People who like to tinker: Password Safe is a powerful tool in the right hands, but doesn’t hold yours by teaching you to use it. If you like instruction manuals, this is the password manager for you.
We put Password Safe password manager to the test for plan value, compatibility, features, and security. See why The Password Manager rated Password Safe 3.6/5.
By: Gunnar KallstromHead of information systems and cybersecurity research
Bottom line: While Password Safe is free and open source, an outdated, clunky user experience (UX) and few quality-of-life features keep Password Safe from truly shining.
Who should choose Password Safe? Those who like to tinker or who prefer a bare-bones experience.
Overall: (3.6)
Password Safe’s rating is earned mainly by its price tag (free) and reliable security. But it struggles against competitors in other metrics.
Password Safe standout features | |
---|---|
Support |
|
Best for | Tinkerers and Linux users |
Promotion | None needed — Password Safe is free |
Password Safe is the kind of experience that only appeals to a limited audience, but it has some strengths. If you’re willing to work with it, there could be a diamond in the rough waiting for you to pluck it out.
People who like to tinker: Password Safe is a powerful tool in the right hands, but doesn’t hold yours by teaching you to use it. If you like instruction manuals, this is the password manager for you.
Overall: (5.0)
The most notable feature of Password Safe is it’s completely free. While other services offer a limited free version with subscriptions to their premium version, Password Safe is unlocked from the start with no need to ever pay its creator a dime. This alone may sell you on Password Safe despite its other drawbacks.
If you appreciate Password Safe, donations are accepted to reward the developer, Rony Shapiro, for the hours of labor they put into keeping this piece of software up to date.
Password Safe Features | |
---|---|
Price | Free |
Best for | Tinkers and people who use Linux |
Free trial | Not needed |
Platform compatibility | Windows, Linux |
Autofill capability | No |
Guest accounts | No |
Number of passwords | Unlimited |
Password sharing | No |
2FA | Yes |
Account recovery | No |
Support types | Community forums, help document |
Encryption | Twofish algorithm with a 256-bit key |
Reporting capabilities | No |
Single sign-on (SSO) | Yes |
Overall: (3.0)
Password Safe is only available for two platforms, however as an open-source piece of software it has been ported over to other systems. Currently, it is only officially supported on:
While Password Safe is only available for Windows and Linux devices, it has been unofficially ported to other platforms by third parties. Yet even the developer admits it has not tested most of these distributions, and your mileage may vary.
Support for these offshoots comes and goes depending on the attention span of the person who released it — just because a version exists for iOS doesn’t mean it’s going to receive regular updates.
Overall: (3.0)
Password Safe’s UX isn’t outright hostile, but it caters to a specific crowd.
Let’s cut to the chase — Password Safe isn’t going to win any design contests. The user interface may look warm and familiar to those used to digging through their computer’s registry or who love tinkering with open-source tools. But the average person will run into problems right out of the gate as they are hit with a mass of icons and options only made clear through intentional exploration.
If you’re importing password data from another source, only a few formats are supported. It accepts plain text, XML, or (interestingly) from its most direct competitor in the field, KeePass, another free, open-source password manager.
Even when you’ve entered every password you might need, you’ll go through a multi-step process to use them. Entries are not automatically filled in when you visit a web page. To use Password Safe you’ll have to open Password Manager and unlock it. Then you’ll find the relevant entry, copy the information, switch back to your browser, and paste the login info into the text field. This is a lot of hassle for the average user, and probably more than most will want to deal with.
Overall: (3.0)
While it doesn’t offer a fully automatic form fill function, autotype tries its best to fill this role — with disappointing results.
By default, Password Safe cannot fill any online forms automatically, as it does not directly interface with your browser. Most entries must be copied and pasted from Password Safe to your browser.
There is an autotype workaround that allows you to trigger a preset keystroke, though. However, the implementation of autotype is less than stellar, and still requires you open Password Safe, select the relevant entry, then initiate autotype. In a real sense, it’s only one step shy of what I already had to do — it’s eliminating the “paste” function, which wasn’t the time-consuming part of the operation.
Most frustratingly, this only works for login information — Password Safe’s autotype function does not currently support address forms.
Overall: (4.0)
Password Safe uses industry-standard encryption as well as a zero-knowledge policy, but doesn’t offer much in the way of additional security features.
Password Safe uses the Twofish algorithm with a 256-bit key and is open source which allows anyone who knows code to inspect it and point out flaws and weaknesses.
Since Password Safe only runs locally on your computer, most of the internal security options relate to individual device security, allowing you a measure of control over how often your vault will be locked and under what conditions.
This is nice, but there are other no-cost password managers which offer additional security features (such as breach detection and dark web monitoring) which are also free. Password Safe feels barebones by comparison.
Overall: (4.0)
2FA is available, but limited to specific authenticator applications.
While Password Safe doesn’t support 2FA on its own, it is compatible with a few third party authenticator USB keys such as YubiKey and OnlyKey.
Both of these products are physical USB keys that, when used, must be inserted into your device to access your password vault.
Password Safe recently released version 3.64.0 in November 2023. Changes in 3.64.1 include:
Password Safe is one of the few open-source, completely free password managers, but it’s only one fish in a much bigger pond. Competitors including Dashlane, Keeper, RoboForm, LastPass, and NordPass could be a better fit. We looked closely at each password manager, spent time using the services, and researched each one for hours. Our research provides objective information about each company so you can find the one that will be best for you.
