Antivirus Guide

Understanding Password Managers

Want to increase your security while making your online life a little more convenient? Two words: password manager.

All of our content is written by humans, not robots. Learn More
By
&
Brett Cruz
Gabe TurnerChief Editor
Last Updated Nov 8, 2024
By Brett Cruz & Gabe Turner on Nov 8, 2024

If you’re anything like us, you have tons of different accounts online. Now, imagine someone finds the login information for your Facebook account. And because you use the same password for your online banking account, they can now access your hard-earned money. From there, your entire life crumbles.

We’re not trying to scare you; we’re saying this to impress upon you the importance of good password management. Ideally, you want to create strong, unique passwords for every single one of your online accounts. But is it really possible to memorize hundred-character long unique passwords for every online account? No, which is why password managers exist.

But what exactly is a password manager? How do they work? Are they safe to use? How much do they cost? Don’t worry — we’ve got all of the information you need to make an informed choice about whether or not you need a password manager.

Did You Know: According to the Identity Theft Research Center, there were 3,205 data breaches in 2023.1 That’s almost double the number from the year before. If you haven’t been involved in a breach yet, it’s really just a matter of time.

What Is a Password Manager?

A password manager is a specialized digital tool designed to help people safely and securely store the passwords they use online. Some can also store other sensitive information like credit card numbers and documents.

Testing out 1Password’s Watchtower feature
Testing out 1Password’s Watchtower feature

At their core, password managers function like a digital vault. When you start using one, you’ll typically create a single master password that will access the secure storage. Rather than trying to remember all your passwords — especially since it’s best practice to use a different one for each account — a password manager lets you use strong and unique passwords without fear of forgetting them. The software can simply autofill your login details as you browse the internet.

Got it? Great. Let’s refine our focus a little and talk about some of the key features you’re going to see when you’re shopping around for a password manager.

FYI: You might not know it, but you’re probably already using a password manager. Most browsers these days, including Chrome and Safari, come with a basic password manager, but read on to learn why we recommend premium password managers like NordPass and 1Password.

>> Compare Services: NordPass vs. 1Password

Password Manager Key Features

While storing a bunch of unique passwords is their primary job, that’s not all a password manager does. They are equipped with a bunch of features designed to enhance your digital security and make browsing the internet a more seamless experience.

Password Generation

We’d call this the secondary function of any worthwhile password manager. Look for one that can create complex, random passwords that meet specific criteria like length and character variety. The more passwords you’re using like these, the better your online security will be.

At the minimum, a password generator should be able to create passwords with:

  • Eight or more characters in length.
  • A mix of numbers, letters and special characters.
  • Uppercase and lowercase letters.

After that, generated passwords should be stored automatically in the vault.

Pro Tip: Use our password strength checker to see how secure your passwords are, or you can use our random password generator to make them really unique.

Cross-Platform Syncing

Password managers auto-fill synced passwords on any device you own
Password managers auto-fill synced passwords on any device you own

Few people use just one device. A lot of us have desktops, laptops, smartphones and tablets. Fortunately, many state-of-the-art password managers offer syncing capabilities, which lets you access your passwords across multiple devices. That means the passwords you store using your desktop can also be autofilled on your mobile devices. This feature ups the convenience factor significantly.

Security Audits

This is a pretty interesting feature that we like pointing out to folks. Some password managers will perform security audits to help you determine the strength of your passwords. They’ll also point out weak or reused passwords and help you update them. Some can also alert you if one of your passwords has been included in a data breach. This is one thing Chrome’s password manager does well. It doesn’t, however, scan your password list for reused passwords. Remember, ultimately, you want to be using strong, unique passwords for every single one of your accounts.

Secure Storage

A good password manager takes security seriously
A good password manager takes security seriously

Lastly, a good password manager will encrypt your stored data, making it unreadable to anyone without the master password. That’s an important layer of protection against data breaches and hacking attempts. Even if someone manages to gain access to your device — or even the password manager company’s servers — encryption will make sure that all they’d see is a garbled mess.

Encryption is a critical component of a password manager, so let’s take a second to understand it a little better.

Understanding Encryption

Encryption is a really important concept in the world of digital security. When it comes to using password managers, it’s all-important. That’s why we ask that you stay with us as we discuss what it is and what it does. In return, we’ll try to explain it as simply as we possibly can.

Password managers such as NordPass encrypt all saved passwords and logins
Password managers such as NordPass encrypt all saved passwords and logins

In the most basic terms, encryption is the process of converting readable data into a coded format that can only be accessed or decrypted by authorized users. When you save a password in a password manager, that information is transformed into an unreadable scramble of letters and symbols using complex algorithms. Even if someone were able to access your password vault, they won’t see your passwords in plain text without decrypting them first.

