Question Best password manager ( Free & Paid ) & why ?

Please provide comments and solutions that are helpful to the author of this topic.

reystar

Level 3
Verified
Feb 4, 2014
106
1Password. Simply the best. Period!
I've tried everything, literally everything. 1Password is the most robust, i've been using it for almost 9 years now. The guys are builders. Never been breached before too, but even if they get ever breached on top of you Master Password you have their Private Seed Phrase and on top of that i have a Yubikey.

The apps are amazing, fluid, well designed and they keep updating them all the time

It's simply the best app i've ever used on any category, imo, 35$ or so / year its nothing for such a quality and polished app.
 

Game Of Thrones

Level 7
Verified
Well-known
Jun 5, 2014
319
1Password. Simply the best. Period!
I've tried everything, literally everything. 1Password is the most robust...
exactly, nothing beats them in paid market. there is 1password and there are others. i tested every password manager read their whitepaper thoroughly , others like bitwarden proton etc are toys compared to it.their response to security vulnerability is the best in industry, they are getting audited many times per year. the form filling and password fields detection is the best iv seen many websites that nearly all password managers had problem but not 1password
 

lokamoka820

Level 27
Verified
Well-known
Mar 1, 2024
1,642
Can you recommend KeePass plugins/extensions to make it act exactly as KeepassXC? I'm asking because there are too many plugins/extension/clients, and I don't know what to trust, after all it is a password manager, and you have to add something tested and trusted to extend its functionality.
UPDATE:

After testing many plugins on KeePass, I found those gave me the best usability I needed:

2025-03-11 at 06-01-47 KeePass.png

@ErzCrz, do you know any security/privacy issues with these plugins based on your experience?
 
  • Like
Reactions: n8chavez

ErzCrz

Level 24
Verified
Top Poster
Well-known
Aug 19, 2019
1,323
UPDATE:

After testing many plugins on KeePass, I found those gave me the best usability I needed:

View attachment 287938

@ErzCrz, do you know any security/privacy issues with these plugins based on your experience?
Nice. I haven't noticed any security or privacy issues. I have explained above in post 108 how to use the built-in TOTP which I discovered. The only plugin I'm currently using is the Early Update check ;)
 
  • Like
Reactions: lokamoka820

IceMan7

Level 3
Mar 19, 2025
140
I use Bitwarden for many security reasons plus it is open source
1. Cloud on Microsoft servers is not really secure. ,
2. What does it matter that it's open source? I recently read an interview where even those who check software and issue a certificate don't review all the software because it's too time-consuming for them.
3. Brave is open source and despite that, it's still earned its share of failures recently.
4. Bitwarden is the most popular right now and will probably be the first to be attacked like LastPass.

The most secure is local KeePass/XC. Passwords are only yours and not in the cloud at someone else's service.

That's my opinion. But it's known that sometimes due to convenience (because the cloud) many people forget about security or falsely believe assurances.
 
  • Like
Reactions: Game Of Thrones

lokamoka820

Level 27
Verified
Well-known
Mar 1, 2024
1,642
Nice. I haven't noticed any security or privacy issues. I have explained above in post 108 how to use the built-in TOTP which I discovered. The only plugin I'm currently using is the Early Update check ;)
Thanks. I tried to use the built-in TOTP, but it was not convenient as the plugin, it didn't remove spaces in secret codes by default, it gives error until I remove spaces manually.
 
  • Like
Reactions: ErzCrz

IceMan7

Level 3
Mar 19, 2025
140
But bitwarden can he self-hosted. That way you have the best of both worlds.
California USA Headquarters. Certainly the best in the world ;) NSA, CIA, FBI... it's definitely a safe place for passwords :] And of course, by law in the USA they don't have any lock picks
You might as well email them the passwords as you would Google Password Manager ;)
I'm not defending. Everyone uses what they want. We have freedom. I'm just pointing out certain things.
 

Back3

Level 14
Verified
Top Poster
Apr 14, 2019
684
I use KeePass as a vault for all my passwords. On my PC, I use Proton in my browsers. On my iPhone, I prefer Apple's password manager, which I find user-friendly.

Last week, I assisted my brother-in-law in securing his passwords. He had stored 42 passwords in his Apple password manager, but 30 of them were insecure. Among those, 15 consisted of only 5 characters, and he was using the same password for multiple accounts, including his bank account. It took me two hours to resolve everything. He was unaware of the existence of his password manager and had no idea how to use it. I’ve done the same task for five friends, and encountered the same issues each time.
 

IceMan7

Level 3
Mar 19, 2025
140
I can never get around to it :) I admit that I installed KeepassXC on my computer about 6 months ago. But I haven't started it yet :D It will definitely be my vault of all passwords.
So far, I've only been using Apple's manager on my iPhone for years, but only for applications that I have installed on my phone or where I log in from my phone.
For today, old school - a notebook :D
More managers that are unnecessary in my opinion than these two. KeepassXC will probably be backed up in the Proton cloud and on a pendrive or external drive. Of course, packed and password-locked.

BTW The passwords that I won't save in the password manager are - Apple account for iPhone, email, computer login password, bank password.
 

n8chavez

Level 21
Well-known
Feb 26, 2021
1,066
California USA Headquarters. Certainly the best in the world ;) NSA, CIA, FBI... it's definitely a safe place for passwords :] And of course, by law in the USA they don't have any lock picks
You might as well email them the passwords as you would Google Password Manager ;)
I'm not defending. Everyone uses what they want. We have freedom. I'm just pointing out certain things.

