Password managers, however, aren’t perfect. And not everybody likes the idea of storing all of their passwords in a single location. If you use a password manager and it’s compromised, the hacker could potentially gain access to all of your accounts.
So how safe are password managers and should you use one?
4 Reasons Password Managers Are Secure
Password managers are widely recommended. Here are a few security advantages of using one.
1. 256-bit AES
All password managers use 256-bit Advanced Encryption Standards. This is used to encrypt any information that you provide and is considered uncrackable. This means that even if your password manager were hacked, all of your passwords would still be inaccessible.
2. Zero Trust
Password managers all use zero trust. This means that your master password is encrypted before it leaves your device. Because of this, your master password is never stored on external servers and it isn’t even accessible to staff of the company.
3. Two-Factor Authentication
Most password managers allow you to use Two-Factor Authentication (2FA). This provides an additional line of defense. It prevents anyone from accessing your password manager unless they have access to your 2FA device. This means that if a hacker manages to figure out your password, they still couldn’t use it to access your account.
4. They Are Better Than the Alternative
Password managers allow you to use stronger passwords because you don’t need to remember them. They also encourage you to use a different password for every account. Keeping all of your passwords in one location isn’t ideal. But if it prevents you from using weak passwords, it’s a trade-off worth making.
8 Reasons Password Managers Aren’t as Secure as You Think
Password managers are popular but they are not without their flaws. If they aren’t used properly, they can actually make your accounts less secure. Here are a few risks associated with using them.
1. Everything Is in One Place
Password managers encourage you to store all of your information in one place. This often includes not just your passwords but also your payment details. Password managers are designed to prevent unauthorized access but it’s still not ideal. Password managers reduce the likelihood of you being hacked but increase the potential damage if you are hacked.
2. Keyloggers Can Be More Dangerous
Password managers often protect you from keyloggers. They allow you to log in to your accounts using autofill and this renders any keylogger ineffective. But what about when you are entering the password to your password manager?
A keylogger is effective in this scenario and rather than gaining access to one of your accounts, it would allow the hacker to gain access to all of them. If you use a password manager, you still need to avoid using computers with malware.
3. Your Accounts Are Easier to Access
People often stay logged in to their password managers on personal devices. This is convenient but it means that if anybody accesses their device, they could access all of their passwords and payment details. This can be mitigated by only logging in to your password manager when you want to use it. But this arguably makes the software less useful.
4. Some Features Are Paid Only
Password managers often have useful added features. For example, some will tell you if your password has been leaked on the dark web. And others will assess your passwords and tell you how safe they are. The problem with these features is that they are only available if you pay an annual fee. If you’re using a free password manager, you aren’t getting the best protection possible.
5. Backups Aren’t Always Provided
Most password managers allow you to back up your password vault. But not everybody uses this feature. If your password manager has the only copy of your passwords, you can lose access to all of your accounts if you forget the password or the server goes down. This can be avoided by backing up your passwords regularly and keeping the backups somewhere safe.
6. Password Managers Have Been Hacked
Password managers are security products, but this doesn’t mean that the companies that own them cannot be hacked. In fact, password managers have a history of being hacked. LastPass was hacked in 2015 and OneLogin was hacked in 2017. While customer passwords were not revealed in either instance, it demonstrates that these companies are not impervious to hackers.
7. 2FA Isn’t Mandatory
2FA is an optional feature on password managers. If you’re not using it, your passwords aren’t safe. If a hacker manages to figure out your master password, there’s nothing stopping them from accessing your password vault. This can happen if you’ve used the same password somewhere else in the past, if you fall for a phishing scam, or if there’s a keylogger on your computer.
8. You Might Forget Your Password
All password managers have the same weakness. If you lose the master password, you can lose access to all of your passwords. This problem can be mitigated by keeping backups and storing your master password in a safe place, but it still serves to highlight the dangers of storing all of your passwords in one place.
Are Password Managers Safe?
Despite the inherent flaws in password managers, most people will still benefit from using one. They allow you to set complicated, unique passwords that would otherwise be difficult to remember.
Instead of avoiding these products, you should understand their flaws and use them accordingly.
Password managers don’t provide complete protection against keyloggers. They should also not be used as the only copy of your passwords. Your password list should be backed up regularly and a copy of your master password should also be stored in a safe place.
