Worrying about internet security is the new normal. As massive data breaches make headlines seemingly every other week, protecting yourself is more important than ever. A password manager is one way to keep your sensitive information safe, but if you aren’t using one, you’re far from alone: Most people prefer to memorize or jot down their passwords. In fact, only 24% use password managers, according to a recent survey from PCMag. While using a password vault seems like a no-brainer, we examine their pros and cons and answer the question you ultimately want to know: Are password managers safe?
What is a password manager?
Seventy percent of people in the U.S. have more than 10 password-protected accounts online, according to Digital Guardian. It’s no surprise, then, that good password hygiene can easily fall by the wayside, with 60% of people admitting to using the same password across multiple websites.
One way to reduce the headache of remembering complex and unique passwords is by using a password manager. This software can generate, store and auto-fill passwords for all your online accounts. Password managers can also keep track of other sensitive data like your credit cards, PINs, two-factor authentication tokens, security questions and more.
Some of the most popular password managers include:
- Keeper Security
- Sticky Password
- True Key
What do password managers do?
When you’re grappling with dozens of passwords, it’s easy to cut corners by using the same ones again and again. Unfortunately, most hacking-related breaches happen because of weak passwords.
“The purpose of password managers is to get you to use individual, secure passwords for all your accounts,” said Byron Albert, a Nashville, Tennessee-based cloud architect who has been working in internet security for 20 years. Many people still tend to use the same password everywhere, making them especially vulnerable to hackers.
If one of your accounts gets hacked, someone may try to use those same credentials elsewhere. Before you know it, the fraudster may have access to your bank accounts, credit cards, social media and more. Password managers have features that encourage you to create unique passwords. Some of these features may include, but aren’t limited to:
- Automatic form filler: By storing each of your logins and account websites, some password managers allow you to log in with a single click.
- Flag duplicate passwords: Worried about duplicate passwords? Some password managers will flag them for you.
- Password generator: This tool makes it easy to pick a secure password with the right number of characters, symbols and numbers.
- Password vaults: Password managers keep all your passwords encrypted in a vault that can be organized by topics.
- Security tracking: Some password managers watch for major password breaches and flag security issues.
- Two-factor authentication: This extra step in the login process makes signing in even more secure.
How do password managers work?
To get started, download a password manager app and/or browser extension onto your laptop and phone. The most popular password managers work on iOS, Android, Windows and Mac. Most offer a limited, free version to try before you commit.
Depending on download speeds, you may be able to set up your account within a few minutes. Most will ask for your email address and the master password—also called a passphrase. “A passphrase may be easy for you to remember, but it’s tougher for hackers to crack,” Albert said. This will create a local key—which is like another password—that only you have access to.
Once your account is active, you can start adding logins into your password vault. You can store these passwords in the company’s cloud online—which makes it easier to sync with other devices. Or, you can store the passwords locally on your computer or on another device.
The pros and cons of password managers
While experts recommend using a password manager, before diving in, consider the benefits and potential risks of using one:
- Security: According to Dashlane, the average consumer has 130 different accounts. Creating secure passwords for each one is a major hassle. By using a password generator, you can rest easy knowing each one is unique.
- Convenience: By storing all your sensitive data in one place, you’ll likely cut down on the number of password resets and attempted logins you have to perform.
- Cost: If you’re looking for the full suite of features, you will have to pay for it. The prices go up for business or family accounts.
- Cloud storage: You may feel uneasy about storing your passwords in the cloud. Some password managers don’t offer a local storage option. Or, they may charge extra for it, so double check before signing up.
- Vulnerability: It’s not possible to protect yourself 100% from hackers (we’ll cover more on that below). You still need to follow basic internet security guidelines.
Are password vaults safe?
It may be nerve-wracking to keep all your passwords in one place—especially in the cloud—but it’s unlikely you will see a major breach at one of these companies, said Albert, with one caveat: “Stay away from the no-name password managers.”
Related: The World’s Largest Data Breaches
Do password managers get hacked?
If you are using the internet, getting hacked is always a possibility—and password managers aren’t perfect. A recent report from Independent Security Evaluators found flaws in five popular password managers, with the biggest threat identified when the software was in “locked state.” The locked state happens in two scenarios:
- Before you enter the master password
- After you click the “lock” or “log out” button
In locked state, some software programs may expose your passwords—or even the master password—leaving you vulnerable to targeted attacks. The Washington Post reported some companies are working on fixes. But for others, it’s less of a priority.
Despite these risks, Albert still recommends using a password manager. “For many consumers, malware hacks are less of a concern. Experts are more worried about large-scale hacks like Yahoo or Equifax,” he said. While there’s little consumers can do to protect themselves against a massive data breach, you can use a tool like ID monitoring to try and help keep an eye on your information.
Extra steps to stay safe
There are no guarantees if and when security loopholes in some password managers will be fixed. In the meantime, you can take extra precautions by following these safety measures:
- Keep your operating system and browser software updated.
- Use the secure desktop feature if you have it.
- Activate your operating system’s autolock feature to stop walk-by targeted malicious activity.
- Pick a strong master password for your password manager.
- Shut down your password manager software completely when you aren’t using it.
The bottom line
The internet can be a wonderful, strange and inherently risky place. Adding to that risk is reusing the same password across multiple online accounts, which may be an open invitation to hackers. “Most people aren’t going to update their passwords on a regular basis,” said Albert. Instead of trying to change your passwords every six months, aim to have unique, secure passwords for every single account. With the help of a password manager, “this goal is easier to achieve.”