firefox will display them without even asking for a password unless you take the time to create a master password first.
  • Although Chrome will always ask for a password before displaying your saved passwords, there’s an easy workaround to bypass it. However, Chrome’s new Smart Lock suite makes passwords much more secure.
  • Safari is safer because it will never display your passwords without first typing a master password.

But beyond security, using your web browser to store your passwords is quite limiting. While you may be able to sync your passwords onto other computers, you can only access them from that one browser. You also don’t have a secure way to share them with others, and you miss out on most of the convenience and security features we cover in this review.

If you’re an Apple user, iCloud Keychain goes a long way to address these concerns, but only if you remain in the Apple ecosystem and limit yourself to the Safari browser. I know, I’ve been using it for the last few years. But there are still strong reasons to use a dedicated Mac password manager instead.