If you take one piece of security advice from any post on this site, make it this: use a password manager. Password reuse is the single biggest cause of account compromises, and every breach I’ve helped recover from at my Toronto consultancy in the last decade traces back to either a reused password or no 2FA. A password manager solves the first; 2FA solves the second.
I’ve used all three of these as a primary password manager at one point or another. Below is the honest head-to-head from January 2026.
How do 1Password, Bitwarden, and Dashlane compare?
| Feature | 1Password | Bitwarden | Dashlane |
|---|---|---|---|
| Free tier | 14-day trial only | Unlimited passwords, 2 devices | 25 passwords, 1 device |
| Personal paid | $2.99 USD/mo (C$4.20) | $10 USD/year ($0.83/mo) | $4.99 USD/mo (C$7) |
| Family paid | $4.99 USD/mo (5 users) | $40 USD/year (6 users) | $7.49 USD/mo (10 users) |
| Open-source | No | Yes | No |
| Self-host option | No | Yes (Vaultwarden) | No |
| Built-in 2FA / TOTP | Yes (paid) | Yes (paid Premium) | Yes (all tiers) |
| Passkey support | Yes (excellent) | Yes | Yes |
| Independent audits | Multiple, public | Multiple, public | Multiple, less public |
| Browser extensions | All major | All major | All major |
| Best for | Polish, families, Apple users | Value, privacy, devs | Identity protection bundles |
Why is Bitwarden my pick for most people?
Three reasons: price, open-source code, and the free tier is actually usable.
$10 USD per year for Premium ($14 CAD) is a price point nobody else comes close to. That’s roughly 1/4 what 1Password costs and 1/5 what Dashlane costs. And it’s not a hobbled budget option — Premium gets you all the features most people need, including built-in TOTP for 2FA, encrypted file attachments, advanced 2FA options like YubiKey, and a vault health report.
The open-source code matters because the security model can be audited by anyone. Bitwarden has commissioned multiple third-party audits and posts the results publicly. The server code is open too, which means determined privacy nerds can self-host their own vault using Vaultwarden (the lightweight community-maintained server compatible with Bitwarden clients).
The free tier is the best in the category. Unlimited passwords across two devices, free TOTP storage (no Premium needed for basic 2FA), and free password generator. For a single user with a laptop and a phone, the free tier is genuinely all you need — Premium just buys you nicer extras.
Weaknesses: the UI is functional but not as polished as 1Password. The browser extension occasionally lags when filling forms. Family sharing is fine but the UX is bare-bones compared to 1Password’s family vault interface.
When does 1Password win?
For three groups of people:
Families. 1Password Families at $4.99 USD/mo for 5 users is genuinely the best family password manager I’ve used. Shared vaults work cleanly, parent-child relationships have sensible defaults, and the UX is the most approachable for less-technical family members.
Mac/iOS-heavy households. 1Password’s native Mac and iOS apps are the gold standard. Bitwarden’s are good; 1Password’s are excellent. If your spouse opens their laptop and finds anything confusing, you’ll get a call.
Travel mode users. 1Password’s Travel Mode lets you flag specific vaults as “exclude when traveling” so a border agent inspecting your phone literally cannot see them. This matters for journalists, activists, and people crossing into countries with intrusive border policies. No other major password manager has this.
1Password is also the best in class for passkey management, which matters more every quarter as more services adopt passkeys.
Why has Dashlane fallen off?
Dashlane was my pick in 2018–2020. It’s still a competent password manager, but at $4.99 USD/mo personal it’s priced like 1Password without being as good as 1Password.
The free tier is the worst of the three majors — 25 passwords on a single device, which is borderline useless. The paid tiers used to include VPN, but the VPN was removed or restricted on most plans through 2024–2025, making the bundle less compelling.
The one place Dashlane still beats both competitors: Dark Web Monitoring (their version is more detailed) and Identity Theft Protection bundles. If those are what you want, Dashlane Premium ($4.99/mo) makes more sense than the others. For pure password management, skip it.
What about LastPass?
I no longer recommend LastPass. After the 2022 breach where attackers got encrypted customer vaults, my confidence dropped enough to migrate every client off it. The breach disclosure was also handled poorly. There are better options at every price point.
