29 July 2021
People are generally not good with passwords. We either use common passwords that are easy to crack, or we reuse our passwords all over the internet, meaning one data breach can lead to several more. And we do silly things like using the word ‘football’ as a password while there’s a major soccer tournament underway. Yet despite humanity’s apparent inability to use passwords properly and the significant problems caused by human error, we’re almost totally reliant on passwords for security.
To be fair, it’s not easy to use passwords properly. You’re supposed to have a unique, complex password for every website and online service you use. Between your social media, shopping sites, banking apps, and myriad other places, you can easily end up with an impossibly huge list of passwords you need to remember. You could write them down on paper, but unless you’re going to put that paper in a locked safe, that’s a terrible idea.
And that’s why password managers are so great. All you need to remember is one strong password, which locks and unlocks your password manager. Then the password manager will remember all your other passwords for you, and you can make them as complex and long as you like.
Apple’s own Keychain is a pretty good password manager for Macs, but if you want more advanced features and more control, you’ll need a third-party option.
Here are some of the best ones:
Even though Bitwarden is a free, open-source password manager, the company uses professional auditors to try and break it. The process identifies vulnerabilities and allows the product to be one of the top-rated password managers available.
There are premium and family licenses available too. These add features like two-step login using physical keys like YubiKey and emergency access. For many people, the free version will be more than enough, but one big thing you’ll miss out on is sharing. You can share files and messages, but to share passwords you’ll need to have either a business or family account.
Using Bitwarden is easy. Log in with your master password and then add login details for websites and other services. It will automatically sort your logins into categorized folders, but you can also make your own. Bitwarden can even store bank card details for you.
Browser extensions are available for all the major browsers, with the password vault easily synchronized between devices over the cloud using AES-256 encryption.
Free, with affordable premium packages.
Standard personal account doesn’t allow sharing.
|Easy to store passwords with browser extensions.
|No emergency access in the free version.
|Generate complex passwords quickly.
Related reading: MacUpdate user reviews of BitWarden for Mac.
Buttercup is a free, cross-platform, open-source password manager with a simple, easy-to-use interface. It offers AES-256 encryption, generates strong passwords, and includes the option to choose where your password vault is stored.
You can store your password database locally, or you can keep it in Dropbox, Google Drive, or WebDAV. This is great because if you don’t need to sync your Mac’s passwords to other devices, you can store them offline, away from remote servers. But if you need the convenience of the cloud, that’s possible too.
Buttercup supports Google Chrome and Mozilla Firefox browsers and runs on Linux, macOS, and Windows desktops, and Android and iOS mobile devices. Anywhere you need to store and retrieve passwords easily, you can with Buttercup.
You can add multiple password vaults too, so you could have one that’s kept offline and one that’s synced to the cloud. Or you could store different sets of passwords for work and personal use.
|Syncing is not quite as intuitive as rivals.
|Works on lots of different devices.
|No way to securely share logins.
|Choice of local or cloud storage.
Related reading: MacUpdate user reviews of Buttercup for Mac.
A free, open-source password manager for macOS, MacPass is lightweight and easy to use. Passwords are stored in a highly encrypted Keepass database. It consists of just one file, so it’s easy to transfer the database between Macs.
Like other password managers, MacPass includes a sophisticated password generator together with an analysis tool indicating the strength of each password generated.
Adding new login details to MacPass is straightforward, and you can create new databases and groups easily. And despite the fact that MacPass uses a local client, it still offers browser extensions, so you can auto-fill login fields on web pages.
You can also set up MacPass to synchronize your stored passwords, and it can be enhanced with plugins. It’s not anywhere near as intuitive as tools like Bitwarden, but it is completely free. If you don’t mind doing a bit more manual setup work, it’s well worth a look. Note, though, that the current version doesn’t work properly on Big Sur, so you’ll need to wait for an update.
|Only works on Mac.
|Can be extended with plugins.
|Less intuitive than its rivals.
|Keeps your password database local.
Related reading: MacUpdate user reviews of MacPass for Mac.
Many popular password managers store user information on centralized servers. Ascendo makes use of its Distributed Security Model to counteract the risk of storing data on these servers. Your login data is stored on your own device, and DataVault synchronizes this information to your other devices using a personal Dropbox or iCloud account.
There’s a lot to like about DataVault. Like the fact that you pay a one-off price to use it on up to five Macs at once. The integration with Safari. The ability to create passwords easily. And the clear, intuitive interface.
But it does have some drawbacks too. Although the Mac version synchronizes with iOS devices, that’s a separate purchase. And it’s not clear if it syncs with the Android and Windows versions.
Overall, it’s a pretty good password manager for Mac users. It’s not as straightforward as some of its competitors, and the lack of easy cross-device syncing is a pain. But it’s easy to use, and it doesn’t cost a lot.
|Cheap, lifetime license.
|Not fully cross-compatible.
|iOS versions are a separate purchase.
|Option to use cloud or local storage.
Related reading: MacUpdate user reviews of DataVault for Mac.
