Is it safe to use a password manager?

Passwords are the key to unlock pretty much anything on the internet today. It can’t be emphasized enough how important they are to protect netizens around the globe. But, password security is rarely taken seriously. More often than not, people use the same password for every account. If one password is compromised, then everything else goes down with it. Some passwords aren’t even secure and can be guessed by knowing a few details about its owner.

Anything that’s on your resume should not be used as a password.

Choosing a unique password that can’t be traced back to you in any way and remembering where each password is used is not an easy thing to do. That’s why password managers like 1Password and LastPass have become so popular recently. They allow you to store all your passwords behind an encrypted vault. All you need to remember is one master password to access the vault. Even the people behind the password manager won’t have access to your passwords, as they use zero-knowledge architecture. This means that your passwords are encrypted before they leave your device, so they can’t be decrypted even when they end up on the company server.

But, are password managers safe? Well, not entirely, but it is your best bet to stay secure. It is better than reusing passwords everywhere, and that’s precisely why you should use a password manager anyway. Security is a grey area; no product can be considered completely bug free and secure, but you can rest assured that bugs are patched as soon as they’re found.

The most valuable piece of information about your password manager is your master password. Make sure it is strong and unique. Write it down and keep it in a secure physical location, in case you forget it. It is impossible to become 100% secure, but it is certainly possible to not be low hanging fruit to hackers.

Now, you may be wondering why you need a password manager at all when browsers like Chrome and Firefox (I don’t use other browsers, so I can’t speak for them) have integrated password managers. Well, for starters, browser-based password managers are dependent on your browser. If you store a password on Chrome, it won’t be available on Firefox, and vice versa. This could prove to be a hassle unless you save all your passwords on both browsers, which isn’t a good idea because now you have to protect two locations instead of just one. Which brings me to my next point: your browser’s default password manager isn’t nearly as secure as its independent counterparts anyway.

Passwords are like toothbrushes; change them often and do not share.

On Linux, Chrome will let anyone view all the saved passwords on the browser without any authentication. On Windows, it is protected by your Windows password, which is more often than not insecure and used by multiple people. Anyone who uses your computer will be able to see all your passwords. Firefox, on the other hand, will give anyone access to your passwords regardless of the platform unless a master password is set. Since most people aren’t aware of the master password feature, that’s pretty insecure too.

In some cases, physical access to the device isn’t necessary either. Anyone with remote access to your computer will be able to see all your passwords in plain sight. So yes, use a password manager, but don’t use the default one on your browser.

To summarize, always make sure that you use strong passwords everywhere, following the best password practices. Use a good password manager to help remember all your passwords, and make sure the master password is strong and secure.