Protecting your online accounts is more important now than ever — and using a password manager is one of the easiest and most effective ways to do it.
Why? It's simple: Reusing passwords puts you at a heightened risk for hacking. If someone discovers your password at just one website — via any sort of breach, be it large-scale or targeted — they can then use that same password to crack into your accounts at countless other places. It happens all the time.
In a world that requires passwords for just about every online activity you do, most security experts agree: The key to keeping yourself safe is relying on long, random passwords (in conjunction with two-factor authentication, whenever possible). Remembering even a few such passwords is difficult enough, but doing so for dozens or hundreds of sites and services is nigh impossible for mere mortals.
And that's where the password manager comes into play: It makes it possible to generate and keep track of all that info without needing a Rainman-caliber brain. With a password manager, you need to remember just one master password, and the manager creates and remembers the rest.
[ Related: Android apps: Best of the best ]
Figuring out which password manager is right for you, however, isn't so easy. But I'm here to help. I've spent a significant amount of time evaluating and revisiting each of the major password managers available for Android (using a Pixel 3A phone with Android 9 Pie software for my most recent round of testing).
Here are my recommendations.
Table of Contents
- The best Android password manager for most people
- The best Android password manager for added enterprise security
- The best Android password manager with multiple storage options
- Wait — what about all the other Android password managers?
The best Android password manager for most people
When you use all the major Android password managers back to back, one thing becomes immediately clear: LastPass is in a league of its own. The app is intuitive and easy to use, and — critically — it works consistently well across the entire Android experience.
At its core, LastPass makes it super-simple to store sign-in info for apps and websites and then to automatically fill in your credentials whenever you're prompted. LastPass intelligently utilizes Android's autofill functionin combination with the operating system's accessibility feature to provide quick and reliable responses wherever a sign-in prompt appears.
LastPass works consistently well in apps (left) and websites (right), thanks to its effective use of Android's autofill function.
(The autofill function is available on phones running Android 8.0 Oreo and up. If your device is running an Android version prior to 8.0, first of all, for the sake of your security, you should really consider getting a new phone — and probably one made by a different manufacturer, at that. But in terms of password management, LastPass will fall back onto an older method of field-filling that results in a less polished and smooth experience but still gets the job done.)
Beyond the basics, LastPass is packed with useful options. The app has a complex password generator and a security analysis feature that'll look at all of your passwords and suggest areas where you could improve your security (by strengthening weak passwords, for instance, or eliminating passwords used in multiple places). It can store secure notes and form-fill profiles — though for the latter to work on mobile, you'll have to either use LastPass's own internal browser (which you probably won't want to do) or manually copy and paste info from the app into your regular browser one field at a time.
Speaking of browsers, LastPass has excellent integration with all the major desktop offerings — as well as native app options for Windows and Mac, if you prefer — so keeping your info accessible across multiple platforms is painless. LastPass uses its own secure cloud storage, with device-level encryption, for syncing all data.
You can take advantage of the service's core features, including multi-device access, free of charge. For $36 a year, you can upgrade to a premium subscription that gives you expanded storage for notes, documents, and other files along with the ability to use advanced two-factor authentication methods and the option to create an emergency access plan that provides someone else access to your account after an extended period of inactivity.
Family plans are also available for $48 a year for up to six people, as are managed team plans for $48 per user per year and policy-compliant enterprise plans for $72 per user per year.
The best Android password manager for added enterprise security
While LastPass provides all the security basics you need to keep your info safe, Keeper takes things a step further with some next-level tools for business and enterprise deployments.
The service's professional plans include a robust administration console with customizable options for on-boarding and off-boarding as well as role-based enforcement policies. Credential records and encrypted folders can be limited to individual users or shared across teams, and employees can create separate personal and business vaults and then switch between them as needed.
Keeper's business and enterprise products also provide a version control feature that makes it possible for employees to look back at how any particular credentials have changed over time and then restore an older version if needed.
Beyond that, the software has an optional company-wide monitoring system called BreachWatch that continuously scans all employee credentials for usernames or passwords that are known to have been compromised and may consequently be vulnerable. (Keeper uses anonymized IDs and a multilayered security system to ensure that all data remains protected and that usernames and domains are never even associated with passwords throughout the scanning process.) That means even if an employee reused a password from a personal account and that personal account was involved in a breach of some sort, the system would flag the password as compromised and advise both the employee and the admin that it needs to be changed.
Keeper's admin console provides detailed information about compromised credentials across a company's entire base of users.
More broadly, admins are able to see security risk summaries for all users without requiring direct access to any individual person's encrypted data. And an optional Advanced Reports and Alerts add-on makes the information even more detailed, with support for compliance audits, real-time alerts, and a variety of custom reports. It also allows you to integrate Keeper with a variety of third-party security management tools for even more advanced analysis.
Keeper isn't quite as consistent or user-friendly as LastPass on the Android front, but it's close — and for businesses seeking a full suite of security-monitoring mechanisms, its potent set of advanced tools make for a worthwhile tradeoff. The service's business plans start at $30 per user per year, while enterprise-level arrangements start at $45 per user per year. The BreachWatch scanning setup adds an extra $20 onto the annual per-user cost, and the Advanced Reporting and Alerts add-on adds $10 onto that same annual per-user total.