If you’re currently on LastPass, plan a migration. Both Bitwarden and 1Password have free importers that handle a LastPass CSV export cleanly.
What about iCloud Keychain or Google Password Manager?
If you’re 100% in one ecosystem and never use anything outside it, these are genuinely fine. iCloud Keychain on Mac/iOS handles passwords, passkeys, and even some 2FA codes. Google Password Manager does the same inside Chrome.
The limits: cross-platform support is terrible. iCloud Keychain on Windows works but barely. Google Password Manager outside Chrome is awkward. Both have limited sharing features, no real vault hygiene tools, and no breach monitoring.
For most people, a dedicated password manager is better. The exception is the “I don’t care about features, I just want passwords to autofill on my iPhone” user — iCloud Keychain is fine for them.
How do I migrate to a password manager from “passwords saved in my browser”?
This is the easiest migration in tech. Both Bitwarden and 1Password import directly from Chrome, Firefox, Safari, and Edge in about 60 seconds.
- Sign up for Bitwarden (or 1Password) and install the desktop app + browser extension.
- In Bitwarden web vault: Tools → Import data → pick “Chrome” (or whatever) → follow the prompts.
- Chrome will export its passwords to a CSV. Upload that CSV to Bitwarden.
- Verify the imported entries look right.
- Once you trust the migration: open Chrome → Settings → Autofill → Password Manager → delete saved passwords.
Now your password manager handles everything, not the browser. Set the browser to never offer to save passwords going forward.
How do I set up Bitwarden safely?
- Sign up at bitwarden.com. The master password is the one and only password you need to remember from now on — make it long (at least 20 characters), memorable, and unique.
- Install browser extensions for whatever browsers you use (Chrome, Firefox, Edge, Safari).
- Install desktop apps for each computer.
- Install mobile apps on your phone(s).
- Import your existing passwords (see above).
- Enable two-step login on the Bitwarden account itself (Settings → Security → Two-step Login). Use your authenticator app from my 2FA guide.
- Download and securely store your master password hint and the encrypted vault export — these are your disaster recovery options.
- (Optional) Pay $10 USD for Premium to unlock TOTP storage and emergency access.
That’s it. From this point, every new account uses a password manager-generated password (16+ chars, mixed case + numbers + symbols), and you remember exactly one master password.
Frequently Asked Questions
Is it actually safe to put all my passwords in one place?
Yes, when the password manager is a reputable one using end-to-end encryption. Your master password is the encryption key — Bitwarden and 1Password literally cannot see your passwords without it. The risk is in the master password itself: make it long, unique, and never reuse it elsewhere. Combined with 2FA on the manager itself, it’s far safer than reusing the same five passwords across 200 sites.
What happens if I forget my master password?
You lose access to the vault. Both Bitwarden and 1Password explicitly cannot recover it — that’s the security model. Set up the emergency access / recovery options before this becomes an issue. 1Password gives you a printable Emergency Kit during setup. Bitwarden offers Emergency Access via a trusted contact.
Do password managers work for autofilling on mobile?
Yes, both Bitwarden and 1Password integrate with iOS Passwords / Autofill and Android’s autofill API. After setup, websites and apps offer your saved password automatically — same as browser autofill but cross-platform and cross-app.
Should I worry about Bitwarden being acquired or going down?
Bitwarden is owned by an independent company (not VC-flipped or Big-Tech-owned). The codebase is open source, so worst case the community can fork it and run it themselves. The Vaultwarden self-hosted server already exists and is well-maintained. Lock-in risk is the lowest of any password manager.
Do I still need 2FA if I use a password manager?
Yes — they protect against different threats. Password manager generates unique passwords so a single breach doesn’t unlock everything. 2FA protects against a compromised password being used to log in. Both, together, defeat almost every account-takeover technique short of malware on your actual device.
For the next steps in account security, see my 2FA setup guide and the Gmail recovery walkthrough. If you’re hardening a household network too, the free VPN comparison and free antivirus roundup are the natural follow-ups.
— Mark Thompson, Toronto