Enpass is a basic password manager for home users. The free version offers full access on desktops but is limited to 25 items on mobile devices. Enpass stores passwords locally, but can sync with other devices using your own third-party cloud storage. It supports several cloud services, including iCloud, Dropbox, and OneDrive.
As well as generating and storing passwords, you can save other information, like credit card details and additional account information, addresses and phone numbers.
Enpass does not offer security-grade encryption or two-factor authentication but is a viable alternative to Google Authenticator. It allows you to store lots of personal information, but the data is static and cannot be used to populate web forms.
It’s a shame the free version only works on desktop computers, but Enpass is a decent password manager. The fact you can buy a one-time license is impressive too — it would only take two years before it started returning the value.
|Stores lots of different types of data.
|Only the desktop version is free.
|Plenty of cloud storage options.
|No syncing to other devices in the free version.
Related reading: MacUpdate user reviews of Enpass for Mac.
KeePassXC is an open-source secure password manager. It’s a community-created fork of KeePassX, which was itself a port of the Windows-only KeePass.
KeePassXC has a clean, modern look to it, in contrast to the dated interface in KeePassX. It doesn’t look as up-to-date as rival password managers, but it’s certainly an improvement. A lot of the functionality is similar, though, and you can even import your KeePassX databases.
It also includes a password-generating tool that allows you to customize new and unique passwords fast. And as well as unlocking your databases with a password, you can use a key file, such as a CD or a memory stick. Without that present, no one will be able to unlock your password database.
KeePassXC doesn’t offer features like cross-device syncing, but it does include the ability to autofill login details. You also add an extension to most popular web browsers including Chrome, Firefox, and Microsoft Edge. And because your passwords aren’t kept in the cloud, you don’t have to worry about data breaches.
|No automatic syncing.
|Not as modern or as intuitive as rivals.
Related reading: MacUpdate user reviews of KeePassXC for Mac.
Don’t let the MacUpdate community’s rating of this password manager mislead you. 1Password is often rated as one of the best password managers available.
Sure, it may have changed their pricing model, but if you choose 1Password, it’s unlikely you’ll regret it. Used by over 500,000 businesses, 1Password is designed for commercial use and includes features like two-factor authentication, cross-device synchronization, and fingerprint protection on mobile devices.
1Password’s audit report identifies weak passwords, ones used multiple times, and those that haven’t been changed for a while.
It also provides a full security audit that checks for pwned passwords (real-world passwords previously exposed in data breaches) and highlights sites where two-factor authentication is offered but not used. The lack of a free version is a drawback, but if you don’t mind paying, 1Password is well worth it.
|No free version.
|Fingerprint protection on mobile.
Related reading: MacUpdate user reviews of 1Password for Mac.
Aside from the ability to save your passwords in an encrypted space, you also need to consider several other factors.
Protecting passwords on your Mac is a must and relatively easy to do. You can implement password best practices by using macOS’ Keychain Access together with a good password manager of your choice. And by using a password generator to create strong, random passwords.
Any of the password managers in this list is better than no password manager at all. Whether you opt to pay for one or use a free one depends on what features you need and how many passwords you need to remember.
A password manager is a digital vault that generates and stores your passwords, along with other identifiers such as email addresses and usernames. When you’re prompted for your login credentials, some password managers auto-fill them for you, making access faster and simpler.
Password managers also make it easier to generate and use stronger passwords. Instead of using the same password for different sites because it’s easier to remember, a password manager allows you to create longer, more random, and different passwords for each account.
Yes. There are two main risks:
Yes. Keychain Access is an app that comes with macOS. It stores account information and passwords for all password-protected items, including email accounts, network servers, and websites.
As an encrypted container, KeyChain Access also allows you to store confidential information such as credit card numbers and personal identification numbers (PINs) for accessing your bank accounts.
KeyChain Access is integrated with iCloud keychain, enabling you to share keychains (your encrypted passwords) with your other devices. Signing in to iCloud with your Apple ID allows you to create and manage keychains on the device of your choice.
Having a backup is critical if something goes wrong. If you forget the master password for either Keychain Access or your password manager, you can still access all your data using the other app.
When you access a website, email account, network server, or another password-protected item, you may be given the option to remember or save the password. If you choose to save the password, it’s saved in your keychain, so you don’t have to remember or type your password every time.
Recovering your master password may be a challenge, and varies depending on the password manager you install. Refer to the vendor’s website for ways to recover it. In most instances, recovering a master password is not possible, and you’ll need to reset and reinstall, losing all of your data.
Note: Vendors providing good password managers DO NOT store your master password, so they can’t help you. That’s why using Keychain Access along with another password manager is the best way to go. If you forget the master password for one, you can always access your credentials with the other. Just don’t use the same master password for both!
If you have a strong password, there is no need to change it. If you do, you’re more likely to use a weak password or forget the new one. Using a strong, unique master password is more important than changing it every few months.
If you’re using passwords generated by a good password manager, there’s no reason to change your password unless one of your accounts has been compromised. Review all of your passwords and replace those that are weak, using your password manager to generate strong, random passwords.
I've been using Macs for both work and leisure for more than 15 years, starting off with a second-hand G3 iMac running OS 9.