We put Password Safe password manager to the test for plan value, compatibility, features, and security. See why The Password Manager rated Password Safe 4.6/5.
By: Gunnar KallstromHead of information systems and cybersecurity research
Updated April 28, 2023
Password Safe: A Quick Overview
Bottom line: While Password Safe is free and open source, an outdated, clunky user experience (UX) and few quality-of-life features keep Password Safe from truly shining.
Who should choose Password Safe? Those who like to tinker or who prefer a bare-bones experience.
Password Safe’s Editor Rating
Overall: (4.6)
Password Safe’s rating is earned mainly by its price tag (free) and reliable security. But it struggles against competitors in other metrics.
Plans and pricing: (5.0)
Platform: (3.0)
UX: (3.0)
Form filling: (3.0)
Security: (4.0)
2FA: (4.0)
Password Safe standout features
Support
Community forum
Help document
Best for
Tinkerers and Linux users
Promotion
None needed — Password Safe is free
What Are the Pros and Cons of Password Safe?
Password Safe is the kind of experience that only appeals to a limited audience, but it has some strengths. If you’re willing to work with it, there could be a diamond in the rough waiting for you to pluck it out.
Pros
Security: Password Safe uses industry-standard encryption in addition to local storage only — the company doesn’t know your information because it doesn’t have it.
Open source: Password Safe is, and always will be, free.
Consistently updated: Despite having been around since 2002, the development team of Password Safe still hasn’t lost steam for this project, with updates multiple times per year.
Cons
Difficult to use: Password Safe doesn’t have an intuitive design for those who aren’t programmers. While it can handle most of what you’d want a password manager to do, some of it is difficult to get working.
No live support: There are only two support options for Password Safe — the extensive FAQ and the community forums. If you have a problem, you’ll have to troubleshoot yourself.
Who Should Choose Password Safe?
Step1.People who like to tinker: Password Safe is a powerful tool in the right hands, but doesn’t hold yours by teaching you to use it. If you like instruction manuals, this is the password manager for you.
Password Safe Plans and Pricing
Overall: (5.0)
The most notable feature of Password Safe is it’s completely free. While other services offer a limited free version with subscriptions to their premium version, Password Safe is unlocked from the start with no need to ever pay its creator a dime. This alone may sell you on Password Safe despite its other drawbacks.
If you appreciate Password Safe, donations are accepted to reward the developer, Rony Shapiro, for the hours of labor they put into keeping this piece of software up to date.
Password Safe Features
Price
Free
Best for
Tinkers and people who use Linux
Free trial
Not needed
Platform compatibility
Windows, Linux
Autofill capability
No
Guest accounts
No
Number of passwords
Unlimited
Password sharing
No
2FA
Yes
Account recovery
No
Support types
Community forums, help document
Encryption
Twofish algorithm with a 256-bit key
Reporting capabilities
No
Single sign-on (SSO)
Yes
Password Safe Platform Compatibility
Overall: (3.0)
Password Safe is only available for two platforms, however as an open-source piece of software it has been ported over to other systems. Currently, it is only officially supported on:
Step1.Windows
Step2.Linux
While Password Safe is only available for Windows and Linux devices, it has been unofficially ported to other platforms by third parties. Yet even the developer admits it has not tested most of these distributions, and your mileage may vary.
Support for these offshoots comes and goes depending on the attention span of the person who released it — just because a version exists for iOS doesn’t mean it’s going to receive regular updates.
Password Safe UX
Overall: (3.0)
Password Safe’s UX isn’t outright hostile, but it caters to a specific crowd.
Let’s cut to the chase — Password Safe isn’t going to win any design contests. The user interface may look warm and familiar to those used to digging through their computer’s registry or who love tinkering with open-source tools. But the average person will run into problems right out of the gate as they are hit with a mass of icons and options only made clear through intentional exploration.
If you’re importing password data from another source, few formats are supported. It only accepts imports as plain text, XML, or (interestingly) from its most direct competitor in the field, KeePass, another free, open-source password manager.
