Password Manager Comparison 2026: KeePass, Bitwarden, 1Password & More
Which password manager is right for you? A comparison of KeePassXC, Bitwarden, 1Password, and Steganos. Plus: mobile solutions, NFC cards, and recommendations for businesses.
Chris Wojzechowski Geschäftsführender Gesellschafter TL;DR
A password manager is the practical prerequisite for real password security: anyone who wants to use a unique, strong password for every service cannot do without a digital vault. KeePassXC is the open-source recommendation for technically savvy users - free, local, cross-platform. Bitwarden is a suitable open-source alternative with optional cloud synchronization. 1Password impresses with its convenience and was awarded best in test by Stiftung Warentest. For businesses, Bitwarden Teams (approx. EUR 2/user/month) and 1Password Teams (approx. EUR 4/user/month) offer central management features. Browser-integrated password functions are not a full replacement.
Table of Contents (12 sections)
Anyone who wants to use a unique, strong password for every online account—as all security experts recommend—needs some help. The average user manages over 90 online accounts. No one can remember 90 different, cryptic passwords. The solution is a password manager.
This comparison explains why a password manager is necessary, what criteria are crucial when choosing one, and how the most popular options stack up—from KeePassXC to Bitwarden and 1Password, all the way to mobile solutions and hardware alternatives.
For background on secure passwords and passphrases, we recommend our Password Security Guide.
Why a password manager is indispensable
The real problem: password overload
Many users respond to this overload with insecure shortcuts: Passwords are reused, chosen to be too weak, or jotted down on a piece of paper. The result is well-known—68 percent of all data breaches result from stolen or weak login credentials (Verizon Data Breach Investigations Report 2024).
A password manager completely solves this problem:
- It automatically generates strong, unique passwords for every service
- It stores passwords in an encrypted vault
- It fills in passwords automatically—no manual typing required
- It alerts you to known data breaches if a stored password has been compromised
You only need to remember a single strong master password. All others are securely managed.
Browser password features are no substitute
Browsers like Firefox and Chrome offer built-in password features. These are convenient, but they are not a full-fledged replacement for a dedicated password manager. Browsers are primarily designed for browsing—not for securely managing sensitive login credentials.
CVE-2019-11733 provides a concrete example of the risks: A known security vulnerability in the Firefox browser directly affected password management. Even Apple has purchased 123,000 licenses of the third-party tool 1Password for its own workforce, rather than relying exclusively on the iCloud Keychain. The iCloud Keychain is better than nothing—but a full-fledged password manager is better.
Selection Criteria: What Matters in a Password Manager
Encryption
A reputable password manager encrypts the password database with strong end-to-end encryption. Even if someone were to gain access to the database, the stored passwords would be unreadable without the master password. Only the user knows the master password.
Open Source vs. Proprietary
Open-source password managers like KeePass and Bitwarden allow the source code to be publicly reviewed. This builds trust—independent security researchers can find and report vulnerabilities. Proprietary products like 1Password do not offer this transparency advantage, but often impress with their user-friendliness and support.
Offline vs. Cloud Synchronization
- Offline managers (KeePassXC): The database is stored locally on the device. Maximum data control, no cloud risk—but manual synchronization between devices is required.
- Cloud managers (Bitwarden, 1Password): Automatic synchronization across all devices. More convenient, but the data is stored (encrypted) in the provider’s cloud.
Two-factor authentication (2FA)
Many password managers offer 2FA for accessing the manager itself. This makes sense: even if the master password is stolen, access is impossible without the second factor.
Platform Support
Cross-platform support is crucial for users of multiple devices and operating systems. KeePassXC supports Mac, Linux, and Windows. Mobile clients for iOS and Android are available separately.
Password Managers Compared
| Manager | Type | Price | Platforms | Features |
|---|---|---|---|---|
| KeePassXC | Open source, local | Free | Windows, macOS, Linux | Full data control, no cloud |
| Bitwarden | Open source, cloud | Free / Premium starting at ~10 EUR/year | All + browser | Self-hosting possible, GDPR-compliant |
| 1Password | Proprietary, cloud | Starting at ~3 EUR/month | All + browser | Stiftung Warentest test winner, user-friendly |
| Steganos PM | Proprietary | Regular ~9.95 EUR (Version 17) | Windows + iOS/Android | German software, AES-256-bit |
| KeePass (Original) | Open source, local | Free | Primarily Windows | Basis for many derivatives |
KeePassXC: The free open-source manager for all platforms
KeePassXC was created as a cross-platform alternative to KeePass, which was primarily developed for Windows. For Mac users, a free, easy-to-use solution was long lacking—KeePassXC solves this problem with native support for macOS, Linux, and Windows.
The software is open source, meaning it’s free and transparent. Anyone who works across multiple systems and carries their password vault with them on a USB drive, for example, will appreciate its cross-platform capability: Only the software is required, not a specific operating system.
