A password manager is an encrypted storage system for keeping and managing passwords usually protected by a master password. Some password managers use biometric data to protect the vaults instead of master passwords. Others support the use of two-factor authentication for higher security.
How does a password manager work?
A password manager includes software that allows you to generate unique and strong passwords while storing them in a safe encrypted place. Some password managers also enable you to store personal information, such as credit cards and banking details.
Another helpful feature of most password managers is their ability to automatically provide passwords for stored sites. All you have to do is type the master password and your password manager fills in the password of the account or site you are trying to access. You save time this way.
A good password manager allows you to sync data between devices so you don’t have to worry about losing data in one device because you have other devices as a backup. Syncing is also a convenient way of accessing data wherever you are and whatever device you are using.
For example, you use Windows at work, Mac at home and Android and iOS when you’re on the go. You can sync your devices to quickly access any of them regardless of the device and web browser you use each time.
From a security perspective, a password manager can alert you to a phishing attempt. Here’s why. Phishing emails and malicious sites are spoofed versions of the genuine ones. If you are using a browser-based password manager, it will not auto-complete the username and password fields since it does not recognize the website because that website is fake. So that’s one threat averted.
Some password managers will also alert you to evaluate the strength of your stored passwords and change weak ones from time to time. Others will scour the dark web if any of your activities appear online.
How does a password manager encrypt passwords?
Password managers secure your passwords through encryption. Encryption works by converting plain text into cipher text made up of unreadable characters.
AES, or Advanced Encryption Standard, is a publicly accessible cipher approved by the US National Security Agency, or NSA. AES has many encryption levels but password managers use either 128-bits, 192-bits or 256-bits. AES 256-bit is the industry standard because it has an exceptional cipher strength that is nearly impossible to crack.
Even the strongest cryptographic systems are not totally immune from hacking if hackers gain access to the key itself. That is why using extra security measures, such as strong passwords, firewalls, antivirus software and multi-factor authentication, is crucial to the larger security picture. It is also important to educate employees on social engineering and phishing because they are the first vector for any such threats.
Types of Password Managers
Password managers are categorized according to the features they offer.
These include storage capability, size and location, level of encryption and special services offered, among others. Following are the commonly used types:
Locally stored password managers
Local storage of password managers involves storing passwords on any of your devices. They can either be your desktop, laptop, tablet or mobile phone depending on your preferences. Each device needs a password manager license, so if you have multiple devices, you will need multiple licenses.
Locally installed password managers are usually free. You don’t need the Internet to access it. They greatly minimize the risk of someone breaching your storage vault, unless you inadvertently click on a link that installs a keylogger which may allow the hacker to steal your master password. However, if your device breaks down irreparably or lose it, you too lose your storage. This is why you will need an extra but safe place to store your master password.
Cloud-based password managers
Web-based passwords store your passwords on a cloud, usually the provider’s server. You can access your passwords on any of your devices anytime and anywhere where you have Internet connection.
Can your password manager provider access your passwords?
Reputable password managers observe zero-technology. It means that they encrypt your passwords on your device before sending them to the server. There is no way they can read your passwords because they are encrypted. They also make sure that your passwords will not be available to third parties all the time.
Cloud-based password managers also generate strong passwords and check if your accounts have been leaked. They can detect reused and weak passwords. They will work on multiple browsers and operating systems.
Browser-based password managers
Browser-based password managers work on one particular browser, such as Chrome, Safari or Firefox. You cannot switch browsers. They are fairly safe to use provided they include encryption and two factor authentication.
One downside of browser-based password managers is that they cannot detect weak or reused passwords. They cannot generate passwords. You also cannot check your logins in the dark web and you will need to check them manually on a separate tool.
#2 So here we are at the middle of the post. We still think it's a good idea to signup.
By entering your email address you agree to receive emails from EveryDayCyber. We'll respect your privacy and you can unsubscribe at any time.
Pros & Cons of Password Managers
Master password for everything
Having a single repository of all your passwords means you only need to remember one password. The password for the password manager. In today’s digital reality, this means eliminating the need to remember tens or even hundreds of passwords.
Password managers are simply more secure than traditional methods for capturing and storing passwords, such as writing them on pieces of paper and storing them in your desk or keeping some type of file on your computer. These and other typical methods are fraught with security risk and just can’t compete with the security of a password manager.
Works across all devices
Many of the password managers offer utility across devices, this is particularly true of cloud based password managers. This means it works across devices, phones, computers, laptops, etc. So any changes to passwords is instantly available and accessible from all devices that would require it.
Automatically generates passwords
Without having to remember tens or hundreds of different passwords for every online site, internet system, and application, you can take full advantage of automatically generated passwords.
Every password manager typically has a password generator feature and includes features that enable the creation of highly secure, properly generated passwords. Such passwords are of appropriate length and have character diversification (upper & lower case letters, numbers, special characters) and are generated in unrecognizable patterns.
Some managers will even ensure that you don’t repeat any passwords across accounts of systems. The ultimate benefit is you don’t have to do any of this work, the password manager does it for you.
You can share with a trusted person
Online or cloud-based password managers in particular can designate access to trusted persons if you, the primary owner, cannot access your passwords. This offers those trusted persons the ability to gain access to systems or services that you use to function as power of attorney on your behalf if incapacitated or executor of your estate in the event of death.
Single sign-on can be risky
While having a single source of access to all your passwords can be incredibly convenient, it comes at a cost. Since you now only require knowledge of a single password, you are now at risk that if that password is compromised, whoever knows or has access to the compromised Master password to your password man anger has the potential to access all of your passwords. This is a real risk and it needs to be weighed against the risks and convenience of using a password manager.
