Password managers are trust: you give them every password you own. If the password manager leaks, steals data, or doesn’t encrypt properly, you’re compromised everywhere. Most password managers are cloud-based, which means servers hold your encrypted vault.
This guide compares four password managers focused on actual privacy, not marketing claims. We test encryption, logging, source code, and jurisdiction.
What Makes a Password Manager Private
Zero-Knowledge: Company cannot access your passwords. Even employees can’t read your vault.
End-to-End Encryption: Passwords encrypted on your device before leaving. Company stores encrypted blob they cannot decrypt.
Open Source: Code is public. Security researchers audit it. Bugs are found faster.
No Logging: Company doesn’t log what you access, when, or how often.
Self-Hosting Option: You run the server. Company never sees your data.
Privacy Jurisdiction: Company based in country with strong privacy laws (EU, Switzerland) not weak ones (US, UK, Australia).
Password managers claim privacy but don’t all deliver it. Let’s test the ones that actually do.
Bitwarden
Price: Free, $10/year individual, $40/year family (5 people), $3/user/month teams
Privacy Score: 8/10
Encryption: AES-256 with PBKDF2 key derivation
Open Source: Yes, both client and server
Self-Hosting: Yes, free community edition available
Logging: Minimal. Server logs connection, not vault access
Jurisdiction: US-based (Virginia)
How Bitwarden Works
You create an account. Bitwarden generates a master password hash (never sent to their servers). Your master password is stretched through PBKDF2 (600k iterations on web, 100k on mobile) making dictionary attacks impossibly slow.
Your vault is encrypted with a key derived from your master password. This key never leaves your device. When you sync, only the encrypted vault is sent.
Bitwarden’s servers store:
- Username
- Encrypted vault
- Sync metadata
They cannot decrypt your vault even if they wanted to. Code is open-source, audited by security researchers. Vault structure is transparent.
Real Privacy Test
Hypothetical: Bitwarden gets hacked. Attackers steal the database of encrypted vaults.
Result: Your passwords are unreadable. Attackers have ciphertext. Without your master password, they gain nothing.
Reality check: Bitwarden employees could theoretically alter the client-side code to steal passwords before encryption. But code is open-source, so malicious changes would be caught immediately.
Downsides
US jurisdiction: If US government subpoenas Bitwarden, they must comply. They can’t hand over passwords (they don’t have them), but they can be forced to log future activity. Unlikely but possible.
Ecosystem: To use Bitwarden on every device, you need:
- Web app (browser)
- Desktop app (Windows/Mac/Linux)
- Mobile app (iOS/Android)
- CLI tool
- Browser extensions
All are maintained. All work well. But setup takes longer than 1Password (which is integrated everywhere).
Who Should Use Bitwarden
- Budget-conscious: Free tier covers single users
- Privacy-focused: Open source, self-hosting available
- Technical: Self-hosting requires Docker/Linux knowledge
- Teams: Decent sharing, audit logs, SAML support at $40/user/year
1Password
Price: $2.99/month individual, $4.99/month family (5 people), $20/user/month teams
Privacy Score: 7/10
Encryption: AES-256 with PBKDF2 and Secret Key architecture
Open Source: No, but code is auditable via bug bounty
Self-Hosting: No
Logging: Minimal for access. Connection metadata only.
Jurisdiction: Canada-based (strong privacy laws)
How 1Password Works (Differently)
1Password adds a “Secret Key” to encryption. Your master password alone can’t decrypt your vault. You need:
- Master password
- Secret key (stored locally, never sent to servers)
This means if Agg_hackers steal 1Password’s database, they also need your Secret Key, which is on your device.
Real Privacy Test
Attackers steal 1Password database. They have encrypted vaults and usernames.
To crack one vault: They need your master password (6 years of dictionary attacks) AND your Secret Key (only on your device, never sent to servers).
Result: Vault stays secure even if database is stolen.
Downsides
Closed source: You trust 1Password’s implementation without being able to verify. They’ve been independently audited and haven’t had major breaches, so trust is empirically justified.
Canada vs Switzerland: Canada has decent privacy laws but less strong than Switzerland. In practice, 1Password complies with legal requests but can’t hand over passwords (architecture prevents it).
Price: $2.99/month adds up. $36/year vs Bitwarden’s $10/year or free.
No self-hosting: If 1Password goes down or gets hacked, you don’t control the fallback.