Switching KeePass to German
KeePass and KeePassXC are in English by default. However, KeePass can easily be switched to German: Download the appropriate language file (Version 2 for current KeePass 2 installations) from keepass.info, unzip it, and place it in the folder Program Files (x86) > KeePass Password Safe 2 > Languages. Then select German under "View > Change Language" and restart KeePass. The entire process requires no administrator privileges and takes less than two minutes.
Stiftung Warentest: KeePass Named Top Performer Among Free Password Managers
Stiftung Warentest evaluated password managers in early 2020: Of the 14 products tested, only three were impressive. KeePass was named the top performer among free products. In later tests, Stiftung Warentest also named 1Password and Bitwarden as top performers.
Mobile Solutions: Password Managers on iOS and Android
KeePass Touch for iOS
After MiniKeePass was discontinued in mid-2020, this app left a gap on iOS. KeePass Touch fills that gap and allows users to fully view and edit KeePass databases on Apple devices.
Synchronization works via Dropbox, FTP servers, or local Wi-Fi—with no requirement to use the cloud. For €1.09, an in-app purchase removes ads and enables the autofill feature. Important: KeePass Touch is not open source, which distinguishes it from the certified clients listed on keepass.info.
Browser Integration
If you want to use KeePass with browser autofill, you’ll need browser add-ons. Official browser extensions for Chrome, Firefox, and other browsers are available for Bitwarden and 1Password—integration is seamless.
Hardware Alternative: The NFC Password Card
An unusual alternative to traditional password managers is the NFC password card. This is a physical card—similar to a credit card—on which passwords are stored. Access is via an app (available for free on iOS and Android); after entering the master password, the passwords on the card can be read.
The NFC password card can broadly be classified as an offline solution: Passwords are not stored in the cloud, but only on the physical card. The biggest difference from traditional software password managers: The card is a physical object.
Advantages:
- No cloud dependency
- No device required other than a smartphone for reading
- Physically visible – loss is noticed immediately
Disadvantages:
- Physical object can be lost or damaged
- No automatic synchronization
- Manual maintenance required
The NFC password card is an interesting addition for specific use cases – for most users, a software password manager offers more convenience with comparable security.
Setting up a password manager: Step by step
The most common reason for not using a password manager isn’t mistrust—it’s inertia. Setting it up seems like a hassle. In reality, the initial setup takes less than 15 minutes for most products.
Step 1: Choose and install a password manager
Decide on a manager—for starters, we recommend Bitwarden (free, open source) or KeePassXC (free, local). Install the desktop app and the browser extension.
Step 2: Set a master password
The master password is the only one you still need to remember. Use the passphrase method here: four random, unrelated words, supplemented with special characters and numbers. Write this password down once on paper and keep it in a safe place—in a locked cabinet, not on your screen.
Step 3: Import existing passwords
Most password managers allow you to import passwords from browsers (Chrome, Firefox) or from other managers as a CSV file. This saves a significant amount of time compared to entering them manually.
Step 4: Identify weak and reused passwords
Bitwarden, 1Password, and most cloud managers offer a security report: It shows at a glance which stored passwords are weak, which are reused, and which have been found in known data breaches. Start with the most critical accounts—email, banking, and corporate logins.
Step 5: Generate new strong passwords
The next time you log in to a website, open the password manager, generate a new strong password, and save it directly in the manager. By default, the password generator creates passwords with 20 or more characters consisting of letters, numbers, and special characters—which you’ll never have to memorize.
Step 6: Set up the mobile app
Install the mobile app on your smartphone. With cloud-based managers, the database syncs automatically. With KeePassXC, set up synchronization using your preferred method (Nextcloud, Dropbox, FTP). From now on, you’ll have access to all your passwords on all your devices.
Common Concerns About Password Managers—and the Facts
"What if the provider gets hacked?"
This is the most common concern. The answer lies in the encryption architecture: A reputable password manager encrypts your data locally with your master password before it leaves your computer. The provider does not know your master password—so even if the server is compromised, they cannot decrypt your passwords.
This architecture is called zero-knowledge: The service provider has “zero knowledge” of your actual passwords. If the provider’s server is hacked, an attacker will only see encrypted data packets that are useless to them.
For absolute security: KeePassXC stores the database exclusively locally. The provider is then your own computer—a server breach at the software developer’s site will not affect any password data.
“I might forget my master password”
That is a valid concern. The solution: Carefully write down your master password once on paper and store it securely—just like an important document. Cloud-based managers also offer recovery options that should be configured before initial setup.
A four-word passphrase is much easier to remember than a 12-character cryptic string. This is the key advantage over using a randomly generated password as the master password.
"Password managers are too complicated"
Setup takes less than 15 minutes. Day-to-day use is easier than manually typing in passwords: the manager automatically fills in passwords as soon as you visit a familiar website. With biometric unlocking (fingerprint, Face ID) on your smartphone, access is even faster than typing in any password.
Password Manager Security: What Can Really Go Wrong
An important issue is the security of the password manager itself. Modern password managers are fundamentally secure—but implementation errors can cause problems.
