But while they offer great convenience when it comes to managing dozens of passwords, are password managers safe to use?
Why Do You Need a Password Manager?
Passwords are an essential part of using the internet. Ten years ago you might’ve only needed to remember a handful of passwords. Now, the average user has around 100 passwords. There’s no way you can remember all of them without having to repeat passwords or write them down.
A password manager is software that allows you to store and manage your passwords securely. Some simply keep a secure log, while others generate secure passwords and auto-fill your logins on applications and web pages.
Passwords managers have many benefits, but mainly, they promote convenience and online security. Since most of your online data needs this form of encryption to protect it, those passwords need to be as strong as possible. Especially if they’re the only line of defense and you don’t use two-factor authentication (2FA) on most sites and apps.
How Password Managers Keep Your Passwords Safe
There are two types of password managers. Device-based password managers store your logins natively on your device. And web-based password managers keep your passwords on company servers, allowing you to sync data between multiple devices.
With either option, the only way to access encrypted logins is by using your master password. But when it comes to web-based password managers, you need to look for a service that doesn’t store your passwords unencrypted on their servers.
For example, the LastPass password manager operates on a zero-knowledge policy and uses end-to-end encryption to secure your passwords. LastPass encrypts your password before they leave your device, and are only decrypted locally on your device.
This ensures the utmost privacy and security, where both malicious hackers and company employees have a hard time accessing your passwords.
Additionally, password managers make the most critical element of online security easier to comply with than ever: regularly changing your passwords. Because you don’t have to remember all of your passwords on your own, you can sit down every three months or so, and change them all methodically.
Are Password Manager Apps Safe?
The question of trust is the most important one you should ask yourself if you’re intending to use a free password manager service. After all, companies need to make money, and if it’s not through your subscription fee, then it’s through something else.
LastPass offers a free package, for instance. It comes with unlimited passwords, auto-save and fill, password generator, and 2FA. But is that too good to be true for a free option?
Naturally, a free password manager account won’t have the same benefits as a paid one. When it comes to LastPass, you need to take into consideration support and server downtime.
Because your passwords are stored on LastPass company servers and not locally on your device, if their servers go down, you might temporarily lose access to your logins. Also, the free account only includes basic support functionality, which could make it harder to retrieve your passwords in case of an emergency.
Still, LastPass is one of the most secure companies you can pick to manage your passwords. But security isn’t the same as privacy. LastPass is owned by the company LogMeIn, which highly values its users’ security, but not so much their privacy.
According to LogMeIn’s privacy policy, they keep your personal information and any data that can be used to identify you fully private.
But the same doesn’t apply to your behavioral data. They log anything from user IP addresses to the most used sites on LastPass, along with hardware specification, location, and even language settings. They share them with affiliated, third-party companies to perform user analysis and run customized ads.
Different companies follow different policies. Before creating a free or paid password manager account, go through the company’s privacy policy and record of security vulnerabilities and incidents. There’s no one-size-fits-all, but you can make sure the company you entrust with your passwords and data has the same values as you.
How to Tell if a Password Manager Is Safe
Similar to other apps and software, a password manager’s safety relies on the company that owns it and how much it cares about users. Before picking a password manager, here are a few questions you should ask yourself.
Can Others See My Passwords?
For both privacy and security reasons, look for password managers that follow a zero-knowledge policy and use end-to-end encryption. This ensures your data is only decrypted when you’re using it and not during storage and transfer.
Is Data Stored Locally or on Company Servers?
Some password managers only store passwords locally on your device. This doesn’t only make it inconvenient to sync between devices; it’s up to you to keep them safe. However, you’re less likely to get targeted compared to a password manager company servers.
Does It Have a Clean Enough Record?
Any tech company that’s been around for a while is bound to suffer from at least one security incident or data breach.
Before signing up for a particular password manager, do a quick Google search of the company. Find out their latest security incidents and vulnerabilities. If they’re too frequent and severe, try another one.
Does It Have Two-Factor Authentication?
Password managers store all of your passwords in one place. It’s important to add a second line of defense along with the master password. 2FA technology is widely available and most apps allow you to enable the option.
If a password manager doesn’t have 2FA, maybe they aren’t that serious about user data security.
How Secure Are Password Manager Apps?
Password managers are safer than the alternative, but whether their safety rise to your standards is something only you can decide.
But it’s safe to say that not all password managers are equally safe. They all prioritize different elements whether it’s price, convenience, or security. Make sure you know which you want to prioritize too.