Best Password Manager in 2026: Audited, Open-Source, and Zero-Knowledge Compared

Five password managers compared by published price, audit history, encryption architecture, and open-source status: Bitwarden, 1Password, Proton Pass, NordPass, and KeePassXC. Every claim links to the vendor's own page.

Quick answer
  • Bitwarden is the strongest balance — open-source on GitHub, annual third-party audits, and a Free tier that covers most users. Premium is $1.65/mo billed annually.
  • Proton Pass is the strongest privacy default — Switzerland-based (outside 5/9/14 Eyes), Cure53-audited at launch, open-source clients. Free tier available.
  • KeePassXC is the choice for users who want zero cloud component — vault file is local, GPL-licensed, no subscription. Sync via Syncthing / Dropbox / Nextcloud is the user's responsibility.
Best overall: bitwarden
Methodology

We compared each password manager's published pricing tiers, independent third-party audits, encryption architecture, jurisdiction, and open-source status. Every numeric claim and every policy claim on this page links to the vendor's own page or to the audit firm's report. We do not run our own cryptographic audits — we cite the published reports. Sources accessed 2026-04-30.

  • Audit history25%

    Published independent third-party security audits (Cure53, ISE, Insight Risk Consulting, etc.) with the most recent within the last 24 months.

  • Open-source status20%

    Whether the client apps and (optionally) server are published as open source under an OSI-approved license.

  • Encryption architecture20%

    Zero-knowledge end-to-end encryption by default. Documented at the vendor's security page.

  • Published price15%

    Premium / individual tier monthly price in USD (annual billing where offered).

  • Free tier10%

    Whether a usable free tier is available, and what limits it carries.

  • Jurisdiction10%

    Country where the operating entity is registered. 5/9/14 Eyes membership applies regardless of marketing claims.

Sources accessed
2026-04-25 → 2026-04-30
Data sources
  • Vendor pricing pages (Bitwarden, 1Password, Proton Pass, NordPass)
  • Vendor security / audit-history pages
  • Independent audit reports (Cure53, ISE, Insight Risk Consulting)
  • GitHub repositories (open-source clients)
Written by
Subger Editorial Team
Comparison desk

We read every public pricing page, security audit, and open-source repository so you do not have to. Every claim on this page links to its source. Editorial standards: see /about.

Last reviewed
2026. ápr. 30.
Next review 2026. júl. 30.

Our take on each product

Bitwarden

Recommended

Open-source on GitHub, annual audits, Free tier covers most users. Premium $1.65/mo annually.

Pros
  • All client apps and server source published on GitHub under GPLv3 / AGPLv3 (per github.com/bitwarden)
  • Annual independent third-party audits (Cure53, ISE, Insight Risk Consulting), reports linked from bitwarden.com/help/is-bitwarden-audited
  • Free tier supports unlimited password storage; Premium $1.65/mo annually adds 1 GB encrypted attachments + emergency access + advanced 2FA
  • Self-hosting supported on the user's own infrastructure
Cons
  • Free-tier limits introduced in early 2026 — verify the current free-tier feature list against your needs (per bitwarden.com/blog)
  • Headquarters in Santa Barbara, California (USA, 5 Eyes); zero-knowledge architecture is what protects vault contents
Best for: Most users who want an audited, open-source password manager at the lowest published price
View Bitwarden details

1Password

Recommended

Strongest enterprise polish. Secret Key + master password adds defense-in-depth. $2.99/mo individual.

Pros
  • Secret Key in addition to master password — if 1Password's servers are compromised, vault data remains safe (per 1password.com/security)
  • SOC 2 Type II audit + penetration tests by Independent Security Evaluators (per 1password.com/security-audit)
  • Travel Mode (vault subset visible during border crossings) and family vault sharing are mature, documented features
  • Bug bounty program on Bugcrowd
Cons
  • Closed-source clients — security claims rely entirely on the published audits
  • No free tier; trial only. Individual $2.99/mo annually is mid-pack pricing
  • Toronto, Canada (5 Eyes); zero-knowledge protects against jurisdiction concerns
Best for: Users and small teams who want polished enterprise features and accept closed-source clients
View 1Password details

Proton Pass

Recommended

Switzerland-based, Cure53-audited at launch, open-source clients. Free tier available.