A concrete example: Kaspersky’s password manager generated weak passwords on Windows, Android, and iOS because the software used the current system time in seconds as a random seed. All users who created a password at the same time received identical suggestions. The entire possible password space from 2010 to 2021 comprises only about 315 million combinations—which modern computers can brute-force in minutes. Kaspersky fixed the vulnerability in late 2019 but did not prompt affected users to change their passwords until October 2020.
The lesson here: Even when it comes to password managers, you should choose reputable products that are regularly audited by independent third parties. Open-source products like KeePassXC and Bitwarden benefit from public code reviews. For proprietary products, you should look for security audits conducted by independent third parties.
Recommendations for Businesses
Businesses face the challenge of providing password managers for all employees and managing them centrally. Without a password manager, good password hygiene is nearly impossible for individuals—let alone in a corporate context.
Enterprise Options at a Glance
| Solution | Advantages | Cost |
|---|---|---|
| 1Password Teams | Simple, macOS/Windows/Mobile, Admin Console | approx. 4 EUR/user/month |
| Bitwarden Teams | Open source, GDPR-compliant, more affordable | approx. 2 EUR/user/month |
| Keeper | Enterprise features, SSO integration | approx. 3 EUR/user/month |
| LastPass Teams | Widely used – note the 2022 breach | approx. 4 EUR/user/month |
For SMEs on a tight budget: Bitwarden Community Edition (self-hosted) is free and can be used in compliance with the GDPR.
In addition to a password manager, clear password policies are recommended—details on modern corporate policies according to NIST and BSI can be found in the article Secure Password Policies for Businesses.
Our Password Security Guide provides further background on secure passwords, passphrases, and how to handle data breaches.
Our Recommendation
For personal users who want maximum control: KeePassXC – free, open source, local, cross-platform. Synchronization via your own cloud services (Nextcloud, Dropbox) is possible.
For private users who prioritize convenience: Bitwarden (open source, free basic version) or 1Password (best convenience, Stiftung Warentest test winner).
For iOS users who want to use the KeePass database on the go: KeePass Touch – not open source, but fully functional.
For businesses: Bitwarden Teams (approx. 2 EUR/user/month, GDPR-compliant, self-hosting possible) or 1Password Teams (approx. 4 EUR/user/month, highest level of convenience).
Not recommended as a standalone password solution: Browser-integrated password features – convenient, but not a full-fledged replacement for a dedicated password manager.
FAQ: Password Managers
Is it safe to store all passwords in one place?
Yes – provided the password manager itself is strongly secured. Modern password managers use strong end-to-end encryption. Even if the provider’s servers are compromised, the passwords remain unreadable without the user’s master password. The alternative scenario—having many weak, reused passwords in your head—is significantly riskier.
What happens if I forget my master password?
With locally stored databases (KeePassXC), there is no way to recover your data without the master password. For cloud-based managers, some providers offer recovery options—check this before setting up. A strong but memorable master password created using the passphrase method is the best safeguard.
Which password manager was tested by Stiftung Warentest?
Stiftung Warentest has tested password managers on multiple occasions. In one test, 1Password and Bitwarden were named the winners. In an earlier test of free products, KeePass received the highest rating.
Is KeePass the same as KeePassXC?
No. KeePass is the original program, developed primarily for Windows. KeePassXC is a standalone fork that runs natively on Windows, macOS, and Linux—without workarounds or the Mono framework. Both use the same database format (kdbx) and are compatible.
Can I use KeePassXC on multiple devices?
Yes—by sharing the database file via your own synchronization service (Nextcloud, Dropbox, FTP server). This is a bit more involved than with cloud-based password managers, but it gives you complete control over your data.
What about blackmail or attacks on password manager providers?
With well-implemented password managers, stored passwords remain secure even after a server attack because they are end-to-end encrypted. The provider does not know your master password. Local managers like KeePassXC don’t have this risk at all—the database is stored only on your device.
The first step is the hardest: Set up a password manager today. Everything that follows—unique passwords for every service, auto-fill, alerts for data breaches—will fall into place naturally.
For the full context on password security, passphrases, and passkeys, read our Password Security Guide.
Do you want to implement a password manager in your company while building security awareness among your employees? Contact us.
Monthly Threat Report
Chris Wojzechowski bewertet einmal im Monat die aktuelle Bedrohungslage aus Sicht eines Informationssicherheitsexperten. Sein 30-köpfiges Team ist näher an realen Cyberbedrohungen dran als kaum jemand sonst - mit konkreten Handlungsempfehlungen, die Sie am nächsten Morgen umsetzen können.
Bestseller-Autor (Wiley-VCH) · M.Sc. Internet-Sicherheit · Bekannt aus Handelsblatt & WamS
Zuletzt behandelt
1x im Monat · Kein Spam · Jederzeit abbestellbar · Datenschutz
Next Step
Our certified security experts will advise you on the topics covered in this article — free and without obligation.
Free · 30 minutes · No obligation
