How We Test Password Managers
Views: 3723
2023-07-21 21:19
A strong, unique password for every account is a must in the age of constant

A strong, unique password for every account is a must in the age of constant data breaches, but remembering all your login credentials is borderline impossible without help from a password manager. A good password manager stores your credentials and helps you improve security by generating new, random passwords, all protected by a strong master password.

To use a password manager, you must trust it will keep your logins secure. You also must trust that the password management company will alert customers quickly if your credentials are at risk. In the recent past, our password manager reviews have been based primarily on the app's functionality, ease of use, and unique features. From 2023 onward, we will evaluate password managers using new criteria: We will test each password manager's functionality, ease of use, and extra features while examining the data collection terms outlined in the privacy policy and noting company transparency following security incidents.

What Is a Password Manager, and Why Do I Need One?

Our Testing Criteria

At the heart of every review is the question, "Does it work as advertised?" The reviews in the best password manager category strive to answer that question while addressing a few common concerns people have when adopting a password manager or switching to a new one.

When we evaluate a password manager app, we test it to ensure it can capture and replay credentials, store sensitive data in an encrypted vault, fill in web forms, and create new, unique passwords. In addition to the functionality tests, we examine the following:

In short, if a password manager captures and manages credentials but doesn't do much to protect your data or fails to alert you when your data is at risk in a breach, it won't warrant a recommendation from PCMag.

What Is Two-Factor Authentication?

Holding Companies Accountable

As reviewers, we must consider more than software performance when testing products. We also need to consider user privacy and safety.

Data breaches occur daily, meaning millions of people are at risk for an account takeover or identity theft if they still use their old, guessable passwords. As we saw with LastPass in 2022, password management companies are significant targets for malicious hackers. Password management companies must prioritize user safety by adopting zero-trust policies and having plans to alert users when a data breach occurs and tell them how to protect their accounts.

It's our job at PCMag to hold companies accountable for safeguarding users' privacy and online security. That's why we don't rely solely on objective measurements when calculating scores for our software reviews. Instead, we combine subjective elements, such as comments about the app’s aesthetic features and our informed opinions about data collection practices, with objective commentary regarding the app’s functionality to give readers a more accurate review on which to base buying decisions.

You may not always agree with our scores or opinions about password management products, and that's OK. We want you to form your own opinions about the products we review, and we strive to provide plenty of information about the user experience to make that possible.

Analyzing Pricing and Plans

When comparing prices among password managers, we state the price for the version we test. Many password management services offer a discount to new users or discounted long-term rates, but PCMag strives to report the base-level price for each service.

We encourage you to take advantage of free trials to find out if you need a premium password manager or if a free one will suffice.

Highlighting Additional Features

As long as a password manager stores your data securely, fills in your stored data all around the web, and creates complex, long, and unique passwords for your new and updated vault entries, it's a working password manager. Some password management companies now offer additional features to differentiate themselves in a crowded market and justify higher prices for premium subscriptions.

In PCMag's best password manager reviews, we only focus on features that enhance the product. Some features have a clear value for many readers, and we note them in each review and reward companies that offer innovative and practical solutions to their users. Perks such as password inheritance options and secure credential sharing are features reserved for premium accounts.

Documenting the User Experience

Many resist password manager adoption because they don't want to learn how to use another app. We highlight the ease of adoption and how easy it is to switch between password management products in the Getting Started section of every review. Password managers should be designed to be used by people with all levels of technical expertise, so we prefer products that require minimal setup or include optional tutorials.

We also want to see attractive user interfaces on password management applications. User vaults containing endless file trees or outdated designs are harder to navigate quickly. Password managers don't need to appear slick and futuristic, but the user interface should make it easy to operate the app.

Examining Password Generator Protocol

Every password manager we test includes a random password generator. At PCMag, we recommend readers set random password generators to create passwords that are at least 20 characters and contain a mix of lowercase and uppercase letters, digits, and special characters.

Many of the password managers we test create weaker passwords by default. You don't have to remember each generated complex password, so you should change the password generator's settings to include the above-mentioned parameters.

Perusing Privacy Policies

When we review password managers, we read their privacy policies too. We want to know what kind of data the company gathers about its customers and what it does with that data. We also want to know how the company responds to requests for user data from governments and law enforcement entities.

Any company can lie to the public in its privacy policy document, though the consequences of being caught in a lie would be dire. We ask companies about app privacy policies and publish the responses in our reviews.

Evolving Password Manager Testing

We want our reviews to be helpful to as many people as possible, so we don't include a lot of technical jargon. We also don't ask companies to share internal details about their applications that competitors or criminals could misuse. We aim to help you make the best buying decisions without confusing you.

We will continue to adapt our testing to the changing industry landscape. Remember that widespread passkey adoption may soon make password managers a product of the past. Read this article to learn how to use passkeys and get rid of your passwords.

Tags password managers