Um...I don't think you know what the term "self-hosted" means.
 

IceMan7

Level 3
Mar 19, 2025
140
Looks like a nice setup. Does Proton Drive reliable enough now to replace Microsoft OneDrive on Windows, or Mega will be a better option?
I don't know yet. I don't use Microsoft or Google cloud. For obvious reasons. If I had to choose the least evil, I would choose iCloud.
Passwords need to be backed up somewhere. So I would do it on the Proton cloud. And additionally on a pendrive or external drive.

Generally, I'm not in favor of keeping anything in the cloud, so I keep very little there. Your own drive is your own drive.
But I don't use ProtonPass and I don't intend to. I have email and VPN (free) from Proton. Two services are enough. You can't put all your eggs in one basket. That's my rule.

Apart from Proton VPN, I also use Windscribe sometimes.
I provided the password manager - KeepassXC (computer) and Keychain from Apple (iPhone). Mail on Proton and the provider of one of the portals in my country. Generally, I try not to have diversified services in one bag, I avoid Google services and if I ever switched to Mac, I would also free myself from Microsoft ;)

But these are my rules. Everyone does as they like and on their own responsibility ;)
 
  • +Reputation
Reactions: lokamoka820

Kaffee4Eck

Level 2
Verified
Dec 6, 2015
51
Bitwarden / Vaultwarden — Why?
Quite simple: because you can self-host it, everything is fully encrypted, and you have the ability to sync multiple instances, allowing you to set up failover scenarios. Most importantly, you remain in full control of your credentials and data—no third-party dependency, no compromise on privacy.

You can also easily install and set it up on a VPS, and for example, synchronize it with a self-hosted Docker instance at home. This allows for flexible, secure deployment while maintaining full control over your data.
 

IceMan7

Level 3
Mar 19, 2025
140
I don't know why people are so naive. I guess they know perfectly well that if it's open source and free, Bitwarden will probably be so great. VPNs were also supposed to be so safe, but then it turns out that almost everyone openly or covertly collects something. Bitwarden is an American company that uses the American Microsoft cloud. Even if someone sets up a cloud themselves (you can self-host it), the program is still written by an American company. And an American company (like a Chinese one) means no privacy. I don't even trust the praised Proton, but I would save passwords there faster than in Bitwarden. But that's none of my business. Let others live in the illusion that free American software gives them a guarantee that their passwords remain private. I don't care.
 

Kaffee4Eck

Level 2
Verified
Dec 6, 2015
51
I don't know why people are so naive. I guess they know perfectly well that if it's open source and free, Bitwarden will probably be so great. VPNs were also supposed to be so safe, but then it turns out that almost everyone openly or covertly collects something. Bitwarden is an American company that uses the American Microsoft cloud. Even if someone sets up a cloud themselves (you can self-host it), the program is still written by an American company. And an American company (like a Chinese one) means no privacy. I don't even trust the praised Proton, but I would save passwords there faster than in Bitwarden. But that's none of my business. Let others live in the illusion that free American software gives them a guarantee that their passwords remain private. I don't care.
I completely understand your skepticism — especially when it comes to U.S.-based software companies and cloud services. Trust, in the world of privacy and security, should never be blind — and questioning even open-source solutions is not only fair but healthy.

However, in the case of Bitwarden and especially Vaultwarden (the community self-hosted variant), there are important distinctions to be made:


Why Bitwarden/Vaultwarden can still be secure and private — even if based in the U.S.:


  1. Zero-Knowledge Encryption by Design
    • All data is encrypted client-side (locally in your browser/app) using well-vetted cryptographic standards (e.g. AES-256, PBKDF2, Argon2).
    • Bitwarden (and Vaultwarden) servers never see unencrypted data, including your master password or vault contents.
  2. Open Source Codebase
    • The entire codebase is public, regularly audited, and reproducible.
    • Anyone can inspect, compile, or even fork it. It’s not "trust us", it’s trust but verify.
  3. Self-Hosting Removes the Cloud Trust Factor
    • Vaultwarden can be hosted entirely offline or behind firewalls.
    • There is zero dependency on Bitwarden.com or Microsoft Azure if you don’t want it.
    • All secrets stay within your infrastructure, under your full control.
  4. Audits & Cryptography Standards
    • Bitwarden undergoes regular third-party security audits, with public reports (e.g., from Cure53).
    • No known backdoors, no "silent" data exfiltration.


Addressing the “American Company = No Privacy” point:​


You're absolutely right that U.S. law (like FISA, CLOUD Act) can compromise data privacy for cloud-hosted U.S. services.
But Vaultwarden:

  • does not rely on any U.S. infrastructure if self-hosted
  • does not transmit cleartext data
  • and is fully auditable, even if the original repo is U.S.-based.
So unless a mathematical backdoor is introduced (which would be publicly detectable), even U.S. jurisdiction can’t decrypt locally encrypted data.


Compared to Proton?​


Proton is excellent — but it’s closed-source in parts, relies on Swiss jurisdiction (which is great), but also still has to comply with court orders if forced.
Bitwarden gives you more control if self-hosted, not less.


TL;DR:​


No software is perfect, but Vaultwarden combines zero-knowledge encryption, full open-source transparency, and self-hosting freedom — a rare trio.
If configured properly, it's more private than 99 % of commercial password managers, regardless of national origin.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top