Did you use only one password to access all your different accounts because you are dead tired of remembering all different passwords? Do you know that if your only password is stolen, all your accounts are also compromised? Do you know that there is a better way to securely access your online account without the need to remember all different passwords? Have you heard about password manager?
In this article, I will explain what a password manager is, why you need a password manager for safe browsing, its benefits and limitations, different type of password managers, and lastly, how to choose a password manager that suits you.
What is a Password Manager?
A password manager is a tool (software) where you can store all your login credentials (username and password) securely. It is like you store all your credentials in a “digital vault” where only you can access/open that “vault”.
It is secure because the password manager uses AES-256 encryption to scramble your data. AES-256 is considered one of the strongest widely used encryption standards that are used by financial institutions and governments to protect classified or sensitive data.
It is considered as gold standard encryption on the market. The security of credentials stored within a password manager is comparable to the data protection standards maintained by major financial and governmental institutions.
Why do People Use Password Managers?
There are many reasons why people started to use password managers.
- Strong Security: Password managers can generate unique, strong and complex passwords that are nearly impossible to be guessed or cracked by hackers. As well, since most password managers use AES-256 encryption to scramble and save the data, hackers would not be able to read it even if they were able to breach your data.
- Convenience: You don’t need to remember all your long and unique passwords that you use it for online browsing or accessing apps. With Password managers, you only need to remember one master password to access your password manager account. When logging in to your account, with the autofill function, the password manager recognizes the website and can fill in your password automatically. In addition, these are synced across your all devices, which means it can be used on either your mobile phone, tablet or laptop/desktop on different browsers (Chrome, Safari, Edge or Firefox) or apps. This can save a significant amount of time.
- Zero-knowledge architecture: With this technology, all your credentials are encrypted locally on your own device. The password manager company never knows your master password and all passwords inside it since they cannot decrypt the stored data. If for whatever reason, the compliance authority seizes password manager company’s server, they would not be able to get your data since they are not there. So, this gives you more security and privacy of your data and also browsing activities.
- More than just Password: Some password managers provide additional functions to store your sensitive information such as credit card numbers, bank account details, even your driver license and passport data. It adds benefit like a digital wallet provides.
- Protection against unwanted events: Many password managers offer features of dark web monitoring to alert you if your credentials (user id and password) have been subject to data breach. As well, with the autofill function, this can help detect suspicious websites because many password managers only autofill on recognized domains.
- Extra protection with MFA/2FA feature: Most reputable password managers include Multi-Factor Authentication (MFA) or Two-Factor Authentication (2FA) in their authentication process. When you log in to your password manager account, they will send a timed unique code (between 1 to 5 minutes) to your mobile phone for you to type in. With this added feature, although your master password is compromised without your knowledge, as long as the hacker does not have your phone, they would not be able to log in to your password manager account.
- Secure password sharing: With password manager, you can securely share your credentials with someone you trust such as family members without exposing the actual password.
Risks and Limitations of Password Managers
There is no such thing as perfect in this world. Same with password manager. It has some limitations and risks. Below are some of things you may need to consider when using password managers.
- Critical point of Failure: Because you rely on one master password to access/unlock your password manager accounts, if you create a weak master password, hackers can easily break your account and access all your credentials. To avoid and minimize this, you need to create one strong master password combined with enabling 2FA so that even if the hackers steal your master password, they cannot break your account if they don’t steal your mobile phone as well.
- Cost: You can choose a free password manager with its limitation and function, but the better one with advanced feature usually requires you to pay a monthly subscription fee.
- Learning Curve: For password manager with multiple features, it takes some time for you to be comfortable in learning and using it, especially if you have a lot of accounts and are less technical.
Types of Password Managers
Depending on where they store your data and how your encryption data is accessed, there are different types of password managers as follows:
1. Browser-based Password Managers
This type is probably a password manager that people most likely encounter in their daily browsing activities. When you log in to a certain website for a first time, your browser (Chrome, Edge, Safari or Firefox) will probably ask if you want to save your credential (username and password). If you agree, the browser will save your credential, encrypt it and save the data that is tied into your browser account (such as your Google account). As well, the browser password manager can generate a unique and strong password and suggest it for you to use instead of using your own.
Advantages:
- It is free and easy to use.
- Your credential is tied to your browser. As such it can be synced across devices (computer, tablet and phone).
- It can autofill your login details when you revisit a website.
- It can generate strong password and warn you if your credentials are exposed to data breach.
Disadvantages/limitations:
- Because it is tied to a single browser, it does not work across all browsers, i.e., Chrome password doesn’t sync with Edge.
- Lack of advanced features: Usually it does not have secure file storage or built-in two-factor authentication (2FA) code generator.
- Less secure: If your browser account is hacked/compromised, your credential is at risk.