Even when you’ve entered every password you might need, you’ll go through a multi-step process to use them. Entries are not automatically filled in when you visit a web page. To use Password Safe you’ll have to open Password Manager and unlock it. Then you’ll find the relevant entry, copy the information, switch back to your browser, and paste the login info into the text field. This is a lot of hassle just to not have to remember passwords.
Password Safe Form Filling
Overall: (3.0)
While it doesn’t offer a fully automatic form fill function, autotype tries its best to fill this role — with disappointing results.
By default, Password Safe cannot fill any online forms automatically, as it does not directly interface with your browser. Most entries must be copied and pasted from Password Safe to your browser.
There is an autotype workaround that allows you to trigger a preset keystroke, though. However, the implementation of autotype is less than stellar, and still requires you open Password Safe, select the relevant entry, then initiate autotype. In a real sense, it’s only one step shy of what I already had to do — it’s eliminating the “paste” function, which wasn’t the time-consuming part of the operation.
Most frustratingly, this only works for login information — Password Safe’s autotype function does not currently support address forms.
Password Safe Security
Overall: (4.0)
Password Safe uses industry-standard encryption as well as a zero-knowledge policy, but doesn’t offer much in the way of additional security features.
Password Safe uses the Twofish algorithm with a 256-bit key and is open source which allows anyone who knows code to inspect it and point out flaws and weaknesses.
Since Password Safe only runs locally on your computer, most of the internal security options relate to individual device security, allowing you a measure of control over how often your vault will be locked and under what conditions.
This is nice, but there are other no-cost password managers which offer additional security features (such as breach detection and dark web monitoring) which are also free. Password Safe feels barebones by comparison.
Password Safe Two-Factor Authentication
Overall: (4.0)
2FA is available, but limited to specific authenticator applications.
While Password Safe doesn’t support 2FA on its own, it is compatible with a few third party authenticator USB keys such as YubiKey and OnlyKey.
Both of these products are physical USB keys that, when used, must be inserted into your device to access your password vault.
Recent Improvements to Password Safe
Step1.Text (CSV) import is more lenient in what it accepts, making it easier to import data from other password managers.
Step2.When the password is shown, the "Confirm Password:" text is hidden, as the confirmation text box is used to display the length of the password. Hopefully, this makes things less confusing.
Step3.SF890 "Recurring" checkbox is now set by default, as this seems to be the more common use-case when setting password expiration in days.
Compare Password Safe Alternatives
Password Safe is one of the few open-source, completely free password managers, but it’s only one fish in a much bigger pond. Competitors including Dashlane, Keeper, RoboForm, LastPass, and NordPass could be a better fit. We looked closely at each password manager, spent time using the services, and researched each one for hours. Our research provides objective information about each company so you can find the one that will be best for you.
See how Password Safe compares to other top-tier password managers that the PasswordManager.com team recommends:
Consider RoboForm if: You want to sync your passwords through multiple platforms and won’t mind its compatibility with fewer platforms than Password Safe.
Starting price: $1.99 per month
Platform compatibility: Windows, Mac, iOS, and Android support for their respective major browsers, including Microsoft Edge
Consider NordPass if: You don’t want different packages for your family and business.
Starting price: Free
Platform compatibility: Windows, macOS, Linux, Android, iOS, and popular browsers, such as Google Chrome, Firefox, Edge, Brave, Opera, and Safari
Security: XChaCha20 encryption algorithm and a zero-knowledge policy
Secure data sharing solution
Safe sharing of login details
Real-time breach monitoring
Data breach scanner
Frequently Asked Questions About Password Safe
What are the cons to Password Safe?
The biggest con is its lack of dedicated support and intuitive design. While it does a lot for a free product, you will likely spend a lot of time in the support forums and help document figuring out how to get it to work exactly the way you want. This won’t be a drawback if you enjoy this process, but the average user probably wants something closer to a plug-and-play experience.
