- advisor
- Business
Advertiser Disclosure
Lee DavisContributor
Lee Davis is a tech analyst who has been covering the document imaging industry for over five years. Currently, Lee is the Associate Director of Software and Scanners at Keypoint Intelligence, where he is responsible for maintaining coverage of document imaging software and office scanning technology. Lee also contributes editorial content centered on news and trends in the document imaging industry.
Lee Davis
Lee DavisContributor
Lee Davis is a tech analyst who has been covering the document imaging industry for over five years. Currently, Lee is the Associate Director of Software and Scanners at Keypoint Intelligence, where he is responsible for maintaining coverage of document imaging software and office scanning technology. Lee also contributes editorial content centered on news and trends in the document imaging industry.
Contributor
Kelly MainStaff Reviewer
Kelly Main is a Marketing Editor and Writer specializing in digital marketing, online advertising and web design and development. Before joining the team, she was a Content Producer at Fit Small Business where she served as an editor and strategist covering small business marketing content. She is a former Google Tech Entrepreneur and she holds an MSc in International Marketing from Edinburgh Napier University. Additionally, she is a Columnist at Inc. Magazine.
Reviewed
Kelly Main
Kelly MainStaff Reviewer
Kelly Main is a Marketing Editor and Writer specializing in digital marketing, online advertising and web design and development. Before joining the team, she was a Content Producer at Fit Small Business where she served as an editor and strategist covering small business marketing content. She is a former Google Tech Entrepreneur and she holds an MSc in International Marketing from Edinburgh Napier University. Additionally, she is a Columnist at Inc. Magazine.
Staff Reviewer
Reviewed
Updated: Apr 26, 2023, 1:00pm
Editorial Note: We earn a commission from partner links on Forbes Advisor. Commissions do not affect our editors' opinions or evaluations.
Getty
Table of Contents
- Password Management Best Practices
- How Do Password Managers Work?
- Types of Password Managers
- Benefits of Using a Password Manager
- Risks of Using a Password Manager
- Frequently Asked Questions (FAQs)
Show more
Password managers are widely regarded as safe. If anything, there are more risks involved with not using a password manager. That’s because password managers provide you with useful tools that make it easy to adhere to password management best practices, and drop bad habits such as using weak passwords, storing passwords in insecure locations (including on your desktop) and reusing passwords in different accounts.
Most people use weak passwords because they cannot or don’t want to remember a bunch of different passwords. They pick something that is simple and easy to remember such as personal details or commonly used passwords such as “12345” and reuse them across several accounts.
But weak and reused passwords are a big problem. Researchers blame 80% of all breaches on weak passwords. Cybercriminals will use lists of commonly used passwords and simple hacking tools to guess your password. Yes … somewhere, someone is getting rich by guessing their way into and draining bank accounts.
Password Management Best Practices
There is no such thing as 100% secure, but there are some strategies you can follow to make yourself more secure. These include:
- Use long, strong passphrases: The longer your password, the harder it is to crack. You should use randomly generated passwords or passphrases and never reuse passwords.
- Use password strength detection tools: You should always measure the strength of your password before you put it to work. You don’t want to find out that your password wasn’t sufficiently complex by seeing that your bank account has been drained.
- Use multifactor authentication (MFA): Using MFA makes it exponentially harder for cybercriminals to access your accounts, and it serves as a warning if someone tries to access your account.
- Secure your device: Make sure you have antivirus installed and that your device has the latest updates. If your device is compromised, then it’s likely that hackers can access any account that is accessible through your device.
How Do Password Managers Work?
Password managers provide you with a secure space—on your device, in the cloud or in your browser—to store and retrieve your passwords, payment information and other sensitive information. When you want to log in to an account, you enter your master password into your password manager, then copy and paste your credentials where they are needed.
All passwords are encrypted and locked in a vault and protected by a master password that only you know. Some password managers support biometric authentication and multifactor authentication as added layers of security. The former eliminates the need to enter your master password manually (which protects you from keyloggers), while the latter adds additional verification steps to prevent criminals from accessing accounts using stolen credentials.
Password Managers Are Safe Because of Encryption
All password managers use some sort of encryption process (for example, 256-bit AES, RSA or DES) to protect your information. Each encryption process takes a different approach to achieving the same goal: using math to scramble and unscramble information, so only those with a special key (the master password) can see it.
The important thing you need to know about encryption is that it provides you with a safe way to write down all your passwords, so that only you can read them. Unlike the .docx file called “Passwords” on your desktop, a password manager won’t expose its secrets unless presented with the right key (password). Those who don’t have the key would have to spend trillions of years using all the computers on Earth to decipher it.
Password Managers Are Safe Because of Zero-Knowledge Architecture
Password managers are typically built on a zero-knowledge architecture, which means that your password manager provider can’t see the information that is stored in your vault. When you create your master password or enter information into your vault, it is encrypted on your device before being sent to the password manager’s server. If the server that hosts your vault is breached, hackers wouldn’t be able to decipher the data.
