Review Methodology for Password Managers

At TechRepublic, we pride ourselves in bringing our readers comprehensive and fair reviews of password manager software they may invest in. To do so, we believe it’s necessary to share the process by which we evaluate password managers, what criteria and subcriteria they’re graded on and how all these aspects add up to a final star rating.

SEE:  Brute Force and Dictionary Attacks: A Guide for IT Leaders (TechRepublic Premium)

We utilize an in-house algorithm that’s built upon five categories: pricing, core password management features, ease of use, customer support and expert analysis. Each area is then weighted to account for how relevant it is to our audience of technology buyers and users.

While our algorithm is subject to change, these categories serve as the main pillars by which we evaluate each password manager. For readers who may disagree with our criteria, we encourage you to utilize our methodology as a way to calibrate your own opinions on what makes a good password manager for you.

Below is a breakdown of how we review password managers.

Pricing (25%)

Pricing accounts for 25% of our total score for password managers. This category consists of subcriteria that include, but are not limited to:

• Multiple subscription options.
• Accessible free trial.
• Free plan.
• Pricing relative to the competition.
• Value for money.

Core password management features (35%)

Core password manager features, such as vault encryption and autofill, account for 35% of our total score. This category comprises subcriteria that include, but are not limited to:

• Amount of multi-factor authentication options.
• Company is not involved in any sort of security breach.
• Encryption.
• How the company stores and protects user data.
• Password capture and replay.
• Password generator.
• Password auto-filling capabilities.
• Password sharing and emergency access.
• Single sign-on.
• Passwordless vault entry.
• Easy account switching.
• Encrypted vault backups; importing and exporting.
• Integrated browser extension.

Ease of use (15%)

Ease of use accounts for 15% of our total password manager score. This category consists of subcriteria that include, but are not limited to:

• Mobile app experience.
• Ease of use of both desktop and mobile interfaces.
• Installation and setup process.
• Interface design.

Customer support (15%)

Customer support accounts for 15% of our total password manager score. This category comprises subcriteria that include, but are not limited to:

• Number of support offerings available (email, live chat, phone).
• Response time for customer questions.
• Help resources (tutorials, guides, other resources).
• User feedback on customer service experience.

Expert analysis (10%)

Expert analysis accounts for 10% of our total password manager score. This category consists of subcriteria that include, but are not limited to:

• Personal experience with the password manager itself.
• Ease of product research, which includes demos, documentation and first-party material to verify features.
• Presence of standout features not found in other options.

Our password manager evaluation research methods

To get an all-around view of each password manager we review, we prioritize analysis gained through in-house and hands-on user testing. We also supplement our findings through product demos and verified customer feedback on sites that include, but are not limited to:

• Community Forums.
• Gartner Peer Insights.

How do I choose the best password manager for my business?

Selecting the best password manager for your business will largely depend on looking at your business’ particular set of needs and circumstances. But with data as sensitive as passwords, there are key factors to consider to keep company resources secure and safe from bad actors.

Prioritize security above all

Password managers store an organization’s most essential credentials. Thus, it’s critical to prioritize security when choosing a password manager solution.

To start, look into whether a prospective password manager has been involved in any sort of security breach. Password managers that have had data breaches involving customer data, such as passwords or URLs visited, are red flags that aren’t worth taking the risk for. Ideally, you want a password manager that has a clean record of keeping customer data secure at all times.

SEE: LastPass Review 2024: Is It Still Safe and Reliable? (TechRepublic)

We also want a password manager that subscribes to zero knowledge principles. This means they have zero access to your unencrypted passwords — and only the end user ever knows or has access to master passwords, logins and other important credentials.

Finally, go for a password manager that offers a range of multi-factor authentication options. MFA adds a layer of security to your business’ vault, as it requires more information from the end user to access their passwords. With this, hackers will have a harder time cracking password vaults — even if they were able to steal a single password or credential.

Cloud vs. local password storage

Another consideration is if you want a password manager that stores data on the cloud or on local storage. At times, this will depend on your business’ structure.

For example, larger organizations that work with remote workers may want to opt for a cloud-based password manager. This allows for easy storage, syncing and accessing of passwords within the company.

On the other hand, local password storage may benefit organizations that are wary of cloud storage breaches or cyberattacks. Local password storage could also be more convenient for smaller teams that are able to share passwords from a single local device or server.

Consider business size

Fortunately, there are password management solutions that cater to all business sizes. For smaller businesses, many consumer password managers have Teams and Business plans that offer robust security and accessibility features. Examples of such features include simple password sharing and password health reports within the app itself.

SEE: Bitwarden vs 1Password (2024): Password Manager Comparison (TechRepublic)

However, if you’re a larger organization, it’s wise to look into password managers tailor-made for enterprises and big businesses. These solutions are capable of handling hundreds of users; provide granular access controls; and include password enforcement mechanisms for IT teams and departments.

Weigh open source vs. proprietary password managers

You also have the option between open source and proprietary password management solutions.

Open source password managers have publicly available source codes, making it easier for community members to spot vulnerabilities and prevent exploits. They’re also generally more affordable and have secure free plans as well. The downside is that open source options may require technical expertise to deploy and can lag behind proprietary solutions in terms of customer support.

On the other hand, proprietary password managers have more established software with generally more intuitive user applications. Customer support is also given higher priority, with options for 24/7 live chat and accessible online ticketing systems. You will deal with less transparency and more expensive subscription prices when choosing the proprietary route.