- Password managers are the safest way to keep track of your passwords, as they allow you to use stronger passwords without needing to memorise anything.
- Security experts generally recommend using password managers to keep your data safe.
- Password managers usually rely on a “zero knowledge” technique, where the company that runs the manager doesn’t know your passwords – this keeps your data safe even if the company is hacked.
- Visit Business Insider’s Tech Reference library for more stories.
A password manager promises both security and convenience.
By remembering your usernames and passwords for you, you’re free to give all your online sites and services strong, unique passwords without needing to memorise them all.
All you need to remember is a single password to unlock the password manager.
But how trustworthy are password managers, and is it safe to give one all your passwords?
Here’s what you need to know about password managers, and how they keep your data safe.
Password managers are the safest way to keep track of your passwords
“Password managers are safe, and far safer than not using one,” said Ron Culler, senior director of technology and solutions at ADT Cybersecurity.
That’s partially because password managers encourage users to practice good security hygiene – you can make every password unique, and every password long and complex.
In the early days of the internet when we only had to track a dozen passwords, it might have been possible to do that manually. The password manager company LastPass has said that its average user manages 191 passwords, making a tool like a password manager essential.
The way that password managers work is simple: you save all your passwords to the manager, and then create one “master” password for all of them. When you sign into a site, you just use that one master password – it’s the only one you need to remember.
That means you can make this one password lengthy and strong. Enabling two-factor authentication in the password manager app adds even more security.
Most importantly, all leading password managers use a technique called “zero knowledge.”
Zero-knowledge security means that although the password manager knows your passwords, the company that makes the manager doesn’t.
Chris Hallenbeck, chief information security officer for cybersecurity firm Tanium, described it to Business Insider like this: “What makes a password manager safe is its Zero Knowledge security model that consists of three layers of defence: the encrypted user data, the manager’s password which is not kept on the system, and the security key. A hacker would need to break down all three defences to get access to the information.
“While these layers of defence don’t rule out all hacks and exposure, they greatly reduce the risk that a password manager could be hacked by a middleman,” Hallenbeck said. It also means that if a password manager company gets hacked, that intrusion can’t compromise customer data.
“Any tool has weaknesses,” said Mike Kiser, a senior identity strategist at security firm SailPoint. But Kiser points out that you’re far more likely to be the victim of a low-tech phishing attack than have your password manager get hacked. “I’d still use one,” said Kiser. “The advantages far outweigh the security risk.”
So, to takeaway: no solution is perfectly safe all the time. But using a password manager is possibly the best way to protect your data.