Password managers used to be something obscure and only used by tech-savvy people, but today we’ve moved well past that point. Many experts have started to openly talk about the benefits of using a password manager for the average person, and there has been an active push to make the technology more mainstream.
Today, most browsers offer this as built-in functionality in one way or another, and many people are aware of the benefits of using a password manager. So, let’s take a look at how password managers work—and whether they are something you should be looking into yourself.
The Problem With Secure Passwords
Pretty much every website, app, and service out there is going to impose some requirements for your password. It must often contain at least one capital letter, one special character, one digit, and so on. The intention is obvious: this prevents people from using simple passwords. But the final result is often a bit counterintuitive.
Since those passwords aren’t really something you can easily memorize, people tend to do one of two things. They either write them down in some unsecure spot, or just memorize one password and keep reusing it everywhere. Both of those are obvious problems, but the root cause here is that people simply aren’t good at memorizing a long list of unique, secure passwords.
How a Password Manager Works
Password managers relieve you of needing to remember multiple codes by storing everything for you. There are different applications that are popular on the market right now, and they all have their own specific style of handling things. But the basic idea is the same.
Your passwords are stored in an encrypted manner, and can only be retrieved by unlocking the encryption. This can be done in various ways, not just by inputting a “master password”. For example, some password managers allow you to unlock them by providing a specific, unique file.
Most of the popular password managers on the market also come with other nifty features. For example, they will usually automatically generate secure passwords for you according to customizable rules. They may also support automatically inputting the password for supported sites.
Isn’t This Like Writing Down Your Passwords on Sticky Notes?
At this point, you might be wondering how this is any different from a slightly fancier version of simply writing down your passwords on paper. The main difference is that the password vault is encrypted, preventing anyone from accessing it without the right credentials.
With certain password managers, potential attackers may never even get access to the main database file itself. This is especially common with hosted services.
Password managers also typically make it more difficult for attackers to steal your passwords when your computer might be compromised. For example, they might scramble the input when entering the password into the appropriate field, making it more difficult to obtain useful information with a keylogger.
Some password managers also automatically clear your clipboard after a short period (around 10-15 seconds), ensuring that you don’t accidentally forget that you’ve copied your password and preventing you from pasting it somewhere unintended.
Password Managers Built Into Browsers
Most modern browsers also support similar functionality on a native level. However, the security of those password managers is questionable.
With Firefox, for example, you don’t need a master password by default to access the full list of stored credentials. This means that anyone with physical access to your computer could potentially copy all of your stored passwords. Such an issue can never happen with a good password manager if you’re using it correctly.
That’s not to say that those password managers are completely useless. They can still come in handy for random accounts that you rarely use and don’t care about that much. But for anything more serious, which could potentially be used for malicious purposes, you should definitely consider using a more suitable solution instead.
Hosted vs. Local Password Managers
One of the main choices you’ll have to make when picking which password manager to use is whether you want to go with a hosted one, or one that you run locally. The basic difference is that a hosted password manager stores your passwords on the company’s servers, while a local one runs on your own computer and stores everything in a file on your hard drive.
There is no right answer here. Both have their advantages and disadvantages. Here are some key points to consider.
A hosted password manager:
- Can be accessed from anywhere.
- Doesn’t store anything locally, making it less prone to physical attacks.
- Might come with a subscription cost.
- If the company is ever compromised, you might be affected.
A local password manager:
- Stores passwords in a local file, making them only accessible when you have physical access to the file.
- Typically doesn’t work for mobile devices without extra effort.
- Lets you put your security in your hands. You control the database and whether it exists on other devices.
- Is usually free.
There are also some mixed options. Bitwarden, for example, allows you to use their password manager through a subscription service hosted by the company. But you also have the option of downloading a standalone version and hosting it yourself for free.
You should research both options. Both are suitable for users without much experience with technology, even if a locally run password manager might seem slightly more complicated. There are popular products in each of those categories though, so no matter what your preference is, you will be able to find something that suits your needs.
Now You Know How a Password Manager Works and Can Protect Yourself Better
Ignoring company breaches, the only reason you might get your credentials leaked is if you make a mistake in using the program in the first place.
Most of the good password managers are made to be pretty much foolproof, and require very little in the way of setup to ensure their correct use. Take some time to familiarize yourself with how your password manager works before going all-in. And remember that there is no shortage of online communities you can turn to for support if you get stuck!
Are you looking for buy a password manager? You might consider a paid-for service instead. Here’s how to decide.
About The Author