Who Should Use 1Password
- Non-technical users: Set up and forget. Works everywhere
- Apple ecosystem: Integrates with iCloud Keychain, Safari, Apple ID
- Teams: Better sharing, admin controls, audit logs included
- Budget not primary concern: $36/year extra for convenience is acceptable
KeePassXC (Self-Hosted Desktop)
Price: Free, open-source
Privacy Score: 10/10 (but with asterisks)
Encryption: AES-256, Argon2 key derivation
Open Source: Yes, fully audited
Self-Hosting: Yes, fully (you are the server)
Logging: Zero. No cloud sync at all.
Jurisdiction: N/A (local storage)
How KeePassXC Works
KeePassXC is a desktop app (Windows, Mac, Linux). You create a local database file (.kdbx) encrypted with your master password. The file stays on your computer. Period.
No cloud sync. No servers. No metadata collection. If you want the database on multiple devices, you sync it via Dropbox, NextCloud, or Git yourself. That’s your responsibility.
Real Privacy Test
Your computer is stolen. Your KeePassXC database is on the disk.
Result: Encrypted. Useless without your master password. Attackers can try dictionary attack on the local file (slow, takes months/years with Argon2), but no company is logging anything.
Extreme Privacy Benefit
KeePassXC stores nothing on remote servers. Even if you use cloud sync (Dropbox, etc.), the encryption is local-only. Dropbox cannot read your passwords.
Downsides (Serious)
No sync by default: You manage sync yourself. Dropbox, OneDrive, NextCloud, Git. Extra step.
No mobile app (officially): KeePassXC is desktop-only. iPhone? Use companion app like KeePass2Android (unofficial, community-maintained). Adds friction.
No browser integration (easy): You can’t fill passwords directly in browser like 1Password. Workaround: Copy password from KeePassXC, paste in browser. Slower.
No sharing: Sharing passwords with family/team is manual. Extract a sub-vault, email encrypted file, they import it. Not seamless.
Backup is your job: Lost your computer? You need a backup (encrypted, obviously). No automatic cloud backup.
Learning curve: Non-technical users struggle. Requires understanding file locations, backup strategy, sync tools.
Who Should Use KeePassXC
- Paranoid about cloud: You don’t want anything on servers, period
- Technical: Can set up Nextcloud, manage encrypted backups, sync via Git
- Solo users: Not sharing passwords with team
- Privacy absolutists: Maximum control, maximum privacy, maximum friction
- Budget: Free and you own your data
Proton Pass
Price: Free (basic), €9.99/month (ProtonPass Plus with ProtonMail)
Privacy Score: 8.5/10
Encryption: AES-256, TweetNaCL
Open Source: Yes, client open-source. Server partially open.
Self-Hosting: No
Logging: Minimal. Proton doesn’t log vault access.
Jurisdiction: Switzerland (strongest privacy laws globally)
How Proton Pass Works
Proton Pass is by the Proton company (ProtonMail creators), known for privacy-first design. Vault encrypts client-side. Proton servers cannot decrypt it.
Architecture is similar to 1Password: encryption happens on your device before sync. Server stores encrypted blob.
Key Advantage: Proton Ecosystem
If you use ProtonMail:
- Vault integrates with email
- Passwords sync across ProtonMail, ProtonVPN, Proton Pass
- One Proton account = all services
- Subscription cost is shared
If you use Proton+ ($12.99/month), you get:
- ProtonPass
- ProtonMail (unlimited email)
- ProtonVPN (unlimited)
- ProtonDrive (2TB storage, encrypted)
- ProtonCalendar
Value is good if you need multiple Proton services.
Downsides
Switzerland is good but not sovereign: Swiss privacy laws are strong but Switzerland is under international pressure. If US demands data, Swiss government may comply.
Closed-source server: Server code isn’t fully open, though client is. You trust Proton’s implementation.
Pricing tied to email: If you don’t use ProtonMail, $9.99/month for just Proton Pass seems expensive vs Bitwarden free.
Younger product: Proton Pass launched recently (2023). Less battle-tested than Bitwarden or 1Password.
