Do you feel safe surfing the internet? It can feel like swimming with sharks: there are hackers, identity thieves, cybercriminals, phishing schemes, and stalkers collecting as much information about you as possible. I don’t blame you if you feel reluctant to store any sensitive information online, including your passwords.

According to Hostingtribunal.com, there is a hacker attack every 39 seconds, and over 300,000 new malware are created every day. They estimate data breaches will cost around $150 million this year, and traditional firewalls and antivirus software will do little to stop it.

are password managers safe

In the article, hackers confess the most significant cause of security breaches: humans. And that’s why a password manager is a crucial tool for staying safe online.

How Password Managers Keep You Secure

Humans are the weakest component of any computer-based security system. That includes passwords, which are the keys to our online memberships. You need one for your email, one for Facebook, one for Netflix, one for your bank.

Wait, there’s more! You might use more than one social network, streaming service, bank, email address. There are all the little memberships we tend to forget about: fitness apps, online to-do lists and calendars, shopping sites, forums, and apps and websites you tried once and then forgot about. Then there are passwords for your bills: phone, internet, electricity, insurance, and more. Most of us have hundreds of passwords stored somewhere on the web.

How do you keep track of them? Too often, people use the same simple password for everything. That’s just dangerous—and a terrific reason why a password manager will make you more secure.

1. They Create and Remember Complex Passwords

Using a short, simple password is as bad as leaving your front door unlocked. Hackers can break them in just seconds. According to a password strength tester, here are some estimates:

  • 12345678990: instantly
  • password: instantly
  • passw0rd: trickier, but still instantly
  • keepout: instantly
  • tuopeek (the previous password backward): 800 milliseconds (that’s less than a second)
  • johnsmith: 9 minutes (unless that’s really your name, which makes it even easier to guess)
  • keepmesafe: 4 hours

None of that sounds good. It’s vital to create better passwords. Don’t use a dictionary word or anything personally identifiable, like your name, address, or birthday. Instead, use a combination of letters, numbers, and special characters, preferably 12 characters or more in length. Your password manager can create a strong password for you at the press of a button. How does that affect the hacker estimates?

  • |{aY\9”*A9/X: 2 million years
  • D-G%ei9{iwYZ: 2 million years
  • C/x93}l*w/J#: 2 million years

And because you don’t have to remember or type those passwords, they can be as complicated as you like.

Password-Managers-Safe1

2. They Make It Feasible to Use a Unique Password Every Time

The reason you’re tempted to use the same password everywhere is that unique passwords are hard to remember. The key is to stop remembering. That’s your password manager’s job!

Every time you need to log in, your password manager will do it automatically; it will type your username and password for you. Or you can use it like a sophisticated bookmark system, where it takes you to the website and login in a single step.

3. They Make You More Secure in Other Ways

Depending on the app you choose, your password manager will offer even more features to keep you protected. For example, it may include safer ways to share your passwords with others (never write them down on a scrap of paper!), store other sensitive documents and information, and evaluate your current passwords’ effectiveness.

You’ll be warned if you’ve reused passwords or chosen weak ones. Some apps will even notify you if one of your sites has been hacked, prompting you to change your password immediately. Some will change your password for you automatically.

Why Password Managers Are Safe

With all these benefits, why are people nervous about password managers? Because they store all of your passwords in the cloud. Surely that’s like putting all your eggs in one basket, right? If someone hacks their website, surely they’ll have access to everything.

Fortunately, significant security precautions have been taken to ensure that it never happens. In fact, their precautions will be much more stringent than your own, making password managers the safest place for your passwords and other sensitive material. Here’s why password managers are safe:

1. They Use a Master Password and Encryption

It might seem ironic, but to secure your passwords so others can’t access them, you use a password! The benefit is that you’ll only need to remember that one master password—so make it a good one!

Most password management providers never know that password (nor want to know it), so it’s essential that you remember it. Your password is used to encrypt all of your data so that it’s unreadable without the password. Dashlane, a premium provider, explains:

When you create a Dashlane account, you create a login and Master Password. Your Master Password is your private key to encrypt all of your data saved in Dashlane. By successfully entering your Master Password, Dashlane will be able to decrypt your data locally on your device and grant you access to your saved data. (Dashlane Support)

Password-Managers-Safe2

Because your passwords are encrypted, and only you have the key (the master password), only you can access your passwords. The company’s staff can’t get them; even if their servers were hacked, your data is safe.

2. They Use 2FA (Two-Factor Authentication)

What if someone guessed your password? It’s crucial to have a strong master password so that doesn’t happen. Even if someone did, two-factor authentication (2FA) means they still won’t be able to access your data.

Your password alone is not enough. Some second factor will need to be entered to prove that it’s really you. For example, the password service may text or email you a code. They might also use face or fingerprint recognition on a mobile device.

Password-Managers-Safe5

Some password managers take even more precautions. For example, 1Password has you enter a 34-character secret key any time you log in from a new device or web browser. It’s unlikely anyone will hack your passwords.

3. What If I Forget My Password?

In my research on password managers, I was surprised to discover how many users complained when they forgot their password and the company couldn’t help them—and they lost all their passwords. There’s always a balance between security and convenience, and I empathize with the users’ frustration.

Your data will be safest if you’re the only one in charge of your password. Some users might be willing to compromise a little if it means they have a backup if they forget that password.

You’ll be happy to learn that many password managers allow you to reset a lost password. For example, McAfee True Key uses multi-factor authentication (rather than just two-factor), so if you do forget your password, they can use several factors to ascertain that it’s you, then allow you to reset the password.

Another app, Keeper Password Manager, allows you to reset your password after answering a security question. While that’s convenient, it’s also less secure, so make sure you don’t choose a question and answer that is predictable or easily discoverable.

4. What If I Still Don’t Want to Store My Passwords in the Cloud?

After everything you just read, perhaps you still don’t feel comfortable storing your passwords in the cloud. You don’t have to. A couple of password managers allow you to save them locally on your hard drive.

If security is your absolute priority, you may be interested in KeePass, an open-source application that only stores your passwords locally. They don’t offer a cloud option or a way to synchronize passwords onto other devices. It’s not particularly easy to use, but it is strongly recommended (and used) by several European security agencies.

Password-Managers-Safe7

An easier-to-use application is Sticky Password. By default, it will sync your passwords via the cloud, but it allows you to bypass this and synchronize them over your local network.

Password-Managers-Safe6

Final Thoughts

If you’re reading this article, you’re concerned about staying safe online. Are password managers safe? The answer is a resounding, “Yes!”

  • They safeguard you by bypassing the human problem. You won’t need to remember your passwords, so you can use a unique, complex password for every website.
  • They’re safe even though they store your passwords in the cloud. They’re encrypted and password protected so neither hackers nor the company’s staff can access them.

So what should you do? If you don’t use a password manager, start today. Then make sure you’re using it securely. Choose a strong but memorable master password, and turn on two-factor authentication. Then commit to using the app. Stop trying to remember passwords yourself, and trust your password manager. It will remove the temptation to use the same simple password everywhere, and keep your accounts more secure than ever.