Choosing a Password Manager – Guide

Top Line Recommendation - Use a Password Manager

GW Cybersecurity recommends using a password managers.  There are tradeoffs, but in our experience these tools provide safe and effective management of the numerous passwords and passkeys we all have.

• Password manager security: Are password managers really safe?
  9/2025 SPECOPS |5 min read - This 2025 blog post from  has a great review of concerns but outlines why password managers are safe and much safer than alternatives.  The article includes enterprise guidance, but most sections apply to everyone.

• Password Managers Pros and Con Tipsheet |2 min read
• Why You Need a Password Manager, and How to Choose the Right One 11/2024 PCMag | 5 min read

• Choosing a Solution - Password Manager Reviews

  • The Best Password Managers for 2025 - PCMag 2/21/2025
  • The Best Free Password Managers for 2025 - PCMag 1/15/2025
  • The best password managers in 2025 - Tom's Guide 2/11/2025
  • Best Password Manager in 2025 - CNET 2/14/2025
  • The 2 Best Password Managers of 2025 | Reviews by Wirecutter New York Time 2/3/2025
  • Best password manager of 2025 - TechRadar 1/9/2025

Recommendation Details

Use a Password Manager - CISA Recommendation 

For most people, generating and remembering long, random and unique passwords for every account is not possible. Rather than write them down, use a password manager! A password manager is an easy-to-use program that generates, stores and even fills in all your passwords. Password managers tell us when we have weak or re-used passwords and can generate strong passwords for us. They can also automatically fill logins into sites and apps as we move from one to another.

When we use a password manager, we only need to remember one strong password—the one for the password manager itself. (Tip: Create a memorable long “passphrase” as described above.)

There are many password managers to choose from. Some are free, like the built-in password managers in your web browser, and some cost money. Search a trusted source for “password managers” like Consumer Reports, which offers a selection of highly rated password managers. Read reviews to compare options and find a reputable program for you.

When we use a password manager, we are much more likely to use a long, random and unique password on every site. And that makes it much harder for someone to steal our valuable information!

From: CISA https://www.cisa.gov/secure-our-world/use-strong-passwords

Advice on Choosing a Password Manager

The IT risk and assurance team describes Password Managers as software that allows users to generate passwords, store, and manage account information including usernames and passwords all in one location. Password managers offer other features such as complex password suggestions, identifying weak or repeated passwords used, and alerting its users when their credentials appear compromises. When you use a password manager, you will set a password that is often referred to as the “master” password.  This will be the only password you will need to remember. For more information about why password managers are useful see the following: 

• Why You Need a Password Manager, and How to Choose the Right One 11/2024 PCMag

Considerations in Choosing a Password Manager

The following considerations are provided for anyone interested in comparing password managers

• Vault location – Local device or cloud password manager vault storage decisions will be influenced by how many devices you will be using and therefore sharing passwords across.  Two major benefits of using a cloud-based solution are sharing passwords with across multiple devices and automatic backups and application updates for the solution.
  • Browser based solutions – Browser based solutions can be useful and strong contenders for your solution.  Please note, browser-based password managers may provide passwords to anyone using the account / browser where the passwords are saved.  Additionally, may not be a cloud sharing or sync capability across devices or across browsers on the same device.
• MFA – your selected password manager must support Multifactor Authentication (MFA) for access to the vault.  Ideally the password manager should support Passkeys and other more modern authentication methods
• Free or Paid – while this will be a personal decision, two considerations may assist in your decision.  First, consider support and other benefits of a paid subscription.  Second, you should consider the available features and future growth potential of any solution.
  • Paid without paying (a lot) – Research products that may be part of an ecosystem you already use or that may be components or lower cost add-ons to existing software.  For example, device antivirus / antimalware provides often have a password manager solution.  Also, organizations you are members of and even credit card companies may provide discounts for password managers, check your benefits pages.
• Password Generator – While most solutions have these future, it is important to use complex passwords and so a password manager should be able to generate passwords for you.
• Account Access – ensure that you understand and configure emergency account access, capturing and securely storing electronic keys or pass phrases, setting up alternate emails, and other capabilities provided by your selected solution.
• Multiplatform Support – If you use Macs and PCs and/or Android and iPhones, choosing a password manager that supports these, and possible others is a critical concern.
• Automated Device Sync – This capability provides an ability to use a copy of your password vault on your device without connecting to the cloud service. 
• Secure Content Storage – while not a priority for everyone, some password managers provide the ability to store credit cards, notes, and other information in addition to passwords.
• Family or Group Sharing – Some password managers provide licenses for families or small managed groups.  This feature is great for sharing, only, when necessary, single user accounts.  More importantly, this feature often provides members of the family their own password vault independent of other vaults, while overall access can be managed by the vault owner.
• Device Ecosystem – some device manufacturers may provide solutions that work for you.  Generally, these work best if all of your devices are in the same ecosystem.  The tools can often be very affordable or even free.
• Dark Web Monitoring - If possible, it is helpful to have a password manager that monitors the Dark Web and let's you know if any of your accounts may have been leaked or compromised.  Having an alert of a potential compromise is a nice feature to have.
• Reused Passwords - Overtime you may have saved passwords using the sam user and password combination.  Password managers can warn you of reused accounts and passwords.

Choosing a Solution - Password Manager Reviews

---

This content is presented by the GW IT Cybersecurity Risk and  Assurance team. #SecuringGW is a shared responsibility, if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse[@]gwu.edu.

---

IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), ithelp[@]gwu.edu, or visit ithelp.gwu.edu