A potential single point of failure
Anytime you put ownership of information in a single source you are at risk that you could lose access to that source, forget how to access the source or the source somehow gets destroyed and can’t be recovered. So password managers, the master password and the password manager repository need to be protected. So maintain password manager backups and keep a copy of the master password in a highly secure place.
It is just a tool and there is a learning curve
Like any new tool, password managers do have a minor learning curve. So be prepared to spend a little time familiarizing yourself with the tool and which of the functions you want to take advantage of. Fortunately, they are all straightforward, fairly simple and integrate well as browser plugins. So once set up, they work very well.
Quality ones cost money
Like most things in life, the best do come at a cost. Yes there are a number of open source and free password managers, but they generally are limited in function. The best options generally charge an annual fee or a monthly subscription. You may ask if it is worth the expense and the best answer we know of is, if you don’t use one and you end up being compromised or hacked, what would the cost be then.
Best Password Managers
We have compiled a list of the best password managers. We have evaluated our picks based on the security features offered, platform compatibility, performance, ease of use, terms of plans, value for money and reputation, among others. Here they are:
Dashlane is a popular password manager that offers both free and paid plans. It features apps for Windows, Mac, Android, iOS, Linux-based platforms and Chromebooks via browser extensions.
Dashlane’s free plan is capable of storing logins of up to 50 accounts and the ability to share up to five accounts. It can also store some types of sensitive information and fill out forms automatically. It offers two factor authentication for added security
Its premium service synchronizes unlimited passwords across unlimited devices. It scans the dark web for breaches and sends you personalized alerts if any of your stored data appears in the breaches.
LastPass is a browser-based password manager with extensions for Firefox, Safari, Chrome, Edge and Opera. It supports Androids, iOS and Windows phone apps. It uses AES 256-bit encryption and multifactor authentication.
LastPass’ free plan accommodates unlimited passwords, multiple device syncing, encrypted password, information sharing and auto-filling of credit card information. LastPass also offers personal and family plans that feature password sharing across devices and 1GB of encrypted file storage.
1Password is a cloud-based password manager that supports Android, Mac, iOs and extensions for all the major browsers. It offers a personal plan that features unlimited passwords and device syncing, 1GB of encrypted document storage, digital wallet and 24/7 email support.
1Password’s family plan allows five family members to share passwords and data with each other. Subscribers can set different permissions for each family member as well as add more family users for $1 each. 1Password also offers a business plan that provides security protection for enterprises, teams and employees working from home.
Keeper is a password manager for enterprises that provides advanced levels of security with customizable add-ons for teams. It is one of the most sophisticated and robust password managers. It offers plugins for the major browsers, desktop apps for Windows, Mac and Linux and mobile apps for Android and iOS. It supports biometric authentication on mobile devices and data syncing across an unlimited number of devices.
Keeper features two plans namely, Keeper Unlimited and Keeper Family.
Keeper Unlimited includes the following features:
- Store unlimited passwords
- Generate and auto-fill strong passwords
- Store identity and payment info
- Login with fingerprint and face ID
- Access to unlimited device
Keeper Family includes the following added features:
- Unlimited password storage
- 10GB secure file storage
- Unlimited identity and payment storage
- Secure record sharing
LogMeOnce is a password manager that offers cross-platform support, enabling users to log in on any computer, mobile device or browser. It boasts a remarkable list of 50 features that allow unique and broad customization. For example, you can create a customized dashboard, scheduled logins, photo logins and even get a snapshot of someone who attempts to hack your account or device.
Surprisingly, LogMeOnce does away with a master password and instead puts in place additional security settings so you do not get locked out of your account in case you forget your master password.
Aside from passwords, LogMeOnce also offers biometric options, such as a fingerprint, face ID, selfie or pin. Adding more options provides different levels of security to different logins.
RoboForm is a versatile password manager for form filing. It features plugins for all the major browsers and mobile apps for Android and iOS. It offers both free and paid plans.
The free version offers:
- An auditing tool that identifies weak or duplicated passwords
- A password generator for strong passwords
- Unlimited logins
- Multi-platform support
- Two factor authentication
- Strong encryption
- Cloud backup
The paid version offers all the features of the free version including the following
- Syncing of passwords across devices
- Sharing logins securely
- Multi-factor authentication
- Priority 24/7 support
Are Password Managers Safe?
Password managers are completely safe if you use a trusted and popular password manager service. Whenever possible, it is always better to increase the security level of your passwords than to be complacent with the status quo, thinking you are safe as is. This is the function of password managers.
You might worry about the safety of your passwords stored in a password manager and the possibility of a hack. Can password managers be hacked?
Yes, if you are careless about leaving your password manager open on your desktop for a long time. Hackers can get “in” through your desktop or mobile, but as long as your password manager uses deep encryption, such as AES 256-bit, and is fully supported by multi-factor authentication or biometrics, you have nothing to worry about. Moreover, password managers do not keep a record of your master password.
Finally, when it comes to password managers, there is more to it than just solving the problem of remembering long and complicated passwords. Password managers provide an added layer of security for all your online accounts making it hard for crooks to crack them. Remember, the security of your passwords is only as good as how you want them to be.
#3 You really should sign up. "Scouts Promise" ... it really will help you stay cyber safe.
By entering your email address you agree to receive emails from EveryDayCyber. We'll respect your privacy and you can unsubscribe at any time.