Having a good password manager is more and more important these days. With passkeys on the rise, there is basically no way around a solid way to securely store your credentials. And even if it will still take some time for most services to offer passkeys, you can use a password manager to create unique and strong passwords right now.

The big 2022 LastPass hack made clear that even password managers aren't always safe. That's why it's important to stay up to date with the current state of password managers and to make sure you choose an option that suits you both when it comes to features and when it comes to its security model. We're here to help you, and with this list, we want to give you a fine selection of the best password managers out there that are a perfect fit for your favorite Android phone.

While you're at it, you should also get a trusty two-factor authentication app. Even the best passwords can be phished or hacked, so in addition to having individual passwords for all of your accounts, you should also protect as many as possible with a second factor other than just the password. Note that this isn't a requirement for passkeys. They have multiple factors built in by design and usually don't require another factor.

1 Bitwarden

The best free and open-source option for everyone

bitwarden-logo-thumb
Bitwarden
Individual pricing
Free / $10 per year
Group pricing
$40 per year for up to 6 people
2FA storage and autofill
☑️ Yes (paid version)
2FA login
✅ Yes
Key highlights
Optional Android accessibility service to augment regular autofill
Platforms
Android, iOS, Windows, macOS, Linux, web, browser extension
Passkey support
☑️ Yes (browser extension only)

Bitwarden is the go-to solution if you want an all-around reliable, secure, and affordable password manager. Its free tier offers all the basic features you need. You can store an unlimited number of credentials and use Bitwarden across as many devices as you'd like. It's also possible to secure your login with a 2FA app.

The service is available across all platforms you might use, including Linux. On Android, Bitwarden is one of only a few password managers that still offers an accessibility autofill option in addition to Android's native autofill option, which is more useful than you might think. Some apps still don't properly work with the native autofill solution years after it was introduced. The accessibility service steps in when this happens, helping you autofill these services, too.

At the time of writing, Bitwarden only supports passkeys in its browser extension, though they are supposed to come to its iOS and Android apps soon.

Bitwarden isn't great when it comes to standalone desktop autofill. The service only supports autofill through its browser extensions, and the Bitwarden desktop app you can install essentially only serves as a vault you can copy and paste information from. If you routinely use desktop apps that you need to sign into, this isn't convenient. One other downside is that Bitwarden's interface looks a bit dated compared to other options here, though this should be the least of your concerns when it comes to security.

When it comes to autofill information other than logins, Bitwarden has the basics covered. You can store credit card details, identities (including addresses, social security numbers, phone numbers, etc.), and secure notes.

If you want to use Bitwarden to its full extent, you need to shell out $10 a year. At that price, the service is still one of the most affordable standalone options on this list. The subscription gives you access to 1GB of secure cloud storage, an option to save 2FA secrets alongside your passwords (effectively turning Bitwarden into a 2FA app), and advanced 2FA login options, like with a Yubikey.

Bitwarden is open source, which means that any independent security researcher can examine its code and help fix potential security issues. The company is also regularly audited by third parties. If you still don't trust Bitwarden with your data, you can use its optional self-hosting solution, which gives you full control over your setup.

2 1Password

Best secure and convenient paid option

1password-logo-thumb
1Password
Individual pricing
$36 per year
Group pricing
$60 per year for up to 5 people
2FA storage and autofill
Yes
2FA login
Yes
Key highlights
Enhanced security thanks to mandatory secret key for login
Platforms
Android, iOS, Windows, macOS, Linux, web, browser extension
Passkey support
Yes (browser extension and iOS)

1Password could've taken the crown in this roundup, but we know that many people will always prefer a free service like Bitwarden when available. That said, 1Password has a lot going for it and surpasses Bitwarden in some areas.

Most importantly, 1Password doesn't only rely on a master password to decrypt your vault stored on its servers. You always need an additional secret key, which is generated locally on your device when you first sign up for the service. This means that even if somebody obtains your master password, they still won't be able to decrypt your vault. That's why 1Password urges you to store this key in a safe location. As long as you have at least one device with an active 1Password login on you, you can easily set up a new device by scanning a QR code. That way, you'll likely never have to type out the full 34-character secret key yourself. If that extra factor is still not enough for you, you can also add a Yubikey or a third-party 2FA app to the mix.

1Password supports all the usual features you'd expect, like biometric unlock, autofill, and search. There is also a customizable home screen, support for 2FA secrets (plus autofill for those), and version 8 looks decently modern, with its Android version sporting some Material Design 3 elements. 1Password is also capable of proactively warning you about password breaches found on the web and other hazards as part of its Watchtower feature. You can replicate this same feature for free with haveibeenpwned.com, but it's nice to have it built-in.

The service additionally lets you store tons of other autofill data and security-related items. You can add identities, documents, bank accounts, crypto wallets, medical records, passport details, reward programs, API and other software keys, Wi-Fi credentials, and more. Other services can store all these kinds of data, too, using custom fields, but 1Password makes these options easy to spot and manage for beginners.

