How We Test Password Managers | PCMag
Skip to Main Content
PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.
(Credit: René Ramos)
A strong, unique password for every account is a must in the age of constant data breaches, but remembering all your login credentials is borderline impossible without help from a password manager. A good password manager stores your credentials and helps you improve security by generating new, random passwords, all protected by a strong master password. At PCMag, we test each password manager's functionality, ease of use, and extra features, while examining the data-collection terms outlined in the privacy policy and noting the company's transparency following security incidents. Read on for more about our testing process.
What Is a Password Manager, and Why Do I Need One? Our Testing CriteriaAt the heart of every review is the question, "Does it work as advertised?" Reviews in the best password manager category aim to answer that question while addressing common concerns people have when adopting or switching to a password manager. When we evaluate a password manager app, we test it to ensure it can capture and replay credentials, store sensitive data in an encrypted vault, fill in web forms, and create new, unique passwords. In addition to the functionality tests, we examine the following:The product’s multi-factor authentication options.The company's default password generation policy.The company's data security policies and white papers.The company's public response to past security incidents.The app's price compared with similar products in the category.The app's additional features and aesthetics.The company's customer support options.In short, if a password manager captures and manages credentials but doesn't do much to protect your data or fails to alert you when it is at risk in a breach, it won't warrant a strong recommendation from PCMag. Hold Companies AccountableAs reviewers, we consider more than software performance when testing products. We also consider your privacy and safety during the evaluation and scoring process.Data breaches occur daily, putting millions of people at risk of an account takeover or identity theft if they still use their old, guessable passwords. Password management company employees are significant targets for malicious hackers. These companies must prioritize customer safety by adopting zero-trust policies and having plans to alert users when a data breach occurs and tell them how to protect their accounts.It's our job at PCMag to hold companies accountable for safeguarding your privacy and online security. That's why we don't rely solely on objective measurements when calculating scores for our software reviews. Instead, we combine subjective elements, such as comments about the app’s aesthetic features and our informed opinions about data collection practices, with objective commentary regarding the app’s functionality to give readers a more accurate review on which to base buying decisions.You may not always agree with our scores or opinions about password management products, and that's OK. We want you to form your own opinions about the apps we review, and we strive to provide plenty of information about our experiences using the software to facilitate that.
What Is Two-Factor Authentication? Compare Pricing and PlansWhen we compare prices among password managers, we state the price for the version we test. Many password management services offer discounts for new subscribers or long-term rates, but PCMag strives to report the base-level price for each service. We encourage you to take advantage of free trials to find out if you need a premium password manager or if a free one will suffice. Highlight Security FeaturesAs long as a password manager securely stores your data, fills in your stored data all around the web, and creates complex, long, and unique passwords for your new and updated vault entries, it's a working password manager. Some password management companies now offer additional features to differentiate themselves in a crowded market and justify higher subscription prices. In PCMag's password manager reviews, we focus on security-related features that enhance the product. Some features have clear value for many readers, and we note them in each review and reward companies that offer innovative, practical solutions.
(Credit: NordPass/Proton/PCMag)
Perks such as file storage, password inheritance options, and secure credential sharing are welcome inclusions at all levels of password management. Data breach monitoring, email masking, password hygiene tools, or VPN access are all additional features we like to see.In the age of near-constant data breaches, controlling access to encrypted and unencrypted data is wise. In our reviews, we highlight companies that offer customers options for data storage beyond the company's cloud servers. Some password managers allow customers to store their data locally on their devices or on a third-party cloud server.Document the Testing ExperienceMany resist adopting a password manager because they don't want to learn to use another app. In every review, we highlight how easy each app is to get started with and to switch between password management products. Password managers should be designed for people with all levels of technical expertise, so we prefer products that require minimal setup or include optional tutorials.
(Credit: NordPass/PCMag)
We also want to see attractive app interfaces for password management applications. Vaults containing endless file trees or outdated designs are harder to navigate quickly. Password managers don't need to be slick and futuristic, but their interfaces should make them easy to use. Examine Password Generator ProtocolsEvery password manager we test includes a random password generator. At PCMag, we recommend that readers use a random password generator to create passwords that are at least 20 characters long and include a mix of lowercase and uppercase letters, digits, and special characters. Recommended by Our Editors How We Test Everything We Review How We Test Antivirus and Security Software How We Test VPNs
(Credit: Keeper/PCMag)
Many of the password managers we test create weaker passwords by default. Since you don't have to remember each complex password generated, you should change the password generator's settings to include the above-mentioned parameters. Peruse Privacy PoliciesWhen we review password managers, we also read their privacy policies. We want to know what data the company collects about its customers and how it uses that data. We also want to know how the company responds to requests for data from governments and law enforcement entities. Any company can lie to the public in its privacy policy, though the consequences of being caught would be dire. We ask companies about app privacy policies and publish the responses in our reviews.Note Customer Support OptionsOver the years, we've received a lot of helpful feedback from readers about the kinds of testing they're looking for when making buying decisions. Customer service and customer support are areas where some companies shine, and others flounder. In our password manager reviews, we note whether a company provides assistance via chatbot, email, live human assistance, or phone. What happens when you want to switch to a new password manager? What if you don't pay your subscription fee? In our newest reviews, we walk you through the account deletion process and, in some cases, the subscription cancellation process, and describe how easy or difficult we find each to be. Evolve Our Password Manager TestingWe want our reviews to be helpful to as many people as possible, so we don't include a lot of technical jargon. We also don't ask companies to share internal details about their applications that competitors or criminals could misuse. We aim to help you make the best buying decisio