Password managers: Are they safe to use?

Password managers: Are they safe to use?
© Vinnstock | Dreamstime.com

We get it. It is easy to remember a password based on your favorite pizza topping. You can wield it across your accounts without the need for a reminder. However, this ease of use poses a security risk as dark forces look to pick up on your culinary tastes and get access to your data.

Beyond strong passwords, you need a way to store them safely. This is where a password manager comes in. But is it safe to leave all your precious login credentials in one place?

How a password manager can help you create better passwords

Recently, Kim received this question on Facebook: “I hesitate to download a password manager. How do I know it’s safe to download to my computer and can’t hack my information?”

That leads us to another question first. What makes a good password?

Your passwords should be unique and, ideally, nonsensical. A random string of numbers, letters and characters work best. Even the most unique passwords lose their usefulness when used across multiple accounts, however. The solution? Use a different password for each account. 

Before you roll your eyes at the prospect of remembering all those passwords or jotting them down, consider a password manager.

A password manager is a program that stores and generates login information across all your devices, including computers, mobile phones and tablets. Password managers can be installed as software or accessed through a website, browser extension or the cloud. 

Setup usually involves creating an account with your email address as well as a master password. This is one password you will have to remember to access all the rest, and it needs to be tough to crack. Tap or click here for tips on creating a strong password

Once you’re registered, you’ll import all your login credentials for the sites and services you use into the password manager.

Password managers can also store payment information, such as credit cards and CVV codes. They can autofill your name, phone number, email address and shipping address when you’re online shopping, too.

Here’s another privacy bonus: Password managers can detect fake login pages, so even if you end up on a phishing site, it won’t enter your info.

So, what makes a good password manager?

There are free options out there, and some charge a monthly or annual fee. A word of warning: When software is free, it often means you’re the product. We recommend a paid option.

There are many password manager programs to choose from, but you can narrow down your choices by looking for these features:

  • Choose one that uses the industry-standard AES 256-bit encryption, which is also used by governments, the military and private companies. This protects against brute force attacks.
  • Two-factor authentication adds another layer of security, whether it’s biometric (a fingerprint or facial scan) or a single-use PIN code sent to your mobile device. 
  • Go for an option that uses zero-knowledge architecture. This means that only you can see your passwords and any other personal information in the program. Your information is encrypted before it’s stored in a server. 

Are there any risks?

Putting all your eggs in one basket does carry risks. If the server goes down or suffers an attack, you might not be able to access your passwords — or they could end up in the hands of a hacker or as part of a leaked database.

Be sure that your devices are secure before using any password manager. If your own device is infected with malware, like a keylogger, it can pick up your master password. Biometric authentication is one option for more protection.

One of the most important things to remember: Keep that master password safe. If you lose it, you may not be able to reset or even access your account. Your best bet is memorizing it if you can. Researchers say the sweet spot for passwords you can remember is 12 characters.

The bottom line

Using a password manager is safer despite any potential risks than using the same handful of easy-to-remember passwords across all your accounts.

There are no guarantees against cybercrime no matter what protections you take, but a password manager is the easiest way to protect yourself. It’s certainly safer than “iloveanchovies123.”

Tags: biometric authentication, cybercrime, encryption, Facebook, malware, password managers, passwords, security, security risk, two-factor authentication, zero-knowledge architecture