If you're struggling to keep track of your online passwords, you're not alone. Almost everything you do on the internet beyond simple web browsing requires a login. Some people use easy-to-remember passwords, while others have one complex password for all their accounts. Neither option is recommended since they make it easy for identity thieves and other criminals to steal your credentials. A much better option is a password manager – but what are they, how do they work, and are they safe?
What are password managers?
A password manager is software that helps users create strong passwords, store them in a digital vault protected by a single master password, and then retrieve them as needed when logging into accounts.
Should you use a password manager?
Using a password manager certainly offers benefits. Password leaks have become common – that is, when websites are hacked, and user data such as usernames and passwords fall into the hands of criminals. If hackers obtain your login credentials, they can try them on other websites. If you use the same credentials across multiple websites, then a leak of one website’s data could enable criminals to access all your online accounts. That is why it’s essential to use strong and unique passwords for each website. A strong password comprises at least 12 characters – ideally more – and is a mix of upper- and lower-case letters, numbers, and symbols. It also avoids obvious or commonly-known information about you, such as your date of birth or names of family members.
However, most of us have many online accounts – one 2020 study suggested the average internet user has around 100 – so keeping tracking of numerous, long, complex passwords becomes difficult. That’s where password managers come in – they simplify the process by generating secure, random passwords for you and remembering them, so you don't have to. Ultimately, the only password you need to remember is for the password manager itself.
How does a password manager work?
There are various password managers on the market. Once you’ve decided which one is right for you, the first thing to do is set it up and protect it with a master password. You will be keeping all your passwords in one place – i.e., in your digital vault – and your master password will be your key to that vault. Since your master password encrypts the contents of your vault, the password you choose must be a strong one. It's also important not to lose it – otherwise, you will need to reset the passwords for all your online accounts – so make sure it’s something you won’t forget. On mobile devices, some password managers allow access via fingerprint or face ID.
Once the password manager is installed, it will capture your username and passwords and save them in your digital vault whenever you log into an app or site. A good password manager should keep track of any changes made to usernames and passwords within the vault and offer to update the stored information for that website or app. Many password managers use auto-fill – that is, they automatically fill in your login credentials on websites and apps when you visit the relevant pages.
As well as saving time, the autofill function can help alert you to phishing – for example, if you find yourself on a site that resembles your normal banking site, but the form fields don’t automatically populate with your login information, it could be a sign that you’re on a phishing website with a different URL, potentially using a typosquatting domain.
Password managers don’t just remember password information either: most password managers will also remember your personal information, such as name, address, and credit card details, and autofill these where appropriate on web forms. This saves time when carrying out a transaction like online shopping. A good password manager will also store documents, medical records, and photos in an encrypted vault which only you can unlock.
When creating new accounts, a password manager will offer to generate a new secure random password for you, which saves the hassle of creating new passwords each time. Good password managers should also let you know if existing passwords are weak or have been compromised in a data breach.
One way that users can maximize the security of their password manager is by enabling multi-factor authentication (MFA) to their accounts. MFA means that unlocking your password manager requires something in addition to your master password. This might be a fingerprint, facial recognition, a code sent to a mobile authenticator app, or a hardware security key.
Once you have created your master password and set up multi-factor authentication on your account, you can make your password manager easier to use by installing a browser extension. A good password manager will offer extensions for popular browsers.
Are password managers safe?
Given the information they hold – all your passwords, contact details, credit card details, and potentially other important documents – it's reasonable to ask, how safe are password managers, and are password managers secure?
Some password managers can be hacked. But in those cases there's an important caveat: the information contained within your password manager should be encrypted. Assuming your password manager uses industry-standard encryption such as Advanced Encryption Standard (AES), it should be almost impossible for criminals to decipher the contents. While each password manager offers different features, it is generally true to say that password managers are safe to use.
The password managers themselves do not store or access your master password or the encrypted information in your password database. This provides an additional layer of security. A key aspect of password manager security lies in the strength of your master password – so it’s essential to choose something strong (and to keep it safe).
Tips for choosing a password manager
Here are some useful tips on choosing the right password manager for you:
- Choose software that has strong encryption.
- Check for a lockout feature, which is helpful in case you forget your password.
- Should something go wrong, be prepared to understand how the vendor will reach out to help you — telephone, email, or chat.
- Check whether the software offers identity theft protection and whether it takes other measures to protect against other malicious behavior.
- Be comfortable using the software. Look into the usability of any password manager you are considering and ensure you will be able to integrate it with whatever devices or browsers you typically use.
- Calculate the costs and benefits. A full-featured password management suite certainly brings the best value, but there are also free password manager applications that you can download as a trial to test your interest.
A word on browser-based password managers. Some web browsers have integrated password managers. These tend not to compare favorably with dedicated password managers since they usually store passwords on your computer in an unencrypted form. This means that, unless you encrypt your computer's hard drive, people could access the password files on your computer and view them. In addition, some browser-based passwords don't automatically generate random passwords, and they may not offer cross-platform syncing.
FAQs about password managers
How do password managers work?
Password managers store all your passwords in a digital encrypted vault. When using a password manager, when you visit websites, the password manager will auto-fill the appropriate login information for that website. This means that you don’t have to remember your username, password, and email address for each website – the password manager does it for you.
Why use a password manager?
It's recommended to use strong, unique passwords for each site you log into. But most of us have numerous passwords, and keeping track of them can be difficult. A password manager simplifies the process by generating secure, random passwords and remembering them, so you don't have to. Ultimately, the only password you need to remember is for the password manager itself. In addition, most password managers will allow you to store documents, medical records, and photos in an encrypted vault that only you can unlock.
How safe are cloud-based password managers?
Most cybersecurity experts agree that cloud-based password managers are safe to use and, in fact, are the most secure way to store your passwords. A password manager with AES-256 encryption – that is, military-grade encryption – is almost impossible to crack. A good password manager should operate from a zero-knowledge principle – that is, the software creator should not know anything at all about your data, nor should anyone else. In addition, the ability to enable multi-factor authentication (MFA) on your password manager provides an additional layer of security. No matter which password manager you choose, avoid accessing it on public networks because your data can still be captured at any time.
A password manager helps protect your data online
When used daily, password managers are a convenient solution that can help secure your most private and sensitive information on the internet. There are various password managers on the market, and it's worth taking the time to find one that is right for you. The right password manager will help to protect your data online.
Kaspersky Password Manager keeps all your passwords and documents in a secure private vault, which you can access with one click from all your devices. It also:
- Automatically fills out login fields and auto-completes form fields with information like email addresses and bank card details.
- Alerts you if you’re using weak or duplicate passwords and warns you if your passwords have been leaked online so you can take action.
- Uses ultra-strong AES-256 encryption and operates from a zero-knowledge principle, which means that neither Kaspersky nor anybody else knows anything about your data.
Further reading: