Using any password manager is infinitely better than reusing passwords. The question is which one fits your threat model, budget, and workflow. This guide covers the four most commonly used options with no affiliate bias.

Quick Comparison

LastPass

LastPass was the most popular password manager for years. It no longer deserves that status.

Pros

• Familiar interface, long history
• Browser extension works across all major browsers
• Emergency access feature
• Free tier available

Cons

• Major breaches in 2022: Attackers stole encrypted vaults. Users with weak master passwords are at risk
• Free tier limits you to one device type (mobile or desktop — not both)
• Owned by private equity; product quality has declined
• No open-source code review possible

Verdict

Avoid LastPass for new setups. If you're currently using it, export your vault and migrate to Bitwarden or 1Password. The 2022 breach was severe enough that security professionals universally stopped recommending it.

Setup Steps (if you must)

1. Go to lastpass.com → Create Account
2. Choose a master password: 16+ characters, unique, never reused
3. Install the browser extension
4. Import existing passwords via Settings → Advanced → Import
5. Enable MFA: Account Settings → Multifactor Options → Google Authenticator

1Password

1Password is the premium option. It's polished, well-designed, and has an excellent security track record.

Pros

• Beautiful, intuitive interface across all platforms
• Watchtower: built-in breach monitoring and password health dashboard
• Travel Mode: hide sensitive vaults when crossing borders
• Business features: Teams, vaults, admin console
• Strong two-person company history; security-first culture
• No known major breaches
• Secret Key architecture: even with your password, attackers can't decrypt your vault without your Secret Key

Cons

• No free tier — $3/month (personal), $4/user/month (teams)
• Closed source — you're trusting their security claims
• Can't self-host

Setup Steps

1. Go to 1password.com → Try 1Password Free (14-day trial)
2. Create account → save your Emergency Kit PDF — this contains your Secret Key
3. Print the Emergency Kit and store it offline
4. Install apps on all your devices
5. Create vaults: Personal, Work, Financial — organize from the start
6. Enable 2FA: Profile → More Actions → Two-Factor Authentication → Authenticator App
7. Set up Watchtower: go to Watchtower → fix any flagged items
8. Enable Travel Mode if you cross borders with a work device

Business Setup

1. Go to 1password.com/teams
2. Start a Teams plan (14-day free)
3. Create vaults for each department or project
4. Invite team members → assign vault access per role
5. Enable Admin features: enforce 2FA, set password policies

Bitwarden

Bitwarden is the recommendation for most people and organizations. Open-source, affordable, and trustworthy.

Pros

• Open source — code is publicly audited
• Free tier is genuinely useful (unlimited passwords, unlimited devices)
• $10/year premium adds TOTP (stores your 2FA codes too), encrypted file attachments, emergency access
• $3/user/month for business (Organizations)
• Can be self-hosted on your own server
• Passed independent security audits
• Works on every platform including Linux

Cons

• Interface is functional but less polished than 1Password
• TOTP requires paid plan
• Self-hosting requires technical setup

Personal Setup Steps

1. Go to bitwarden.com → Create account
2. Choose a strong master password — 20+ characters, a passphrase works well (e.g., correct-horse-battery-staple-2025)
3. Write it down and store offline — there is no recovery without it
4. Install the browser extension (Chrome, Firefox, Safari, Edge)
5. Install the mobile app (iOS or Android)
6. Import existing passwords: Settings → Tools → Import Data → choose your current password manager's export format
7. Enable Two-step Login: Account Settings → Security → Two-step Login → Authenticator App
8. Set up emergency access: Settings → Emergency Access → Add emergency contact

Bitwarden Organizations (Business)

1. Create an Organization at bitwarden.com/pricing
2. Invite members via People tab
3. Create Collections (equivalent to folders) for shared credentials
4. Set member permissions per collection
5. Enable Policies: require 2FA, set master password requirements
6. Review the Admin Console regularly for inactive users

Self-Hosting Bitwarden (Advanced)

Bitwarden releases a Docker-based self-host package called Vaultwarden (community) or official bitwarden/self-host:

# Vaultwarden (lightweight alternative)
docker run -d \
  --name vaultwarden \
  -v /vw-data/:/data/ \
  -p 80:80 \
  vaultwarden/server:latest

You'll need a domain and HTTPS certificate. Cloudflare Tunnel is a clean way to expose it without opening firewall ports.

KeePass

KeePass is the ultimate in control. Your vault is a local file — it never touches a cloud server unless you explicitly sync it.

Pros

• Completely free and open source (AGPL)
• Vault is a local .kdbx file — you own it entirely
• No subscription, no account, no server
• Passes rigorous security audits
• Excellent for high-security environments or air-gapped systems
• Plugin ecosystem is extensive

Cons

• No built-in sync — you manage that yourself (Dropbox, iCloud, Synology, USB)
• Mobile apps are third-party (Strongbox on iOS, KeePassDX on Android)
• Interface is dated (Windows-native, though cross-platform versions exist)
• Requires more setup discipline than cloud-managed options

Setup Steps

1. Download KeePass 2.x from keepass.info (Windows) or use KeePassXC for cross-platform
2. Create a new database: File → New → choose save location
3. Set a master password + optionally a key file (two-factor locally)
4. Create groups: Personal, Work, Finance, Social
5. Start adding entries

Sync Strategy for KeePass

iCloud/Dropbox method:

• Save your .kdbx file in your iCloud Drive or Dropbox folder
• On iPhone: install Strongbox → Open Database → select the file from iCloud
• Any save on any device syncs via the cloud provider

Self-hosted Synology/NAS method:

• Store on NAS, use WebDAV to sync to KeePassXC on desktop
• Strongbox on iOS supports WebDAV directly

Which One Should You Choose?

Choose Bitwarden if: you want the best balance of security, cost, and convenience. It's the Deskless Nation default recommendation for remote teams.

Choose 1Password if: you have budget and want the best polished experience, especially for a small business where non-technical users need something that just works.

Choose KeePass if: you have advanced security requirements, work in a regulated environment, or simply don't trust cloud providers with your credentials.

Avoid LastPass until they demonstrate a sustained security track record post-2022 breach. That day hasn't come yet.

Migration Tips

Moving from one password manager to another is straightforward:

1. Export from your current manager (CSV or proprietary format)
2. Review the export file — delete old/dead entries before importing
3. Import into the new manager
4. Verify a sample of entries opened correctly
5. Delete the export CSV file immediately — it's unencrypted

Never leave a password export file sitting in your Downloads folder.