Are password managers secure?

Passwords are an important part of your online privacy, online security, and act as a digital barrier to your private data. Introducing the password manager: a handy tool that stores one strong master password that gives you easy access to all of your accounts while helping to keep cybercriminals at bay.

Managing your passwords can be tricky. You might resort to using the same password over and over — or tweaking each password just a bit — so you don’t forget your passwords and get locked out of your accounts. You might go for something easy to remember or even write them down on a sticky note and keep it in your wallet… But that also makes it easier for cyberthieves to figure out.

Each of the passwords you have for every service should be unique, complex, and long. While there are potential drawbacks to any software, password managers offer securer, encrypted solutions for creating and storing strong passwords that should help keep your data more secure.

What is a password manager?

A password manager, also called a password vault, is a piece of software that stores and organises your usernames and passwords. Some password managers even have the capability to generate complex passwords unique to each of your online accounts. A password manager can also provide strong encryption. All you need to do is remember one master password to unlock them all.

Password managers offer a variety of services that may include:

• Site and password breach alerts 
• Syncing across multiple devices
• Family-sharing
• Assistance changing old passwords automatically
• Auto-filled information on forms
• Encrypted file storage vaults for your financial and other personal information
• Industry-standard encryption
• Security questions and answers
• Two-factor authentication or multi-factor authentication
• Fingerprint and facial recognition
• 24/7 customer service

Password managers have similar aims but have functional differences in how they work. The big difference in password-manager approaches is in cloud-based vs. local storage. For instance, a web-based manager keeps your passwords encrypted in the cloud.

Others are built into your web browsers or store your passwords locally in a file on your computer or mobile device, whether Android™ or Apple iOS.

Why do we need password managers?

Just about every online service and app requires a password to gain access. You might have a common one you use — or a variation of a common password so you don't forget it.

The problem? These passwords are likely weak, and they probably won’t provide much protection against a determined cybercriminal.

Instead, you need a complex, long, unique password composed of at least 12 characters that include uppercase and lowercase letters, numbers, and symbols. Plus, you need a different one for each program or account.

It's also important for those strings of letters, numbers, and symbols to be random. That helps keep it more difficult for cyberthieves from figuring them out based on information they might have on you — such as your birthdate or name of your pet.

Unless you want to keep going back to a notebook where you write down different passwords, it might be challenging to create and remember passwords that will help keep your information securer.

Are password managers secure?

You might worry about trusting a program or app with your master password and other private information. Can't app makers be hacked, too?

The quick answer is “yes.” Password managers can be hacked. But while cybercriminals may get "in" it doesn't mean they will get your master password or other information. The information in your password manager is encrypted. And deciphering that encryption, which is usually industry-standard encryption like Advanced Encryption Standard (AES), is very difficult

Plus, most password managers do not store or have any access to your master password or the encrypted information in your password database.

Much of the security of your password manager depends on the strength and safety of your one master password. And for many password management systems, that master password is not stored on the same server as your encrypted information. This adds an additional layer of security.

Password manager pros

Password managers are a relatively new security innovation, and there are quite a few great things about them.

Pro: Easy to use

Most password managers are quite easy to use. They save you time because you no longer have to remember all of the passwords you need. You’ll only need to remember one master password that will unlock all of your passwords.

Another benefit? You’ll no longer be locked out of your accounts because you couldn’t remember one of your many passwords. A password manager’s browser extension can also automatically fill in your user information and help create strong security questions and answers.

Pro: Strong, random password creation

Password managers generate, store, and keep track of a unique and different password for each of your online accounts. The passwords are often random sets of at least 12 characters that include numbers, uppercase and lowercase letters, and symbols.

If the password management system you select includes a password generator, it can help create logins that probably mean nothing to you, and that’s good. Cybercriminals would be unable to figure them out based on any information they have about you.

It’s unlikely you would remember them if you didn't write them down — or have a password manager remember them for you.

Pro: Strong encryption

Password managers provide strong encryption, which serves as a strong security against cybercriminals. Many password managers are protected by strong encryption like AES, an industry-standard protection used to protect personal information.

Pro: Family sharing

Some password managers enable secure sharing of passwords with family members, which can be a bonus for helping to keep your family’s data safer and securer.

Password manager cons

Like most security solutions, there are potential drawbacks to password managers, depending on the software. Here are some cons:

Con: Putting all of your eggs in one basket 

The metaphoric ‘elephant in the room’, of course, is the scenario where a hacker finds out your master password that unlocks all of your others. One way this could happen is if a hacker was able to install a keystroke-logger program on your computer or other device and recorded your master password. Your password manager vault and all of your accounts could then be compromised.

Con: Password manager breach

Another potential negative aspect of a password manager is if the password manager itself is breached. However, even if a breach occurs, normally the data in your password manager should be encrypted and stored elsewhere, and password managers do not retain your master password.

Con: Forgetting your master password

What happens if you forget your master password? Most password managers will lock you out of your vault. You'll have to reset every password yourself. So be sure to memorize your master password.

Con: Setup

One thing you will have to do when initially setting up your password manager is to remember and enter your current usernames and passwords for every site and account. It may be tedious but once you’ve entered each username and password, your password manager will then remember that login information from then on.

Do we offer a password manager?

If you're looking at different password managers, you might consider Norton Password Manager to help you create, store, and manage all your complex passwords, as well as credit card details and other personal information.

Norton Password Manager stores all of this information in your own encrypted, cloud-based vault that only you can access. Whether it’s filling in forms or syncing devices, Norton Password Manager offers easy-to-use solutions for making password management safer and more secure.

Better protection for your life in the connected world.

Want to go beyond just securing your passwords? Introducing Norton™ 360. Get multiple layers of protection in a single solution: protection for your devices against viruses, phishing and other online threats, a VPN for your online privacy when using any Wi-Fi, a Password Manager to generate and store your passwords and logins, plus Cloud Backup for PC to help prevent data loss due to ransomware or hard drive failures.