1Password also excels when it comes to its desktop app. We can confirm that its accessibility-based autofill system works like a charm on macOS, both on native apps and within browsers. In order to properly fill in passkeys, 1Password has a browser extension for every common browser. Should your computer supports biometric unlock, you can use that to access and autofill your passwords, too. Passkeys are also supported on iOS, with support for Android coming soon.

1Password is not open source, but the company still conducts regular independent security audits. If this is a deal breaker for you, there are enough open source options on this list.

3 Enpass

Keeping you safe with your own cloud service for backup and sync

enpass-logo-thumb
Enpass
Individual pricing
$24 per year / $100 one-time plan / included in Google Play Pass
Group pricing
$36 per year for up to 6 people
2FA storage and autofill
Yes
2FA login
Yes (keyfile vault unlock)
Key highlights
No central cloud storage for your passwords makes it more secure, plus fully passkey support on all platforms
Platforms
Android, iOS, Windows, macOS, Linux, web, browser extension
Passkey support
Yes

Enpass takes a different approach to password management than many other mainstream options. Rather than storing your vault on a server provided by the company, Enpass lets you choose yourself if and where you want to back up your data. You can use a cloud locker like Google Drive, Dropbox, Microsoft OneDrive, or even your own NAS. Alternatively, you can skip the cloud altogether and sync between your devices via Wi-Fi only. Enpass says that this makes it inherently more secure than providers with a central location for all user vaults. Instead, a hacker would have to target each user's Enpass vault and cloud storage account (or local storage) to gain access. Enpass also supports unlocking with a keyfile as a second factor if you want yet another layer of security.

Enpass is also currently one of only a few password mangers to support passkeys on all platforms. It allows you to use passkeys on Android, iOS, and in the browser extension.

If you'd like to give the service a try, you can use its demo mode for free and without signing up with up to 10 logins on a single device. A total of 25 is supported if you register. Once you need more, you have to pay up, though. Enpass's pricing structure is among the fairest, and there are plenty of options to choose from. You can pay $24 per year as an individual or cough up $100 for a lifetime license without recurring fees. The service is also included in the Google Play Pass, and a group or family of six can get it for $36 a year.

Feature-wise, Enpass isn't lacking compared to server-based password managers. Its browser extension and its mobile apps support autofill, including 2FA codes, support for an unlimited amount of vaults, devices, items, and security alerts for website breaches. Like 1Password, Enpass also supports a plethora of extra details, like credit cards, bank accounts, notes, identities, licenses, travel documents, and more. The software just doesn't feel as modern and polished as 1Password, but again, app design should be the least of your concern when it comes to picking a password manager that fits your needs. Also, keep in mind that Enpass is not open source, which might be a deal breaker for some.

4 Dashlane

A password manager and VPN in one package

dashlane-logo-thumb
Dashlane
Individual pricing
$60 per year
Group pricing
$90 per year for up to 10 people
2FA storage and autofill
Yes
2FA login
Yes
Key highlights
Multi-platform password manager with VPN included
Platforms
Android, iOS, web, extension
Passkey support
Yes

Dashlane wants to protect you on two fronts rather than just one. In addition to its password manager, the company also bundles a VPN service in its Premium subscription. This makes it possible to browse more safely on public Wi-Fi networks, and could also help you unlock content that's not available in your region.

As a password manager, Dashlane supports all the features you could ask for. It's available on all major platforms (using a web app for desktop) and can autofill across the web, Android, and iOS. Dashlane is also among the pioneers when it comes to passkeys. It is one of the first to support passkeys on the web, Android, and iOS.

Dashlane's Premium plan costs $60 per year, but you can also opt for a Friends & Family option for up to ten people at $90 per year. The caveat is that the VPN is only included for the admin in this family plan, meaning that the service is only a password manager for the rest of the members.

The Dashlane password manager isn't open source, but the company is making an effort to increase transparency. The source code of its Android and iOS apps is available publicly for anyone to examine. The company also runs regular audits on its security, including the usual best practices revolving around testing.

5 KeePass / KeePassDX

The best option for tinkerers

keepass-dx-logo-thumb
Keepass DX
Individual pricing
Free
Group pricing
Free
2FA storage and autofill
Yes
2FA login
Yes (Keyfile vault unlock)
Key highlights
Open source offline-first manager with tons of customization
Platforms
Android, compatible alternatives on iOS, Windows, macOS, Linux, web, browser extension
Passkey support
No

KeePass is one of the most established and oldest open-source password management systems on this list. It's also among the more complicated solutions Rather than offering only one central client for every platform, the open-source nature of this project means that there are different clients to choose from that you like the most for your use case. Like Enpass, there is no central storage place, and you can put the vault file on any hard drive, thumb stick, or cloud storage option you'd like, though KeePass requires more tinkering and trial and error than other solutions listed here.