Who Should Use Proton Pass
- ProtonMail users already: Natural addition to ecosystem
- Proton+ subscribers: You already pay, use Pass as included service
- Privacy + Switzerland: Want strong jurisdiction AND open-source client
- All-in-one privacy suite: Email + VPN + password manager in one subscription
Comparison Table
| Feature | Bitwarden | 1Password | KeePassXC | Proton Pass |
|---|---|---|---|---|
| Cost | $10/year or free | $36/year | Free | $120/year or included in Proton+ |
| Open Source | Yes, both sides | No | Yes | Client yes, server partial |
| Self-Hosting | Yes | No | Local only (not sync server) | No |
| Mobile Support | Native apps | Native apps | Community app | Native apps |
| Browser Fill | Yes, native | Yes, native | Via extension | Yes, native |
| Cloud Sync | Yes | Yes | Manual via Dropbox/NextCloud | Yes |
| Team Sharing | Yes | Yes | No | Limited |
| Jurisdiction | US (weak privacy) | Canada (good privacy) | N/A | Switzerland (best) |
| Encryption Strength | AES-256 + PBKDF2 | AES-256 + Secret Key | AES-256 + Argon2 | AES-256 + TweetNaCL |
| Privacy Score | 8/10 | 7/10 | 10/10 | 8.5/10 |
| Ease of Use | Easy | Very easy | Hard | Easy |
| Best For | Privacy budget-conscious | Non-technical users | Paranoid solo users | Proton ecosystem users |
Real-World Recommendation
For most people: Bitwarden free tier. Open-source, zero-knowledge, no cost. Set up in 10 minutes.
For Mac/iOS users who don’t care about cost: 1Password. Integrates with Apple ecosystem. $36/year is acceptable for convenience.
For paranoid people: KeePassXC + Nextcloud self-hosting + encrypted backups. Maximum privacy, maximum effort.
For Proton users: Proton Pass as part of Proton+ subscription. Natural addition.
For teams: Bitwarden at $40/user/year beats 1Password ($240/year) significantly.
Migration Path
Most people use LastPass, Apple Keychain, or nothing (remember passwords).
Leaving LastPass: LastPass had breaches, logging issues. Get out.
Step 1: Choose your manager (Bitwarden if no preference).
Step 2: Export passwords from old manager (usually CSV).
Step 2: Import into new manager.
Step 3: Change passwords on critical accounts (email, banking, cloud storage). This is important—old password is now in two places.
Step 4: Delete old password file once confirmed new manager works.
This takes 2-3 hours for 100 passwords. Boring but necessary.
What NOT to Do
Never reuse passwords: Each account needs unique password. Manager generates random 16+ character passwords.
Never screenshot passwords: Screenshot ends up in backup, cloud sync, iCloud Photos.
Never email passwords: Email is not encrypted. Emails are logged.
Never use browser’s built-in manager: Chrome passwords are tied to Google account. If someone gets Google password, they get every password.
Never use “weak” passwords you can remember: If you’re remembering passwords, they’re not strong enough.
Features You Don’t Need
Biometric login: Fingerprint/Face ID unlock the password manager app. Nice for convenience, not security.
Password strength meter: All managers show this. Doesn’t matter. Generate random passwords. Use manager’s suggestion.
Breach monitoring: Managers notify you if passwords appear in data breaches. Useful but not critical. You’ll hear about major breaches anyway.
Passkey support: New standard replacing passwords. Bitwarden and Proton Pass support it. Not widely adopted yet (2026). Useful but not decision factor.
Cost Analysis for Privacy
Bitwarden: $10/year for privacy. Cost per day: $0.03. Cheapest privacy.
Proton Pass alone: $120/year for privacy + Switzerland. Cost per day: $0.33.
Proton Pass in Proton+: $156/year for email + VPN + Pass + storage. Cost per day: $0.43. Good if you need email.
1Password: $36/year for privacy. Cost per day: $0.10. Convenient middle ground.
KeePassXC: $0/year but requires:
- Your time learning it (6 hours): Worth $100
- Backup strategy (external hard drive, encrypted): $50
- Sync setup (NextCloud): $5-10/month or self-hosted ($30/year)
Total hidden cost: $200-300 first year, then $60-120/year ongoing. Only worth it if you’re paranoid.
The Honest Assessment
Using any password manager is infinitely better than:
- Reusing passwords
- Using weak passwords
- Writing passwords down
- Remembering passwords (they’ll be weak)
Between good password managers (Bitwarden, 1Password, Proton), difference is 5%. All are secure.
Bitwarden is the privacy-per-dollar winner. 1Password is the ease-of-use winner. Both are good.
KeePassXC is for people who don’t trust the cloud with anything. Justifiable but requires discipline.
Pick one, set it up today, and stop reusing passwords.