Are Password Managers Safe?

Posted on 21 November 202421 November 2024

This week, we’re looking at password managers and if they are actually safe to use.

First things first, what are password managers?

A password manager is a software application designed to securely store and manage your passwords and other sensitive information. These tools help you create, store, and autofill strong, unique passwords for each of your accounts, reducing the risks associated with using weak or repeated passwords.

Password managers are classified as online security tools because they are meant to protect your most sensitive digital information, such as login credentials and payment card details.

A trusted password manager enables you to apply password best practices, such as using long, unique, and unguessable combinations.

How do password managers secure your passwords?

There are multiple ways that password managers secure your passwords – starting with a secure encryption process that uses a specific cipher to protect the transfer of data online.

The zero-knowledge architecture used by the top password managers ensures that passwords are encrypted before they leave your device. When they’re on a server, even the provider has no way to decipher them. Some password managers will remind you to change passwords regularly and evaluate their strength. Others will additionally scan the dark web to check if any of your logins got leaked online.

The only password you’ll need to remember on your password manager is the master password – as long as it’s secure, there’s no way for anyone to access it. If you choose a memorable, yet completely unique password and combine it with multifactor authentication (MFA), you should be safe. It’s even better if you choose a multifactor authentication option such as biometric authentication e.g. fingerprint or face scan.

Types of password managers

There are three main type of password managers: browser-based, cloud-based, and desktop-based. Each comes with its own set of pros and cons, including those related to security.

Browser-based password managers – these are usually free and very convenient to use – you don’t need to use a separate app to save and autofill your passwords. However, they’re not considered the safest. While encryption and two-factor authentication make browser-based password managers pretty safe, there are quite a few security-related concerns.
Also, not all browser-based password managers have a password generator. Without one, you will have to create them manually, and most users opt for more simple and, thus, more vulnerable passwords. Browser password managers also can’t detect weak or reused passwords.
Cloud-based password managers – when compared to browser-based password managers, cloud-based password managers are safer, as they have more features that enhance security. Most cloud-based password managers also provide a backup for your vault. This means that if something happens to the server, you can recover a recent version of your database. Some also allow you to store not only passwords but also secure notes and credit card details.
Additionally, cloud-based password managers can detect reused and weak passwords, generate strong ones, and check if your logins have been leaked. They also work on multiple browsers and operating systems. It means that you don’t have to think about how to copy and paste something from your database securely.
Desktop-based password managers – these can be the safest option to use; however, that completely depends on the user. All information you store on a desktop-based password manager is, essentially, stored on your device. That means that no third-party has any link to that information. This eliminates the risk of exposing your data during a data breach that could potentially affect the password manager provider.
However, there are a few downsides that must be considered. For starters, you are responsible for regular backups. If your device breaks down irreparably, your vault containing all your passwords may be gone. Since all data is stored on one device, you cannot sync it with other devices and therefore, recover it easily. You also have to consider the possibility that someone could access your physical device without your permission and gain access to the password manager vault as well. To combat this, you want to make sure that you have a strong lock on your computer as well as a strong master password for your password manager.

What if your password manager gets hacked?

In most cases, getting hacked shouldn’t result in all your passwords falling into the wrong hands. This is because your passwords are encrypted locally. Password managers have no way to decipher your data because they implement a zero-knowledge policy. So if a hacker breaks into your vault, they will see only encrypted information.

There’s a chance that an attacker could break into your physical device by stealing it or using malware. Even then, they will need your master password. If you use biometric data, such as fingerprint or face ID, the chance of a successful attack becomes low. If the attacker installs malware on your device, your best move is to reinstall the OS and change all passwords in your vault. Make sure to also turn on MFA that require additional factors to authenticate a login. This way, you will notice when an unusual request comes to the authenticator app.

What are the main benefits of using a password manager?

While there are some risks to using password managers, the benefits greatly outweigh them. Here are the main advantages to using a reliable password manager:

Enhanced security – if you use a trustworthy password manager that employs reliable encryption, you can enjoy enhanced protection of all your stored items, including passwords, payment card numbers, identification data, birth dates, door codes, etc. As long as you create a strong master password and implement MFA, you can be sure that no one will be able to get into your vault and access your confidential information. You certainly cannot achieve that level of security with post-it notes, notes apps, or spreadsheet documents.
Improved password habits – when you don’t have to think about remembering complex passwords, you can easily apply password best practices. You don’t need to reuse passwords, use memorable and easily guessable combinations, or store them in unsafe locations.
Convenience – often overlooked, but convenience is a huge benefit when it comes to passwords. If you sync your account across different devices, you can always access them, no matter where you are. Again, the fact you don’t need to remember your passwords and other sensitive data provides you with an opportunity to keep all of that data extra safe. Plus, when it comes to sharing passwords, many managers make the process quick, easy, and safe too.

In conclusion…

Password managers are safe if you choose a reliable provider and implement password management best practices. If you use password123 as your master password to unlock your entire vault, it could easily be guessed and breached even if you use a reliable manager, especially if you don’t add MFA for added security.

Don’t forget that all types of password managers can also be affected by malware inside your devices so using a good antivirus is also vital.

Posted in News

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.