In a recent post, I talked about the need to replace passwords with more secure forms of authentication. While the industry is taking steps in this direction, a truly passwordless future is several years away. In the meanwhile, good password hygiene is of utmost importance to reduce our exposure and resulting data loss.
While there are different streams of thought on password hygiene, I believe that the best password is one you don't know have to remember. Barring a handful of passwords (social accounts used for recovery, critical financial institutions, device passwords and, of course, the master password used to unlock the database), you should consider a password manager for everything else. Are you a techno-enthusiast, early adopter who loves to sign up for new services? You most definitely should use one. Modern password managers are generally secure, easy to use, sync across devices; overall, a much better bet than remembering passwords.
The table below explores standalone personal solutions only, and excludes native options offered by OS/browser vendors e.g. Apple iCloud Keychain or Google Password Manager. It also ignores Enterprise or Business features and pricing plans, as well as dedicated corporate solutions like Hashicorp Vault. Granted, this list does not cover all the password managers out there, but it would be my short list of options if I were searching for one today.
So, what's the verdict? Clearly, each option has strengths and weaknesses, and your decision will boil down to your use cases, pricing or must-have features. LastPass is very easy to use and has a generous free tier, but has been plagued by security issues recently. 1Password is quite popular among security enthusiasts, but does not offer a free tier. Bitwarden is open-source and offers a free as well as an affordable premium tier. Finally, if you do not want to sync passwords over the internet and prefer a local database, KeePassXC offers a good open-source option.