See how Password Safe compares to other top-tier password managers that the PasswordManager.com team recommends:
Password manager | Details | Best features |
---|---|---|
Password Safe Overall rating: (3.6) | Starting price: Free Platform compatibility: Windows, Linux Security: Twofish algorithm with a 256-bit key |
|
1Password Overall rating: (4.8) Read our full 1Password review. Consider 1Password if: You’re seeking unlimited password management at a fair price. | Starting price: $2.99 per month Platform compatibility: Android, iOS, Linux, Mac, Web (Brave, Chrome, Edge, Firefox, Safari), Windows Security: AES 256-bit encryption, 2FA |
|
Dashlane Overall rating: (4.7) Read our full Dashlane review. Consider Dashlane if: You’re looking for one of the best cheap password managers. | Starting price: Free Platform compatibility: Android, iOS, Mac, Web (Chrome, Edge, Firefox, Safari), Windows Security: AES 256-bit encryption, 2FA |
|
Keeper Overall rating: (4.6) Read our full Keeper review. Consider Keeper if: You want to enjoy the feature of secure biometric logins. | Starting price: $2.91 per month Platform compatibility: Windows, MacOS, Linux, Android, iPhone, and iPad. Browser extensions for Safari, Opera, Firefox, Edge, Chrome Security: AES 256-bit encryption, PBKDF2 |
|
RoboForm Overall rating: (4.5) Read our full RoboForm review. Consider RoboForm if: You want to sync your passwords through multiple platforms and won’t mind its compatibility with fewer platforms than Password Safe. | Starting price: $1.99 per month Platform compatibility: Windows, Mac, iOS, and Android support for their respective major browsers, including Microsoft Edge Security: AES 256-bit encryption, 2FA |
|
LastPass Overall rating: (4.4) Read our full LastPass review. Consider LastPass if: You want additional features and are willing to pay a high price for it. | Starting price: Free Platform compatibility: Windows, Mac, Linux, and mobile platform Security: Zero-knowledge security model |
|
NordPass Overall rating: (4.3) Read our full NordPass review. Consider NordPass if: You don’t want different packages for your family and business. | Starting price: Free Platform compatibility: Windows, macOS, Linux, Android, iOS, and popular browsers, such as Google Chrome, Firefox, Edge, Brave, Opera, and Safari Security: XChaCha20 encryption algorithm and a zero-knowledge policy |
|
The biggest con is its lack of dedicated support and intuitive design. While it does a lot for a free product, you will likely spend a lot of time in the support forums and help document figuring out how to get it to work exactly the way you want. This won’t be a drawback if you enjoy this process, but the average user probably wants something closer to a plug-and-play experience.
Password Safe has been consistently updated since it was first released in 2002. It has no dedicated servers to upload to, eliminating any chance of a data breach on the company’s part. You can rest easy knowing your data is secure.
Open source means the entirety of the code is available for anyone to see, inspect, and change. For Password Safe, this is like an insurance policy against accusations of including “back doors” in the software.
If anything malicious was hiding in the code, anyone could find it and call it out. This also lets the software take on a life of its own outside of the main developer, allowing others to port the program to other platforms.
It may be safer as long as you’re downloading the program directly from the links provided by the main website. Open-source software can be changed and redistributed by anyone, but the developer controls the version released through its official website; you can trust it has not been tampered with.
All data is encrypted and stored locally on the device of your choice and accessible only to those who know your Master Password.
Password Safe, originally designed by Bruce Schneier, was released as a free utility application. Schneier is a public-interest technologist working at the intersection of security, technology, and people; he writes about security issues on his blog. Since its original release, Password Safe has evolved considerably as development shifted from Bruce to a team of volunteer developers, including Rony Shapiro.
Our rating process involves a thorough and detailed study of the various features stacked against the competition. I looked at the multiple facets and features provided by Password Safe compared to other significant industry players through direct testing to ensure an accurate rating. I’ve also applied my experience using Password Safe to provide a user’s perspective.
The things I evaluated when testing Password Safe include:
Learn more about our review methodology.
About The Password Manager, Gunnar Kallstrom:
Kallstrom is a Cyber Team Lead for a DOD contracting company in Huntsville, Alabama, and has also worked as a computer network defense (CND) Cyber Analyst. An author and content creator for a cybersecurity academy, Kallstrom spent nearly 15 years in the Army as a musician before entering the cybersecurity field.
He holds a bachelor’s degree in music from Thomas Edison State University and a master’s in organizational development and leadership from the University of the Incarnate Word.
Kallstrom has completed several Computing Technology Industry Association (CompTIA) courses, including Security+, Network+, A+ Core 1, and A+ Core 2. He earned a CompTIA Security+ Certification. Additionally, he has completed the Cyber Warrior Academy program with more than 800 hours of hands-on, intensive, and lab-driven technical training in cybersecurity methods and procedures.
Passionate about all things cyber, Kallstrom was a speaker on a panel at the 2022 InfoSec World conference, giving a talk entitled “Hacking into a Cyber Career – True Stories.” Kallstrom is also a mentor to entry-level cybersecurity candidates seeking to break into the field. When he’s not working, he still enjoys playing guitar and fishing (not phishing).