In addition to a strong master password, the vault can also be protected by a keyfile and/or a hardware key as secondary factors. KeePass also supports all kinds of items you could ever need, including even attachment and 2FA support. The standard offers support for regular logins, Wi-Fi credentials, notes, ID cards, credit cards, banking details, and crypto-wallets. On Windows, the original KeePass application also supports system-wide autofill, which means you don't necessarily need a browser extension.

KeePass's open source nature makes it incredibly versatile, and there are tons of clients available for Android, iOS, macOS, Linux, and browser extensions. Depending on which you choose, there are also comfort features like biometric unlock, themed icons for Android 13 and higher, and more. Some apps even offer a keyboard that does the auto-filling for you in case you find Android's regular autofill service unreliable. You can find all options on KeePass's download page, but we think that KeePassDX offers a good starting point, linked below.

6 Google Password Manager

The most convenient option for Android users

google-password-manager-logo-thumb
Google Password Manager
Individual pricing
Free
Group pricing
Free
2FA storage and autofill
No
2FA login
No
Key highlights
Pre-installed on Android phones, no extra app or setup needed
Platforms
Android, iOS, Chrome, web
Passkey support
Yes

If you're looking into a password manager for your Android phone, you're likely already embedded in Google's ecosystem and might use Gmail, Google Drive, and more services offered by the online behemoth. It might seem intuitive to add passwords to that mix, but we advocate against it. If you ever lose access to your Google account, be it because of a phishing attack or Google blocking your account, you're going to lose access to your emails (if you use Gmail) and your passwords. Since most online services require you to authenticate yourself with your email to reset your password, this is a scenario you don't want to find yourself in.

Things aren't all bad, though. Google still stores offline copies of your passwords on Chrome for desktop, so if you're ever locked out of your Google account, you'll still be able to obtain your passwords and export them to some other place. The autofill service is also one of the most reliable and best integrated on Android, even if Chrome routinely struggles with auto-filling logins on AMP pages. Google's solution also offers the simplest passkey experience on Android and Chrome, given that it's built right in.

The main thing that Google Password Manager has going for it is convenience. If you have an Android phone and you use Chrome on your computer, you don't need to worry about an extra app or browser extension to take care of your password management. Instead, everything is neatly and tightly integrated into your core system. And if you have an iPad or want to switch to iOS, you can install Chrome or the Google app to keep using Google Password Manager across all of your devices. Just keep the above pitfall about losing access to your Google account in mind and that switching to a different browser might be a hassle.

Passwords saved to your Google account can be accessed via Chrome or under passwords.google.com.

What is a password manager?

In an ideal world, you shouldn't ever reuse passwords, and you should make sure that all your services are secured with individual and hard-to-guess credentials. Since it's incredibly hard to remember more than a few excellent passwords, password managers can take over the heavy lifting. They offer a central place to store all your individual credentials for each website you have an account for, and most of them also support storing and autofilling other secret information, like credit cards, address information, and passport numbers.

How do you create a good master password?

Password managers are only as secure as the master password you choose. That's why it's vital to create a password you can remember well, but that's also hard to crack. It's your main line of defense against hackers trying to access all of your passwords. Some password managers like 1Password also generate a second factor next to your password when you create an account with them, but even then, you should never only rely on this and go for 123password.

Contrary to popular belief, you don't need to sprinkle many complicated special characters and hard-to-pronounce gibberish that you will likely have a hard time remembering anyway. The classic password XKCD comic makes this dilemma clear.

Instead, we recommend going for the route that the XKCD comic also suggests — a passphrase made up of at least five words, though going for six is a good idea for added peace of mind. Since computers aren't capable of producing truly random results, you should create your passphrase using a good old dice and the diceware passphrase list and follow these steps to create a six-word passphrase:

  1. Either roll one dice 30 times or roll five dice six times.
  2. Note down the numbers you get on a piece of paper, collected in rows of five.
  3. Compare each of your five numbers against the English diceware passphrase list and note down the word you got next to the respective numbers. You can also use alternative lists for other languages, if you prefer.
  4. The passphrase is now complete and can be used as your master password.
A sheet of paper with numbers in pairs of five noted down and passphrase list results next to them, with the finished passphrase below it

Creating and using a passphrase might seem too easy to truly work, but if you consider just how many variables you're introducing with these 30 dice rolls, it will take current tech decades to brute force it — and that's assuming the hacker knows that you're using diceware and which list exactly. If you want to, you can also sprinkle in one or two extra symbols once you've properly memorized your passphrase, but really, diceware passphrases are good enough on their own.

Better safe than sorry with your preferred password manager

No matter which of the full-fledged password managers you choose from this list, it's going to make your online life more secure than not having any password manager. If you're the lazy kind, the Google Password Manager is still a good-enough option, and if you want all the features and some extra polish, there are some great options to choose from in this list.