Are password managers safe?

Young woman using laptop at the window sillImage: Young woman using laptop at the window sill

In a Nutshell

Although no one can completely guarantee the security of your online accounts, password managers offer a level of protection you probably don’t have if you’re managing your passwords yourself.
Editorial Note: Intuit Credit Karma receives compensation from third-party advertisers, but that doesn’t affect our editors’ opinions. Our third-party advertisers don’t review, approve or endorse our editorial content. Information about financial products not offered on Credit Karma is collected independently. Our content is accurate to the best of our knowledge when posted.

Password managers provide a simple way to store, manage and retrieve passwords for online accounts. While that sounds appealing, there’s one question left to answer before you entrust your online security to an app: Are password managers safe?

To help answer that question, let’s first consider the alternative to using a password manager.

Security experts recommend using a different password for different accounts to help reduce your risk of being hacked, but consumers often don’t follow this advice. In a 2020 survey of internet users conducted by data loss prevention software company Digital Guardian, nearly 18% of respondents reported reusing the same password for multiple accounts.

An additional 39% of survey respondents reported jotting their passwords down on a piece of paper. That solves the headache of only using one password, but it comes with another potential pitfall: It’s pretty easy for a piece of paper to get lost or fall into the wrong hands.

A password manager that can both organize your passwords and help keep them secure seems like a better option. And yet some people remain skeptical about password managers. Let’s dig into how safe these apps really are.



What is a password manager?

At the most basic level, a password manager is a program that generates, encrypts and stores passwords for your online accounts. To retrieve your passwords, you generally enter a master password that unlocks your stored information.

But some of the best password managers don’t stop there. They also offer a variety of other features, which may include …

  • Two-factor authentication, so you can bolster your account’s security with a second piece of information that’s required to finish the login process
  • Fingerprint support for mobile devices, so you can sign in to your password manager’s app with just a touch of your finger
  • The ability to store additional account information, such as account recovery codes and answers to security questions
  • Digital file storage, so you can upload important records
  • A digital wallet option that stores your account information, like credit card numbers, for a streamlined shopping experience
  • Security alerts that notify you if the password manger thinks your online account has been compromised
  • Sharing features that let you securely share information with friends and family

Many password managers feature a browser extension for easy access to your saved passwords while you’re browsing online. Depending on the password manager, you can install the extension in a compatible web browser (Chrome and Firefox are typically good bets, though compatibility may vary). After it’s installed, you can log in from your browser and access your information when you need it.

If you want to use a password manager on your mobile device, you may need to download an app to get access to your passwords.

Are password managers safe?

While we can’t vouch for every single password manager out there, using a trusted password manager may be safer than not using one.

Going it alone can mean reusing the same password again and again — a risky approach, at best. If a hacker gains access to just one of your accounts, your entire digital life could be compromised.

With a password manager, you won’t need to rely on simple, weak passwords that are easy for you to remember (and can be easy for hackers to guess).

Password managers offer a password-generator feature that can create strong passwords to help keep your accounts more secure. And many password managers feature two-factor authentication as an added layer of security.

Many password managers also use encryption to protect your passwords and other information stored in your account. And many limit access to your data by encrypting and decrypting it on your device and not on their servers, so your master password is available only to you — your password manager can’t access it.

FAST FACTS

What is two-factor authentication?

Two-factor authentication requires a second piece of information that only you have access to — such as a digital code or USB device — to verify your identity every time you log in. Because you need this information in addition to your username and password, it becomes even more difficult for someone to gain unauthorized access to your account.

Many password managers allow users to enable this feature for added security. But even if you don’t enable two-factor authentication for use all the time, password managers often require it if you’re logging in on a new device to ensure you’re you.

What if my master password is compromised?

By now you may be thinking, “That all sounds great … but what happens if someone gets ahold of my master password?”

The bad news is that they could gain access to your account and all the information stored there.

If you follow best practices by creating a strong password and keeping it safe, “the risk is pretty low that somebody’s going to hack it,” says Caleb Barnum, principal solution consultant for electronic payments company ACI Worldwide.

But it’s still possible. To help reduce the risk of having your account hacked, Barnum recommends selecting a password manager that uses two-factor authentication and choosing a “complicated and obscure [master password] that only you would know.”

If you can’t think of one, the United States Computer Emergency Readiness Team suggests using a mnemonic device for a phrase or sentence that’s easy for you to remember. It also suggests using numbers and special characters to create a complex password that’s difficult to guess.

Other reasons to consider using a password manager

Still not sure a password manager’s right for you? Here are just a couple reasons you may want to consider using one. 

Simplicity

Do you have a spreadsheet that lists all your passwords? Or do you click “forgot password” when you log in because you’re tired of trying to keep track of your passwords?

When you use a password manager, you only need to remember a single master password. With that one password, you can gain access to the passwords and additional information you need to manage your online accounts.

Versatility

Many password managers have apps you can download, so you can use them on your mobile devices. Whether you’re using a desktop, laptop or smartphone, you can access your password manager.


What’s next

While there’s no foolproof solution to ensure you don’t get hacked, a password manager can help keep your online accounts secure — especially if you choose a strong master password that’s difficult to guess. And because your data is stored in one location, it can also save you time by streamlining the management of your accounts.

“I think you’ll very quickly find that life is much easier when you have one of these,” Barnum says.


About the author: Jennifer Brozic is a freelance financial services writer with a bachelor’s degree in journalism from the University of Maryland and a master’s degree in communication management from Towson University. She’s committed… Read more.