Are Password Managers Safe?
Password managers are software applications designed to store and manage online credentials. Many cyber-security professionals agree that they are safe to use and offer an extra layer of security beyond typical methods of storing and creating passwords. This does not mean that they do not have flaws and security risks of their own.
How Password Managers Work
Password managers store and create passwords, offering data protection in one secure database. This allows the automatic input of passwords to various online accounts without the need to remember each password.
Designed with simplicity in mind, users create one master password to protect stored passcodes, only having to type in their master to log in. Most password managers will ask to save a password when logging in to an online account. Password managers can also create complex passwords unique for each online account, making it harder for each account to be compromised.
Data is secured in three layers. Each personal account has a unique security key to access password information. The manager encrypts the data, meaning that only an account with the correct key can see personal data.
The master password is not saved on the system, making it unlikely for a hacker to obtain a key through personal devices. This triple layer of security is referred to as the zero knowledge security model. A hacker must bypass all three security measures to hack a personal password manager. Parent companies that own these password managers are also unable to access personal passwords because of this encryption method.
Why Should You Use a Password Manager?
According to a NordPass study, the average person has around 100 passwords to various online accounts. This number jumped from 70% in 2019 to 80% in 2020 as many people were forced to find online solutions at the start of the pandemic.
NordPass also found that seven of the top 11 used passwords were some variation of 123456, which takes less than a second for a hacker to crack. Password managers help reduce the odds of forgotten, reused or overly simple passwords for greater security. Using a password manager offers the following benefits:
- Encryption - Data stored in password managers is encrypted, which means that the data can only be accessed with the correct key. Password managers use a military-grade level of encryption called AES-256. There are 2256 possible combinations, making it very hard to brute-force the correct combination.
- Ease of Use - Aside from the safety of password managers, they are easy to use and make it possible for one platform to handle all logins. No more having to remember passwords and type them in.
- Password Creation - Password managers can generate strong passwords that will be stored in the database. This allows users to increase their password strength and avoid having to remember multiple unique passwords across different online accounts.
- Two Factor Authentication - Two factor authentication allows users to set up a secondary device or platform to confirm access to an account, even if the correct password was entered. This means that even if a hacker obtains the master password for the password manager’s database, they would still need access to the device or platform to confirm the login.
- Secure Password Sharing - Password managers allow the sharing of passwords between coworkers, friends and family, meaning anyone can access the accounts they share without compromising password security.
- Cross-Platform Support - People use a wide variety of devices and password managers have been developed with that in mind. Password managers are simple and can be used in application form or through a browser.
With the number of passwords people are now juggling and the amount of personal data those passwords protect, password managers offer a level up for online security. While no solution is going to be 100% safe, this solution offers more safety than using personal memory, simplistic or duplicate passwords across multiple accounts.
Risks of Using a Password Manager
Keeping track of passwords and coming up with strong passwords is an increasingly difficult task. Password managers offer increased security and ease of use, but they also come with some risks that users should know.
- Data Breach: In the rare case where a data breach does occur, all personal logins are in one place. In the time it would take to change passwords after a breach, a hacker could be able to do damage.
- Server Outage: In the event the company that manages the password manager has a server outage, access to your passwords could be lost permanently if there was no backup copy.
- Malware: If a device is infected with malware or becomes infected, there is a risk that your master password could be recorded as you type it in. Malware is spread mainly via email, and comes in many different forms and purposes. In this case, spyware would be the concern. This type of malware allows hackers to record keystrokes, passwords and other sensitive information.
- Choosing a Limited Product: There are many password management options, and not all of them offer the same features. If a password manager uses weak encryption, has fewer security features or has poor reviews, it’s likely the risks to safety will be higher. Pick a password manager that offers two-factor authentication, password generation and customer support functions.
- No Master Password Reset: If the password manager does not have a reset feature and a user forgets their vault password, each password may need to be reset manually.
Taking advantage of the full features they offer can also help ensure greater effectiveness. For example, setting up two factor authentication is an important step. Without two factor authentication, a user’s vault could be compromised if the main password is intercepted.
While there are some risks associated with using a password manager, they are generally much safer than other methods of storing and creating passwords.
