How we test password managers
The actions required to test password managers are less extensive than testing antivirus software or VPNs. We can test very few features, like autofill and sharing, and we can look into the encryption levels and user experience to evaluate the providers.
There is little to test with the password managers apart from their provided functionality. We examine:
- What encryption the password manager has
- If the tool is built with the zero-knowledge architecture
- How many multi-factor authentication (MFA) options are available
- How the password generator works in general
- If the password manager has additional features like dark web monitoring or others, for example, 1Password has Travel mode, or NordPass has passkeys available
Security and Encryption
Before even starting to test the password manager use, we spend extensive time reading up about the security features available and the encryption the password manager employs.
The security features include the likes of:
- No logs policies
- Encryption levels
- Two-factor authentication
- Biometric logins
- Master passwords
We look into these things to determine how secure your data will be if you use the service. In addition to these points, we also look into the providers' past and reputation – whether they had data leaks, how the issues were solved, and how they approach security audits.
One feature we can test is saving and auto-filling credentials in the applications and websites. We check if the password manager effectively identifies new account creations on the web and apps and suggests saving new items in the password vault.
Also, we test how easy and convenient it is to manually add new items and fill in the information in the password manager application. We check if the password manager application and browser extension can provide the correct login credentials to autofill and if we ever experience missed login suggestions or account mismatches.
It’s worth mentioning that the password managers with autofill function, which is set to fill only upon the user's request with an extra click, make password managers less vulnerable to various cyberattacks.
The main criteria for evaluating secure password sharing is if it is possible to execute this function with users that use different password managers. Some password managers allow sharing credentials only with other users, which is inconvenient.
Also, some provide the possibility to use one-time links or to add the expiration date for the link of the shared information, which is a bonus.
While testing different password managers, we also test their plans and pricing. To suggest the best service available that would be worth the cost, we look over the plans based on these criteria:
- Subscription length
- Subscription cost
- Devices covered
- Features included
The criteria are then measured based on the price-to-value ratio.
In addition to overviewing what subscriptions are available, we also look for the best possible deals – whether the longest subscription is the one that offers the best price to the users.
One more point we consider is the free trials and money-back guarantees. These features help us determine which service providers are trustworthy and reliable if they offer a secure window of time for users to test their products without paying for them.
Like with any other service we review, we look into the customer service availabilities. This includes not only what channels are available but also whether you need to provide your contact information to reach the support agents and if the customer support is for premium users only.
The main support channels we look for are:
- 24/7 live chat
- Email support or ticketing system
- Knowledge base
As with other products, the user experience is also investigated:
- How smoothly does the software perform all functionalities
- What items can the user add to the secure vault (from passwords and secure notes to credit card information and passports)
- How fast are new items synced between applications on different platforms
- What options are provided for importing/exporting passwords
- If the software is modern and pleasant to use