Pros
  • Cure53 full security audit at launch (2023); no critical findings, moderate findings remediated pre-launch (per proton.me/blog/pass-launch)
  • Switzerland headquarters — outside 5/9/14 Eyes intelligence-sharing arrangements
  • Open-source clients on GitHub (per github.com/ProtonPass)
  • Free tier includes unlimited logins + 10 hide-my-email aliases; Pass Plus from $1.99/mo bundles dark-web monitoring + Sentinel
  • Proton Unlimited at $9.99/mo annual bundles Pass with Mail / VPN / Drive / Calendar
Cons
  • Newer product (2023 launch) than Bitwarden / 1Password — shorter operational track record
  • Younger ecosystem — fewer third-party integrations than 1Password / Bitwarden in 2026
Best for: Users who weigh jurisdiction heavily and want the rest of the Proton bundle
View Proton Pass details

NordPass

Niche pick

Cure53-audited (2020 + 2021 Business), SOC 2 + ISO 27001 certified. Lithuania-based. Renewal pricing higher than intro.

Pros
  • Two Cure53 audits (Feb 2020 white-box; 2021 on NordPass Business) per nordpass.com/features/security
  • SOC 2 Type 2 + ISO 27001 certified
  • xChaCha20 symmetric encryption with EdDSA digital signatures
  • Premium $1.49/mo on 2-year plan
Cons
  • Closed-source clients
  • Renewal pricing materially higher than intro — same pattern as the rest of the Nord product line
  • Most recent Cure53 audit dates from 2020/2021 — newer audit not yet published
Best for: Users in the Nord ecosystem (NordVPN, NordLocker) who want a single vendor for security tooling
View NordPass details

KeePassXC

Niche pick

Free, open-source, no cloud component. Vault file is local; sync is the user's choice.

Pros
  • Free, GPL-licensed, no subscription tier (per keepassxc.org)
  • Vault file is local — there is no cloud component to compromise
  • Cross-platform: Windows, macOS, Linux native clients; browser extensions for Firefox / Chrome / Edge
  • Open KDBX 4 file format with Argon2 KDF + ChaCha20 cipher options (per keepass.info/help/kb/kdbx_4.html)
Cons
  • Sync across devices is the user's responsibility — Syncthing, Dropbox, Nextcloud, or manual
  • No web access (vault file is required to be local)
  • Mobile experience requires a third-party companion app (KeePassDX on Android, Strongbox or KeePassium on iOS)
  • Onboarding curve — KeePassXC is the most technical option in this comparison
Best for: Technical users who want zero cloud trust and are comfortable choosing their own sync mechanism
View KeePassXC details

Recent updates

  1. Truth-pass review

    Pillar content re-grounded against vendor sources only. The source registry at lib/pillars/content/passwords-sources.ts backs every numeric and policy claim with a public URL and access date — vendor pricing pages, audit reports, open-source repositories.

The full comparison

Service
Cheapest individual / premium tier on annual billing.
Most recent published independent audit. Reports linked from each vendor's security page.
Open-sourceWhether client apps are published under an OSI-approved license.
Free tierWhether a free tier is published, with any limits noted.
Operating entity country, with 5/9/14 Eyes status.
Bitwarden
1.65Cure53 / ISE / annualYesYesUSA (5 Eyes)
1Password
2.99SOC 2 Type II + ISE pentestsNoTrial onlyCanada (5 Eyes)
Proton Pass
1.99Cure53 (launch 2023)YesYesSwitzerland (none)
NordPass
1.49Cure53 (2020 + 2021)NoYes (1 device)Lithuania (14 Eyes)
KeePassXC
0Community + KDBX format specYesYes (entire app)N/A (local-only)

Premium price is the cheapest individual / premium tier on annual billing. NordPass is shown at its 2-year intro rate; renewal price is higher. KeePassXC is free with no subscription. Audit column shows the most recent published independent audit and the auditor name. Jurisdiction is the operating entity's country with 5/9/14 Eyes status appended. Sources accessed 2026-04-30 — see passwords-sources.ts.

