Can you trust a password manager?

We’ve talked about people reusing the same passwords or just using hilariously unsafe ones so much that one is tempted to just shrug and let digital nature take its course. But this is one area where there is a technological solution to a human problem: password managers. Of course, before you entrust some app with all your login data, you might ask yourself: are password managers safe?

In short: Are password managers safe?

A good online password manager is safe to use due to the variety of security measures in use: encryption, zero-knowledge storage, two-factor authentication, biometric locks, and the fact that the user only needs to memorize a single password.

    How do online password managers work? 

    A password manager works in a fairly simple manner. It’s an app or a browser add-on that can detect when you’re entering login data into a website or an app. If you’re prompted to save it and choose to do so, the data is then encrypted and transmitted to the password vault on the app’s server for later use. The user can then effortlessly use that data to log in wherever and whenever they are, as long as they remember how to log into the password manager.

    Types of password managers (and their pros & cons)

    Generally, there are two types of password managers: those that store your passwords locally and those that store them online. And as with most things, both approaches have their pros and cons.

    Local password managers

    Local password managers keep your passwords inside of your devices or browsers. This eliminates the chances that you might lose your credentials in a company-wide data breach. They’re also usually free.

    However, a local-based solution is vulnerable to local device problems. For example, your password security might get compromised if your device gets infected with malware.

    Local-based password managers are also less convenient as you’ll need to have your passwords installed on every device you use. So if you try to log into Facebook from your friend’s phone, you’ll need to remember the password.

    Local-based password managers

    Won’t lose your password to a data breach.
    Is vulnerable to malware and viruses.
    Usually free.
    Only work after manual set up on each device
    If you lose your device, you’ll lose your passwords.

    Cloud password managers

    Cloud password managers store your passwords in cloud databases. They are more convenient because you can access them from anywhere. However, they can potentially be subjected to data breaches. That’s why it’s very important to find a trustworthy password manager provider!

    Unlike local password managers, their cloud-based counterparts are not tied to a single device. Essentially, you can use one from anywhere in the world as long as you have internet.

    Cloud password managers are also safer because they are not vulnerable to malware that might infect your devices. Their only security threats are breaches that might happen in cloud security operations.

    Online password managers

    Can access from anywhere.
    Data breaches can compromise your passwords.
    Works across multiple devices and platforms.
    Requires an internet connection.
    Will tell you if your passwords were leaked.
    Is a paid service.

    How safe are password managers?

    While nothing is 100% safe online, a good password manager (read: paid subscription, has good reviews) will have a lot of security measures in place to make sure that your data remains safe and secure. Here’s what they have to work with:

    Password managers encrypt your data with an AES-256 algorithm, which is as good as it gets these days, and no computer in existence could crack it within a lifetime.
    This means that the password is encrypted before it’s transmitted to the vault. Should the server be breached, the hackers would only find an unreadable mess. Meanwhile, some other services just store passwords on your device, making it a bit safer but a lot less convenient.
    Only a single password
    If you only ever needed to remember a single password, you’d probably be able to remember any random string of letters, numbers, and punctuation marks. This is the core safety idea of all password managers.
    Good passwords
    A computer can generate a stronger password than you could and it can store an indefinite number of those passwords. So when it comes to logins, all accounts of yours will be provided with the same level of security.
    Two-Factor Authentication
    2FA increases the security of your accounts by asking you to confirm your login on another device. This makes it harder for anyone who might get their hands on the password to your password manager to get in.
    Why not make 2FA even harder to crack and manipulate by using your fingerprint as the second lock on your password manager?
    Threat monitoring
    Some password managers go as far as to notify users when their passwords have been leaked in a breach, prompting them to change them.

    How to choose a reliable password manager

    Ideally, you want to look for a password manager that comes with:

    • Strong encryption implementation.
    • Two-factor authentication.
    • Zero-knowledge storage.
    • Threat monitoring. 

    The company’s reputation is also very important. Did they have any leaks or breaches in the past? Do they test their security often? Do security experts recommend this password manager?

    You can find such information with a simple Google search, and I absolutely urge you to do the research yourself.

    What are some safe password managers?

    Doing my own research? In 2021? I know that it sounds tedious, but it’s definitely worth it because you’ll know what you’re getting!

    In general, there are a few big players out there. We recommend you check out these services to get you started:

    • LastPass
    • NordPass
    • 1password

    Can a password manager be hacked? 

    Technically, it is possible for a password manager to be hacked in some way. But, as I mentioned, encryption makes doing that essentially pointless.

    It is easier and much more common to compromise a password manager via phishing. For example, you can be tricked into downloading keylogger malware on your device through a malicious site or an email. This keylogger can record the master password for your password manager. 

    Similarly, a hacker pretending to be a support specialist from your password manager developer might trick you into giving them your login credentials (once more for the people in the back: no real company will ever ask you for your login and password). 

    Phishing is by far the biggest risk to your password manager. That’s why it’s wise to always use 2FA as a back-up plan. And since phishing is something only you protect yourself from by being diligent, I’d say that password managers are fairly hack-safe

    The password manager is to be trusted

    We’re not going to be suddenly having fewer websites and apps to log into. That’s why maintaining strong passwords will remain important. So to do that, enlist the aid of a password manager to keep those logins safe and encrypted. 

    In addition, we urge you to check out other security features. Surfshark Alert will notify you if any of your passwords or personal data get leaked. And when it comes to encrypting your online traffic, consider Surfshark VPN as well. 

    Your password is encrypted - make sure the rest is as well

    Get Surfshark