Can Password Safe be trusted?
Password Safe has been consistently updated since it was first released in 2002. It has no dedicated servers to upload to, eliminating any chance of a data breach on the company’s part. You can rest easy knowing your data is secure.
What does it mean that Password Safe is open source?
Open source means the entirety of the code is available for anyone to see, inspect, and change. For Password Safe, this is like an insurance policy against accusations of including “back doors” in the software.
If anything malicious was hiding in the code, anyone could find it and call it out. This also lets the software take on a life of its own outside of the main developer, allowing others to port the program to other platforms.
Wouldn’t Password Safe being open source make it less secure?
It may be safer as long as you’re downloading the program directly from the links provided by the main website. Open-source software can be changed and redistributed by anyone, but the developer controls the version released through its official website; you can trust it has not been tampered with.
Where does Password Safe store my passwords?
All data is encrypted and stored locally on the device of your choice and accessible only to those who know your Master Password.
What Is Password Safe the Company?
Password Safe, originally designed by Bruce Schneier, was released as a free utility application. Schneier is a public-interest technologist working at the intersection of security, technology, and people; he writes about security issues on his blog. Since its original release, Password Safe has evolved considerably as development shifted from Bruce to a team of volunteer developers, including Rony Shapiro.
Our rating process involves a thorough and detailed study of the various features stacked against the competition. I looked at the multiple facets and features provided by Password Safe compared to other significant industry players through direct testing to ensure an accurate rating. I’ve also applied my experience using Password Safe to provide a user’s perspective.
The things I evaluated when testing Password Safe include:
Plan value: Most password managers offer various subscription plans from free to around $20 per month. While free plans may be sufficient for some, those that need more functionality may prefer paid plans.
Platform compatibility: You likely access your online accounts from multiple devices, including desktops, laptops, tablets, phones, as well as through different web browsers. Your password manager should be compatible with various devices, operating systems and browsers, and sync seamlessly between them all.
UX: This is how you interface with all the features and functions of your new password manager — if it’s bad, you’ll be less likely to use the service. While this is a highly subjective category and some will disagree, it’s important to provide an overview based on my experience.
Form filling: A password manager doesn’t have to include form-filling, but it’s somewhat standard and the ease with which it performs that function can be the deciding factor in which password manager you ultimately choose.
Security: Since a password manager is first and foremost a security tool, it should come with all of the most up-to-date standard security features. This includes the highest level of available encryption (256-bit AES with PBKDF2-HMAC-SHA512); 2FA, such as biometric logins or multi-factor authentication, and a password generator.
Two-factor authentication (2FA): Used all over the internet to protect your accounts, this is quickly becoming a standard security practice. 2FA is a great way to secure more sensitive accounts to ensure they’re not breached.
Kallstrom is a Cyber Team Lead for a Department of Defense (DOD) contracting company in Huntsville, Alabama, and has also worked as a computer network defense (CND) Cyber Analyst. An author and content creator for a cybersecurity academy, Kallstrom spent nearly 15 years in the Army as a musician before entering the cybersecurity field.
He holds a bachelor’s degree in music from Thomas Edison State University and a master’s in organizational development and leadership from the University of the Incarnate Word.
Kallstrom has completed several Computing Technology Industry Association (CompTIA) courses, including Security+, Network+, A+ Core 1, and A+ Core 2. He earned a CompTIA Security+ Certification. Additionally, he has completed the Cyber Warrior Academy program with more than 800 hours of hands-on, intensive, and lab-driven technical training in cybersecurity methods and procedures.
Passionate about all things cyber, Kallstrom was a speaker on a panel at the 2022 InfoSec World conference, giving a talk entitled “Hacking into a Cyber Career – True Stories.” Kallstrom is also a mentor to entry-level cybersecurity candidates seeking to break into the field. When he’s not working, he still enjoys playing guitar and fishing (not phishing).