Frequently asked questions

Are password managers safe?

A zero-knowledge end-to-end encrypted password manager is safer than reusing passwords or storing them in a browser. The vendor cannot decrypt your vault — only you can, with your master password. The audit reports linked from each vendor's security page are what verify the implementation. Bitwarden, 1Password, Proton Pass, and NordPass all have published audits.

Should I pick an open-source password manager?

Open-source clients let security researchers verify the encryption is doing what the vendor says. Of the five managers compared here, three publish open-source clients: Bitwarden (GPLv3 / AGPLv3), Proton Pass (GitHub), and KeePassXC (GPLv3). 1Password and NordPass are closed-source — security claims rely on the published audits.

What is zero-knowledge encryption?

Zero-knowledge means the vendor's servers never see your master password or your decrypted vault. All encryption and decryption happens on your device with a key derived from your master password. If the vendor's server is breached, attackers get encrypted blobs they cannot read. All five managers in this comparison use zero-knowledge architecture, per their security pages.

Should I trust 1Password's Secret Key?

1Password adds a Secret Key in addition to the master password. The Secret Key is a 128-bit value generated on the user's device at signup; 1Password's servers never see it. Even if the master password is stolen via phishing, an attacker still needs the Secret Key (which lives only on enrolled devices) to decrypt the vault. It is documented at 1password.com/security and is unique to 1Password among the major managers.

What if the password manager goes out of business?

All five managers in this comparison publish export functionality. Bitwarden exports JSON or CSV. 1Password exports CSV or 1PUX. Proton Pass exports CSV / JSON. NordPass exports CSV. KeePassXC's vault is the open KDBX 4 format that any compatible tool (KeePass, KeePassXC, Strongbox, KeePassium) can open. Maintain a recent export as part of normal use.

Do password managers work on iOS and Android?

All five managers in this comparison ship native iOS and Android apps with Autofill integration. iOS 12+ and Android 8+ support OS-level password autofill that the apps register with. Bitwarden and Proton Pass also work as web-app or PWA on iOS for users who prefer not to install the native app.

Related

Authority & trust

Known issues

  • Minorreported 2026. ápr. 30.

    Bitwarden Free tier limits introduced in early 2026

    Bitwarden adjusted what the Free tier includes in early 2026 (per bitwarden.com/blog). Verify the current Free-tier feature list at bitwarden.com/pricing before assuming unlimited multi-device access.

    bitwarden
  • Minorreported 2026. ápr. 30.

    NordPass renewal pricing rises after intro term

    NordPass Premium 2-year intro $1.49/mo renews at materially higher rate. Same pattern as the rest of the Nord product line; set a calendar reminder before the renewal date.

    nordpass

The landscape

Five password managers cover the audited / privacy-credible category in 2026: Bitwarden (open-source, annual audits, US), 1Password (closed-source, mature enterprise polish, Canada), Proton Pass (open-source, Cure53-audited, Switzerland), NordPass (closed-source, Cure53-audited, Lithuania), and KeePassXC (free, open-source, local-only). LastPass is excluded from this comparison after the 2022 breach disclosures. The choice between the audited cloud managers (Bitwarden / 1Password / Proton Pass / NordPass) reduces to open-source preference, free-tier requirements, and jurisdiction; KeePassXC sits separately for users who want zero cloud component.

Audited managers compared
5
Cheapest Premium $/mo annual
$1.49 (NordPass 2yr)
Open-source clients
3 of 5
Free tiers (unlimited storage)
Bitwarden + KeePassXC
Find the right pick for you

Tell us what you optimise for — we will point at the password manager whose published positions best match.

  1. 1. What matters most to you?
  2. 2. Comfortable with cloud sync?

Learn more

Long-form explainers on the concepts behind this pillar.

Every correction is logged publicly. Response within 10 business days.