Generally, a password manager stores all your passwords. It automatically fills them in your web browser and mobile apps. In this post, we are going to explain to how safe are Password Managers that stores all your passwords.
But is trusting an app with your passwords and storing them all in one place is a smart idea or not. Yes, it is and indeed it is a good idea. We recommend everyone use a password manager, which is far superior to other ways of keeping track of your passwords. Here is why they are a safe choice.
A password manager basically stores your passwords in a secure vault. That you can unlock with a single master password. Optionally, there is an extra two-factor authentication method to help keep everything extra secure.
Password managers let you use strong and unique passwords everywhere. This typically is not possible for most people, like can you really remember unique and strong passwords for every website you use? Password managers can generate and remember passwords such as E.wei3-uaF7TaW.vuJ_w.
If you do not use a password manager to store your passwords, then you probably cannot remember all the unique, strong passwords you would need to use. Most people end up reusing the same passwords on multiple websites—that is the most dangerous thing.
As a password database leak at once website means your accounts on another site are wide open. Someone just has to try signing in with the same email address and password combination from the breach.
You can try creating “unique” passwords yourself based on a pattern. For example, your base password might be _p@ssw0rd_. You could modify it based on the domain name —for example, when signing into facebook, you could take the “f” and the “a” and make it fp@ssw0rda.
Repeat this method for each account you use and you will have unique passwords you can remember yourself. Right? Well, not really all your passwords are now predictable. And what happens when a website does not allow special characters or limits you to a specific number of digits and your method does not work?
With using a password manager, you just have to create one strong password and remember it. While you do have to place some trust in whatever password manager you choose. Hence using a password manager is more secure than the alternatives.
The password managers that we recommend have never had their passwords compromised, but many people have gotten in trouble through reusing passwords. Exploiting those reused passwords is often how attackers “hack” accounts nowadays.
We and many other sites recommend 1Password and LastPass as our top picks. Both protect your password vault with strong encryption such as AES-256, specifically even while it is stored in the cloud.
While the passwords are on your PC, phone, or tablet, they are protected with a “master password” you know that makes them unreadable by anyone without that password. On modern devices, you can also unlock your vault with biometric authentication, like Face ID or Touch ID on iPhones.
Both services say the master password never leaves your device, and they could not access your passwords if they want, they have zero-knowledge of your passwords. They have undergone third-party audits and code reviews.
Neither has ever suffered a serious breach and both are upfront and transparent about how they protect your data. See the 1Password and LastPass websites for more further details.
Would you prefer doing it yourself? then open-source password managers like Bitwarden and KeePass also exist. You can also use these open-source applications to store your password on your own devices or servers.
For example, you could set up your own synchronisation server for Bitwarden or manually sync a KeePass database between your devices. It will likely be more complex and more work and the apps are not as user-friendly. However, if you prefer open-source software then, options are available.
Ultimately, you are placing some trust in the password-manager companies here. Sure, because the companies promise to keep your passwords safe. However, they could update their software to capture your passwords or a massive security hole could open your passwords to attack. The companies are audited for security, but what will happen if they turned bad?
Sure, that is a risk to you. You can trust your password manager like any other application you use. The same is true for any application on your PC or most browser extensions. They could also spy on you and phone home, reporting your passwords, credit card numbers, and communications to someone else.
But that has not happened till yet. These are very reputable companies in the business of security. It is probably more dangerous to install random browser extensions, many of which get full access to everything that happens in your browser and could phone home with those details—than store your passwords in a password manager.
We follow our own advice and use password managers like 1Password and LastPass. The password managers built into browsers like Chrome and Apple’s Safari are getting better, but they just are not as powerful or fully featured yet.
On top of safety, these password managers offer many convenience benefits. You can also easily share your passwords with a friend, family member, or coworker. You can automatically fill those passwords on mobile without typing them in even on an iPhone or iPad.
Password managers like 1Password and LastPass provide alerts if any of the passwords you are using have been breached in an attack and recommend passwords you should change. It is a big improvement over trying to keep track of all your passwords without any help.