Types of Password Managers
Each password manager solution exists in one of three different categories. There are browser-based, cloud-based and desktop-based password managers. Each offers their own level of security and pros vs. cons.
|Browser-based||Safe||Easy to use & free||No cross browser support, not all generate passwords & lack of password strength indicators||Chrome, Firefox & Safari|
|Cloud-based||High||Convenient, access from anywhere & cloud backup||Third-party servers store your vault||Zoho Vault & LastPass|
|Desktop-based||Highest||Safest & no internet needed to access||No access from other devices, complicated password sharing & manual backups||Bitwarden, KeePass, 1Password & Dashlane|
Browser-based password managers like Chrome, Firefox and Safari do not work together. If a user browses on Firefox, they will not be able to retrieve their password if it is stored on another browser such as Chrome. This problem may lead users to store their passwords in a less secure way.
Additionally, browser-based password managers can’t detect weak or reused passwords, which could lead to a loss in security. That being said, if you only use one browser, it is a safe and free way to secure your passwords.
Cloud-based password managers offer more security and integration than browser-based password managers, but still require the user to trust their vault security to a third-party server.
Desktop-based password managers are the safest and offer integration with different browsers, store your database on your device and do not require an internet connection to access the vault. Safety of the vault depends on the device. If the device breaks or malware infiltrates it, your vault could be lost or compromised.
Top Password Managers
There are many choices when it comes to choosing a password manager. PC Magazine provides these top 12 rated password managers and their specifications for 2021:
- Keeper - Best for Secure Cross-Platform Password Management
- Zoho Vault - Best for Sharing Features
- Dashlane - Best for Security-Focused Extras
- Last Pass - Best for Ease of Use
- Bitwarden - Best for Open-Source Password Management
- LogMeOnce - Best for Abundant Features
- Password Boss - Best for Safe Browser Tool
- NordPass - Best for Simple Password Management
- 1Password - Best for Password Organization
- RoboForm 8 - Best for Form-Filling Capabilities
- Sticky Password - Best for Secure Sync Options
- McAfee True Key - Best for Multiple Authentication Options
Each solution offers its own specific capabilities which may work for different types of users. When considering a password manager, try to determine what specific needs it must fill and pick the service that offers those features.
12 Cited Research Articles
Consumernotice.org adheres to the highest ethical standards for content production and references only credible sources of information, including government reports, interviews with experts, highly regarded nonprofit organizations, peer-reviewed journals, court records and academic organizations. You can learn more about our dedication to relevance, accuracy and transparency by reading our editorial policy.
- Rowe, Adam. (2021, Nov 9). Study Reveals Average Person Has 100 Passwords. Retrieved from https://tech.co/password-managers/how-many-passwords-average-person
- Moore, Ben & Key, Kim. (2021, Nov 4). The Best Password Managers for 2021. Retrieved from https://www.pcmag.com/picks/the-best-password-managers
- Jancis, Mindaugas. (2021, Oct 11). Are password managers safe to use in 2021? Retrieved from https://cybernews.com/best-password-managers/are-password-managers-safe/
- Jancis, Mindaugas. (2021, Oct 11). How do password managers work? Retrieved from https://cybernews.com/best-password-managers/how-do-password-managers-work/
- Wherry, Jack. (2021, Sep 27). What is malware? How it works & how to remove it? Retrieved from https://cybernews.com/malware/
- Rimkienė, Rūta. (2020, Dec 11). What is AES encryption and how does it work? Retrieved from https://cybernews.com/resources/what-is-aes-encryption/
- Williams, Shannon. (2020, Oct 21). Average person has 100 passwords - study. Retrieved from https://securitybrief.co.nz/story/average-person-has-100-passwords-study
- Combs, Veronica. (2020, Aug 24). Extra security or extra risk? Pros and cons of password managers. Retrieved from https://www.techrepublic.com/article/extra-security-or-extra-risk-pros-and-cons-of-password-managers/
- Hoffman, Chris. (2020, Jul 10). How Safe Are Password Managers? Retrieved from https://www.howtogeek.com/445274/how-safe-are-password-managers/
- Johnson, Dave. (2020, Jun 4). Yes, password managers are safe — here's why you should use them, and how they keep your data secure. Retrieved from https://www.businessinsider.com/are-password-managers-safe
- Malwarebytes.com. (n.d.). What is a password manager? Retrieved from https://www.malwarebytes.com/what-is-password-manager
- NordPass.com. (n.d.). Top 200 most common passwords of the year 2020. Retrieved from https://nordpass.com/most-common-passwords-list/