Password Manager Lab
Home Posts Topics
Matcher Tools Glossary Resources About
Defensive / Tools network
AnonGuide Privacy Ranker Secure Mail Guide
A hands-on password manager testbench comparing vaults across desktop, browser, and mobile clients
site

What Password Manager Lab is and how we test

Our methodology for reviewing and comparing password managers: what we test, what we don't accept, and how to read our coverage.

By PML Editorial · · 7 min read

Password Manager Lab publishes independent reviews, head-to-head comparisons, and setup guides for password managers and credential security tools.

What we cover

  • Manager reviews — 1Password, Bitwarden, Dashlane, Keeper, NordPass, and the broader field
  • Comparisons — browser-saved passwords vs. dedicated vaults; free tiers vs. paid; cloud sync vs. local-only
  • Setup guides — step-by-step walkthroughs for first-time setup, family sharing, and team plans
  • Security fundamentals — passkeys, TOTP, hardware keys, breach alerts, and how credential stuffing works

How we evaluate

Every manager review scores the same seven dimensions:

  1. Encryption model — where keys are derived, whether zero-knowledge is actually zero-knowledge, and what the audit record looks like
  2. Cross-platform reach — iOS, Android, Windows, macOS, Linux, browser extensions
  3. Auto-fill reliability — tested on a fixed set of login pages including financial sites, government portals, and poorly-built forms
  4. Sharing and recovery — emergency access, family plan usability, what happens when you lose your device
  5. 2FA integration — built-in TOTP, hardware key support, whether the vault itself requires MFA at login
  6. Breach monitoring — Pwned Passwords / Have I Been Pwned integration, scope, accuracy
  7. Price and business model — what the free tier actually includes, whether the pricing is stable, and what we know about the company’s ownership

What we don’t do

We don’t accept payment for coverage. Affiliate links exist on this site (disclosed on every post that uses them), but they don’t determine what we write or how we rate. A manager that pays more in commissions does not get a higher score.

We don’t review products we can’t install and test ourselves. That excludes enterprise-only tools with no trial access. If a review has restrictions, they’re stated.

We don’t pretend audit reports are a substitute for independent testing. We read them. We also test.

Who writes here

Pseudonymous editorial team. Tips and corrections welcome via [email protected].

For more context, Docker homelab tutorials covers related topics in depth.

#meta #methodology

Related

A shared family password vault with separate member logins and parent-managed access controls
Buying Guide

Best Password Manager for Families 2026: Compared and Ranked

We compared 1Password, Bitwarden, NordPass, and Keeper on shared vaults, emergency access, family recovery, and per-seat pricing based on published
A locked password vault with recovery-code and emergency-kit options for a forgotten master password
guides

Lost master password recovery: what works in Bitwarden, 1Password, and KeePassXC

What you can do if you forget your master password in Bitwarden, 1Password, or KeePassXC, and the recovery options to set up before you need them.
A breach-alert checklist for the first 24 hours: rotate master password, revoke sessions, reset reused logins
guides

Password manager breach response: what to do in the first 24 hours

Run this playbook in the first 24 hours after a password manager breach: triage your master password, rotate accounts by tier, and handle TOTP and passkeys.

Comments