Are password managers safe?

Young woman using laptop at the window sill Young woman using laptop at the window sill Image:

In a Nutshell

Although no one can completely guarantee the security of your online accounts, password managers offer a level of protection you probably don’t have if you’re managing your passwords yourself.

We generally make money when you get a product (like a credit card or loan) through our platform, but we don’t let that cloud our editorial opinions. Learn more about how we keep this compensation from affecting our editorial views.
Advertiser Disclosure

We think it's important for you to understand how we make money. It's pretty simple, actually. The offers for financial products you see on our platform come from companies who pay us. The money we make helps us give you access to free credit scores and reports and helps us create our other great tools and educational materials.

Compensation may factor into how and where products appear on our platform (and in what order). But since we generally make money when you find an offer you like and get, we try to show you offers we think are a good match for you. That's why we provide features like your Approval Odds and savings estimates.

Of course, the offers on our platform don't represent all financial products out there, but our goal is to show you as many great options as we can.

Password managers provide a simple way to store, manage and retrieve passwords for online accounts. While that sounds appealing, there’s one question left to answer before you entrust your online security to an app: Are password managers safe?

To help answer that question, let’s first consider the alternative to using a password manager.

Security experts recommend using a different password for different accounts to help reduce your risk of being hacked, but consumers often don’t follow this advice. According to a 2015 report by password manager app Dashlane, the average number of accounts registered to one email address in the U.S. is 130.

Can you imagine keeping track of 130 unique passwords, whether in your mind or on a scrap of paper? The former sounds like a headache, while the latter can be stolen or misplaced.

A password manager that can both organize your passwords and help keep them secure seems like a better option. And yet some people remain skeptical about password managers. Let’s dig into how safe these apps really are.



What is a password manager?

At the most basic level, a password manager is a program that generates, encrypts and stores passwords for your online accounts. To retrieve your passwords, you generally enter a master password that unlocks your stored information.

But some of the best password managers don’t stop there. They also offer a variety of other features, which may include …

  • Two-factor authentication, so you can bolster your account’s security with a second piece of information that’s required to finish the login process
  • Fingerprint support for mobile devices, so you can sign in to your password manager’s app with just a touch of your finger
  • The ability to store additional account information, such as account recovery codes and answers to security questions
  • Digital file storage, so you can upload important records
  • A digital wallet option that stores your account information, like credit card numbers, for a streamlined shopping experience
  • Security alerts that notify you if the password manger thinks your online account has been compromised
  • Sharing features that let you securely share information with friends and family

Many password managers feature a browser extension for easy access to your saved passwords while you’re browsing online. Depending on the password manager, you can install the extension in a compatible web browser (Chrome and Firefox are typically good bets, though compatibility may vary). After it’s installed, you can log in from your browser and access your information when you need it.

If you want to use a password manager on your mobile device, you may need to download an app to get access to your passwords.

Are password managers safe?

While we can’t vouch for every single password manager out there, using a trusted password manager may be safer than not using one.

Going it alone can mean reusing the same password again and again — a risky approach, at best. If a hacker gains access to just one of your accounts, your entire digital life could be compromised.

With a password manager, you won’t need to rely on simple, weak passwords that are easy for you to remember (and can be easy for hackers to guess).

Password managers offer a password-generator feature that can create strong passwords to help keep your accounts more secure. And many password managers feature two-factor authentication as an added layer of security.

FAST FACTS

What is two-factor authentication?

Two-factor authentication requires a second piece of information that only you have access to — such as a digital code or USB device — to verify your identity every time you log in. Because you need this information in addition to your username and password, it becomes even more difficult for someone to gain unauthorized access to your account.

Many password managers allow users to enable this feature for added security. But even if you don’t enable two-factor authentication for use all the time, password managers often require it if you’re logging in on a new device to ensure you’re you.

Many password managers also use encryption to protect your passwords and other information stored in your account. And many limit access to your data by encrypting and decrypting it on your device and not on their servers, so your master password is available only to you — your password manager can’t access it.

What if my master password is compromised?

By now you may be thinking, “That all sounds great … but what happens if someone gets ahold of my master password?”

The bad news is that they could gain access to your account and all the information stored there.

If you follow best practices by creating a strong password and keeping it safe, “the risk is pretty low that somebody’s going to hack it,” says Caleb Barnum, principal solution consultant for electronic payments company ACI Worldwide.

But it’s still possible. To help reduce the risk of having your account hacked, Barnum recommends selecting a password manager that uses two-factor authentication and choosing a “complicated and obscure [master password] that only you would know.”

If you can’t think of one, the United States Computer Emergency Readiness Team suggests using a mnemonic device for a phrase or sentence that’s easy for you to remember. It also suggests using numbers and special characters to create a complex password that’s difficult to guess.

Other reasons to consider using a password manager

Still not sure a password manager’s right for you? Here are just a couple reasons you may want to consider using one. 

Simplicity

Do you have a spreadsheet that lists all your passwords? Or do you click “forgot password” when you log in because you’re tired of trying to keep track of your passwords?

When you use a password manager, you only need to remember a single master password. With that one password, you can gain access to the passwords and additional information you need to manage your online accounts.

Versatility

Many password managers have apps you can download, so you can use them on your mobile devices. Whether you’re using a desktop, laptop or smartphone, you can access your password manager.


Bottom line

While there’s no foolproof solution to ensure you don’t get hacked, a password manager can help keep your online accounts secure — especially if you choose a strong master password that’s difficult to guess. And because your data is stored in one location, it can also save you time by streamlining the management of your accounts.

“I think you’ll very quickly find that life is much easier when you have one of these,” Barnum says.

If you’re interested in learning more about password managers, read our article on the best password managers of 2018.


Editorial Note: Credit Karma receives compensation from third-party advertisers, but that doesn’t affect our editors' opinions. Our marketing partners don’t review, approve or endorse our editorial content. It’s accurate to the best of our knowledge when it’s posted.