2. Cloud-based Password Managers
Cloud-based (or it is also called as dedicated) password managers are applications or standalone service that securely stores and manage your login credentials in an encrypted “vault” and syncs them across multiple devices through the provider’s cloud server. This type is what people usually refer it to as password manager.
All descriptions above re why people are using password manager and what you need to be aware of when using password manager are related to cloud-based or dedicated password manager because this type of application is considered as the most secure ones.
Examples of companies that offer these services are 1Password, Bitwarden, NordPass, Dashlane and LastPass.
3. Desktop-based Password Managers
Unlike the cloud-based one, desktop-based password manager, as the name suggests, stores your encrypted credential locally on your devices (desktop. laptop, mobile phone). They don’t rely on the company’s server unless you sync it yourself via your own cloud subscription (such as Dropbox, Google Drive), which in this case are saved in the cloud provider’s server.
Advantages:
- Maximum control: Because the data are stored locally on your device, you have a full control of it. As there are not stored on the company’s server, there is no way for the company or third party to access your data.
- Offline access: You can access your login credential even you are not connected to internet as there are stored on your device.
- Cheaper than cloud-based: Since they don’t need company’s server to store data, a desktop-based password manager is relatively cheaper than the cloud-based one. Some of them are free or you just need to pay one-time cost.
Disadvantages/limitations:
- Vulnerable of data loss: If your device is not functioning well and you don’t have a backup of your data, all your credential may be lost.
- Less convenience: Because desktop-based password managers do not have syncing function, it is less convenience if you want to access your credential from different devices. Data on laptop cannot be accessed from your mobile phone unless you store them there as well.
- Less advanced features: They usually don’t provide service for family sharing, dark-web monitoring and breach alerts.
- Longer learning curve: You need to spend more time learning the technical stuff in setting it up and using it comfortably.
Examples of companies that provide desktop-based password managers are KeePass and Enpass.
How to Choose the Right Password Manager?
Choosing the best password manager that suits you depends largely on your needs, security comfort, convenience and privacy.
- If you want simplicity and free tools, you can go ahead with browser-based password manager. The password manager is integrated into their browser. It is easy to use with the autofill feature. This is good for you who only use one ecosystem, i.e., if you use Chrome browser, you can sync across all Google devices but it can’t be synced to Safari or Firefox. Of course, because it is free, it lacks of advanced features and provides less security than a dedicated or desktop-based password manager. However, it is still better to use this browser-based password manager than not having one.
- If you want full control of your data and privacy, you need to choose a desktop-based (local) password manager. Because your credentials are stored locally on your device, you are in full control of your data and none can access it other than you. This is suitable if you are tech-savvy as the learning curve is steep. It is less expensive than its cloud-based counterpart but it lacks some advanced features such as dark-web monitoring and breach alert.
- If you want convenience and access to advanced features, you need to choose cloud-based password manager because this type provides the most comprehensive features available of password manager. It is convenient because they can be synced across different devices (mobile, tablet, laptop, desktop) and can be used in different ecosystem (Chrome, Safari, Edge, Firefox). It is best for people who have multiple accounts and devices. However, the comprehensive features come with a cost as you need to pay a monthly/annual subscription that is a little more expensive than a desktop-based subscription fee.
Conclusion
Are you ready to take it up to the next level and step up your security with using a password manager? Try one of them that suits your needs. Once you use it, you will realize the benefits of using a password manager and how amazing it is and how it can give you peace of mind while you are doing online activity that requires a password.
Additional Frequently Asked Questions
What is the roughly percentage of people using password managers?
Data from Security.org reports that around 34% of US adults use password managers in 2024. Globally, the average is lower and are in between 20% to 30%.
Do password managers generate a new password every time you log in?
No, once a new password was generated randomly by it, it remains the same until you decide to change it. It will be a huge inconvenience and this can break the website if every time you log in the password changes.
Can I see the random password generated by password manager?
Absolutely. You can see it and you can override it with your own password if you like. You have a full control over your data.
Why is using your own password not recommended?
Although you can create a long password with combination of words, numbers and special characters, you tend to create using passphrase with predictable pattern that is memorable. For example, your password of MyCutiestPuppyDaisy$123 can be guessed or cracked by hackers using special program/software. This is especially true if you have a social media such as Instagram with posts of your Daisy puppy. Password manager can create random password that is nearly impossible to crack such as fY7#qJ2&zP!gH9@K63$Rg.
Is password manager safer compared to conventional password?
Yes, it is much safer than conventional password (write it down and reusing it across multiple accounts), because they generate strong and unique passwords and use AES-256 encryption to store them in a “digital vault”. As well, it protects against phishing scam because the autofill function will not work if you access a fake website.
