Password Managers: Are They Safe To Use?
4 min read
Password managers, in their increasing popularity, beg the question for many, “how safe are password managers?”
The long and short of it is, password managers are safe to use. They use advanced encryption to protect your credentials, while without it, your passwords are left open to increased chance of cyber theft. A shocking 61% of all data breaches involve stolen or hacked login credentials. So, anything that can be done to lessen that number is worthwhile and password managers are no exception.
What is a password manger?
A password manager (or a web browser) stores all your passwords securely, so you don’t have to remember them. That makes it much easier for you to have stronger, more unique, passwords for any of your accounts. It eliminates the need for using the same ‘strong’ password across multiple accounts – which you should never do.
How do password managers secure your passwords?
Password managers use strong encryption algorithms to protect your passwords (such as AES 256-bit encryption, which you can think of as the top-tier standard). So even if a hacker did gain access to your password manager database, they wouldn’t be able to decrypt your passwords without your master password.
Many password managers also use zero-knowledge architecture, which means that the password manager service provider doesn’t actually have access to your master password or your encrypted passwords, so in the event the password manager service was hacked, your passwords would be safe.
On top of that, multi-factor authentication is used on many password managers, meaning you’ll need to enter a code from your phone in addition to your master password when logging in, which adds an extra layer of security.
Why should you use a password manager?
Password managers help create unique, strong passwords.
There really is a plethora of reasons you could consider for using a password manager. Something you might have noticed when creating passwords on your iPhone, for example, is the password generation feature they often have. Password managers can generate strong, unique passwords for all of your online accounts and then securely save them for you, so you don’t need to remember them. This helps you to create passwords that are difficult to guess. That’s part of the their Keychain feature, which is a password manager system built into the operating system.
Reduce human error.
As well as prohibiting unauthorised access password managers also reduce the risk of human error, such as forgetting passwords or using the same password for multiple accounts.
Save you time and effort.
To save time and effort: Password managers can store all of your passwords in an encrypted vault, so you don’t have to remember them yourself. This can save you time and effort when logging in to websites and apps. Password managers can help you to keep track of all of your passwords and make it easy to change them when necessary.
Breach monitoring for added peace of mind.
Some password managers offer breach monitoring, which will alert you if your passwords have been compromised in a data breach. This allows you to change your passwords immediately and protect your accounts from unauthorised access.
The risks of using password managers – “are password managers really secure?”
There will always be online risks. Cyber criminals become increasingly sophisticated, as do the systems they use. Protecting you or your business is about taking proactive steps and a layered approach to cyber security, protecting your systems at every level – and that’s what password managers help you do. They don’t promise to be air tight, but they are absolutely better than using a generic, or easy to guess password, as so many people still do.
So, what are some of the risks associated with using a password manager?
No biometric authentication.
Biometric authentication is ideal for adding another layer of security. This is also much simpler to do these days, thanks to the likes of phones, like iPhones, which in most cases now, require a finger or face scan to access your device. They store this information, which can then be used on specific apps, for example password managers. That means you can configure your password manager to request either a fingerprint or face scan, thereby reducing the chance of being hacked significantly.
All your data is in one location.
This one isn’t exactly a surprise. When you have all of your sensitive information collated in a single place, like your passwords in a password manager, there is the chance (albeit small), that if it is hacked, your sensitive information is accessible. There are of course workarounds for this, like using biometric, or multi-factor, authentication to reduce this from happening in the first place.
Forgetting your master password.
Not all password managers have the option to gain access if you forget your master password. You should be mindful of this when it comes to choosing one. If this happened, you’d need to reset your passwords for every account one-by-one, if you couldn’t remember them.
How to choose a password manager
There’s a number of options when it comes to choose a specific password manager. What’s important is to consider features of any password manager. Here’s a few things to have as a baseline:
- Choose one which allows multi-factor authentication on the password manager account. This means that even if a cyber-criminal knew your master password, they still couldn’t access your account.
- Your master password must be strong. This is true for any password, but particularly this one. A great way to generate unique passwords that you can actually remember is to employ a password system. For example, one system could be 2 random but memorable words, the website name sandwiched in between, 2 tweaks such as changing one letter to a special character and another to capitals, then repeat for each website.
- Install updates for your password manager app as soon as you’re prompted. This means any bugs or crucial updates can always be rolled out, helping to better protect your password manager.
How can we help?
In order to help businesses with their cyber security strategy we offer a completely free data management review which allows us to understand your current position recommend the best way forward. If you need any assistance checking your existing cyber security configuration or would like to discuss improving your organisation’s levels of protection, then please get in touch, we have offices around the country including Hull, Peterborough and Scunthorpe.