Types of Password Managers
While all password managers serve the same purpose, some do it differently than others—namely in where they store your passwords. In this regard, you have three options—cloud, browser and local password managers—each with its own benefits and drawbacks.
Browser
Browser-based password managers are free and built directly into the browser. It is very convenient and easy to use, since most of the time you enter a password or payment information, it’s into a browser. The browser’s password manager will auto-fill the fields for you, so you don’t even have to open a separate application, enter credentials (including any 2FA codes), and then locate, copy and paste the credentials into the login fields.
The browser-based password manager isn’t without its downsides, though. You can’t easily access passwords in one browser’s password manager from another. If you’re a Chrome user, then you won’t have access to your passwords in Firefox.
Cloud
Cloud password managers are the most accessible of the different password manager types. You have access to your passwords anywhere, regardless of the device or browser you’re using. While cloud password managers offer up additional functionality such as MFA support, automated vault backup and dark web monitoring, you are trusting a third party with some of your most sensitive data.
Local
In terms of protecting your passwords from other people, local password managers are the safest—especially when they are installed on a device that doesn’t connect to the internet. The biggest risk when using local password managers shifts from outsiders to the steward of the password manager.
It’s unlikely that a hacker is going to break into your house and hack your computer. But it’s not unlikely that the computer hosting the password manager would fail or that you haven’t made a recent backup of your password manager.
Benefits of Using a Password Manager
Only a small percentage of people are able to adhere to password management best practices manually. It’s just too hard to remember all your passwords, especially if you are using unique, strong passwords for all of your accounts without writing them down. The biggest benefit of using a password manager is that it makes it easy to adhere to password management best practices. It won’t make you impervious, but it will make you safer.
Use Unique, Strong Passwords for Each Account
With a password manager, you can create random, long, unique, strong passwords for each of your accounts. Since you will copy and paste your credentials when logging in to applications and services, passwords can be as sophisticated as needed—you don’t even need to know them. This also helps eliminate the need for users to reuse passwords across different accounts, so hackers cannot use stolen information from one account to break into another.
Backups
Password managers—especially cloud and browser-based password managers—are the safest way to back up your passwords. Password manager providers back up your passwords over multiple secure data centers spread out across different geographies. Even if disaster strikes in one location, a copy of your credentials is safe and sound in another.
While you can back up your own passwords on paper or in your own equipment, it’s not as safe or reliable. You’ll have to remember to back up your data from time to time, and you’ll need to make sure you maintain redundant copies in multiple locations.
Risks of Using a Password Manager
While password managers help you be more secure in the digital world, they are not risk-free. Even if you adhere to password management best practices and do everything right, there is still a (very small) chance that you will lose everything.
Device Security
The same thing that makes password managers so convenient for you—all your passwords are easily accessible in one spot—also represents the greatest risk. If your personal device is infected with malware, then cybercriminals can steal your master password and take control of your vault. You also run the risk of locking yourself out of your vault forever if you forget your password or improperly back up your vault.
Not All Password Managers Are Created Equal
But the risk isn’t just internal. The password manager provider itself represents a risk to your safety. Cybercriminals have targeted and successfully breached some of the biggest password management providers. While the damage from these attacks has been limited, it is a reminder that just because you use a password manager, that doesn’t mean your information is 100% safe.
Bottom Line: Are Password Managers Safe?
Are password managers safe? Absolutely. But they are only as effective as the person who is using them. If you use “ABC123” as the password for all of your accounts and turn off multifactor authentication, then it doesn’t matter how secure your vault is—someone is going to guess that password eventually.
Are password managers 100% secure? No. But neither is anything you do in the digital world—there is no such thing as 100% secure. But if you adhere to password management best practices and use full-featured password managers from reputable brands, then you decrease the odds of becoming a victim.
Frequently Asked Questions (FAQs)
What is the best password manager?
There is no shortage of password managers on the market, each with its own strengths and weaknesses. After analyzing dozens of products, Forbes Advisor found that Norton Password Manager, NordPass, Dashlane, Bitwarden, 1Password, KeePass, Keeper and LastPass are among the best options on the market.
Are there advantages to paid password managers compared to free password managers?
Free password managers offer basic features, but may not offer all of the features you are seeking. If so, you should upgrade to a paid version. While free password managers aren’t inherently unsafe, you should research the provider to ensure it is a trustworthy company.
What happens if I forget my master password?
Before signing up with a password provider, make sure the service provider has a protocol in place for losing a master password. Otherwise, you could lose your account permanently.
What if someone hacks my password manager?
If your password manager is hacked, then you should change your master password and all the passwords stored in your vault. You should also alert your bank and take measures to protect any payment information stored in the password manager.
Was this article helpful?
Send feedback to the editorial team
Thank You for your feedback!
Something went wrong. Please try again later.