(Keeper is also available for individual use: On that front, a free plan gives you access to the service from a single device — but if you ever change devices, you'll lose access to all of your data, so that isn't really advisable for anyone. Instead, you'd want to opt for the $30-a-year plan, which allows for syncing across an unlimited number of devices. You can also add a personal version of the BreachWatch monitoring system onto your account for an extra $20 a year, and if you want secure file storage, that'll run you another $10 per year.)
The best Android password manager with multiple storage options
Not keen on the idea of relying on a third-party company's servers to store your encrypted information? 1Password gives you the option to use Dropbox, iCloud, or even a direct local network connection in addition to opting into its own cloud servers for secure cross-device syncing.
Those extra options come at a cost, though — both in terms of actual dollars and in terms of the experience you'll receive. 1Password starts at $36 a year for individuals, with a free tier of service available only if you opt to skip the simple multidevice syncing option. The family plan costs $60 a year for up to five people, meanwhile, while team plans run $48 per user per year and business plans with advanced access control are $96 per user per year.
And despite the additional dollars, using 1Password on Android just isn't particularly pleasant — especially compared to the standards LastPass and Keeper establish. The service has certainly gotten better since my previous evaluation in 2018, but it's still a noticeable step behind the others in polish and overall user experience.
For instance, 1Password doesn't immediately recognize that a password saved within the Twitter app should also apply to the Twitter website — and so even if you have credentials saved for one of those areas, it'll fail to provide them to you in the other.
1Password lacks some of the poise and intelligence exhibited by other Android password managers.
In another clunky twist, the service requires you to hang onto an "emergency kit" PDF file that contains a specific sign-in address and "secret key" you need in order to set the app up on any new device. (That used to serve as a second-rate replacement for two-factor authentication and now remains an irksome requirement even when regular 2FA is enabled.) If you don't have that information handy, you won't be able to sign into your account and will have no way to access your passwords. You can't reset or recover said info, either — and if you can't find it, 1Password says the only recourse is to "start over."
The service's desktop browser extensions are similarly rough around the edges — and while those may not be Android-specific, they're going to be part of the overall product-using picture for most people. To wit: The Chrome extensions (yes, there are two) don't automatically fill in your username and password for you or even prompt you to have that info popped in as needed, as LastPass and Keeper do; instead, they require you to take the extra step of manually clicking a 1Password logo and thenclicking another command every time you need to make your info appear. Worse yet, clicking that button doesn't even consistently pull up credentials in my experience; often, getting the appropriate sign-in info to appear turns into a frustrating and prolonged process.
Plus, instead of prompting you to save a new username and password via an automatic post-sign-in pop-up, as LastPass does, 1Password's desktop extensions require you to go out of your way to click a little icon within a username or password field before you sign into a site and then select to save from there. That means the onus is always on you to remember to do that prior to signing into any site, for one — but also, if you type in your credentials incorrectly, they'll be saved, anyway.
All in all, it's not an optimal experience. If data storage options are critical for you, though, it's still your best bet.
Wait — what about all the other Android password managers?
You may have noticed that some reasonably popular password managers didn't make the cut. In each case, there's a reason.
Dashlane, for instance, works well enough within apps on Android. But for websites pulled up in the browser — which typically represent a fair amount of mobile device sign-ins — it relies on a clunky and awkward floating bubble mechanism instead of tapping into Android's native and far simpler to use autofill system.
Dashlane within apps (at left) and within websites (at right) — two very different experiences.
The app also doesn't offer to save credentials when you create new accounts or enter sign-in details manually, and its setup fails to walk you through the steps needed to authorize the app to operate — which means it's up to you to dig through the app's settings and figure out what to do. Particularly considering that the app is priced higher than any of the products mentioned above, none of that seems acceptable.
Enpass, meanwhile, is relatively unusual in that it offers a fully featured, multi-device setup with an array of third-party storage options and without the need for an ongoing subscription. Instead, you just pay a one-time fee of $12 for a lifetime cross-platform license.
The problem is that the Enpass experience is anything but elegant. For instance, instead of letting you select credentials alongside an app's login field, Enpass always forces you to flip back to its full app interface in order to select and confirm the username you want to use. The app also doesn't consistently prompt you to save credentials that you enter or create on your own, and it provides no option for dealing with a lost master password other than to give up on your data and start over.
Enpass constantly forces you to flip you back to its full app interface to select credentials and just generally doesn't provide a great user experience.
All in all, the service doesn't seem especially well-suited to professionals, and most folks on a budget would be better off going with LastPass's free option.
Then there's KeePass (and for the love of all things holy, make sure you capitalize that "P"). KeePass is a free, open-source password manager that relies on local software and — if you so choose — your own method of cross-device data synchronization (be it your personal server space, a cloud storage service like Dropbox, or portable physical storage like a USB drive).
KeePass can be great for the technically inclined who don't mind taking on a project, but it's quite complicated and consequently not something that's easy to recommend to the masses or to anyone working in a corporate environment. It also doesn't have any sort of official Android app, so you're left to choose from a variety of independently created clients with varying degrees of poise and polish.
Beyond that, there's a long list of also-rans — adequate but unexceptional apps that fail to stand out from the pack or to match the aforementioned titles in areas like feature availability, user experience, cross-platform support, and established trustworthiness.
That's why the apps outlined above earned recommendations in their respective categories — and rest assured: These recommendations will be revisited and revised regularly.