In password managers, the encryption process typically involves two main types of encryption:

  • Symmetric encryption: This uses a single key to both encrypt and decrypt data. Similar to a house key, a symmetric encryption key will both lock and unlock your passwords, so secure key management is necessary.
  • Asymmetric encryption: This involves a pair of keys — a public key for encryption and a private key for decryption. The dual-key system enhances security, as the private key is never shared.

Both encryption types have pros and cons. For example, you might think that asymmetric encryption is better overall, but it’s actually vulnerable to quantum computing attacks. That is, using a quantum computer, attackers can brute-force asymmetric encryption and crack it. The same type of attack will only weaken — but not completely break — symmetric encryption.2 We should note that there are only over a hundred quantum computers right now in the whole world3 — most if not all of which are in the hands of research organizations.

>> Compare Services: Dashlane vs. Lastpass

Industry Standard Encryption for Password Managers

So what do reputable password managers use for encryption? After testing a lot of them, we’ve noticed that most use 256-bit AES, which is a symmetric encryption standard. It’s the same standard most VPNs use to encrypt traffic.

256-bit AES is widely regarded as the most secure while remaining practical. Researchers believe it would take billions of years to crack it, even with the most advanced quantum computers.

NordPass was one of the products we tested that don’t use 256-bit AES, but a similarly strong encryption standard
NordPass was one of the products we tested that don’t use 256-bit AES, but a similarly strong encryption standard

That said, some choose to use different encryption standards. One example is NordPass. When we reviewed NordPass, we saw that it uses XChaCha20, which is also a symmetric encryption type. The company believes that 256-bit AES is starting to show early signs of being crackable and that XChaCha20 will be the standard in the long run. We’re holding to see if that is going to be the case, but the point is, any reputable password manager should be using an encryption standard recognized by digital security experts, such as ourselves.

What Are the Benefits of Using a Password Manager?

We’ve already talked about what password managers are capable of, but let’s reframe the conversation and take a look at the benefits of using them. While some of these are immediately apparent, others are a little more high-level.

Enhanced Security

The first and primary benefits of using a password manager is that they improve your security by helping you manage your digital footprint. Password managers generate complex, unique passwords for each of your accounts, minimizing the risk of hacking and unauthorized access. Really, they help you avoid one of the most common digital security pitfalls — using easily guessable passwords or reusing passwords across multiple sites. No more using “password1” as your login!

Convenience and Efficiency

So like we said above, it’s not really feasible to memorize dozens and dozens of extremely long, incredibly complex passwords. With a password manager, though, you only need to remember one master password. The manager takes care of storing and autofilling all your other credentials, making logging into all of your various accounts really easy. No more typing in 900 variations of the same password you used to use in college to get into your Netflix account!

Password Health Monitoring

A password manager can help you monitor your password health and update old or reused passwords.
A password manager can help you monitor your password health and update old or reused passwords.

We all love data analytics, right? Well, a lot of password managers we’ve reviewed include features that can take a look at your password strength and your overall security practices. They can show you where you’ve repeated passwords, and some even let you know if they are compromised once, prompting you to update them as soon as you can. We really like password managers that take this kind of proactive approach.

Secure Sharing Options

For teams at work and families at home, solid password managers will allow the secure sharing of credentials without revealing your actual passwords. This is really useful for collaborative work environments or shared accounts. You might want to talk to your IT staff at work to see if they’re interested in a really easy solution to credentialing.

Overall Peace of Mind

Hey, not for nothing, knowing that your passwords are securely managed can reduce a lot of anxiety about your online security. Plenty of folks think that data breaches are just a fact of modern life. To an extent, they’re right, but using a password manager along with strong unique passwords for each account is a way to minimize their impact.

Are Password Managers Safe?

Our expert testing and assessing the security of Dashlane
Our expert testing and assessing the security of Dashlane

All right, so you might be asking yourself at this point if using a password manager is safe. I mean, after all, you are sticking all of your login information in one place and trusting that a company isn’t going to leak it. You might be wary of using a password manager, and that skepticism is good! Here’s a quick look, though, at how to determine if the password manager you’re considering is safe to use.

Look for Strong Encryption

Most reputable password managers employ advanced encryption standards, such as AES-256-bit encryption, to protect your stored data. This means that even if a hacker gains access to the password manager’s database, your actual passwords remain encrypted and unreadable without your master password. They won’t be able to “decode” the information, so to speak.

A lot of free password managers, like the ones you’re going to find coupled with popular browsers, are a little unclear on how they are storing your passwords and how they’re protecting them. High-quality, premium password managers, though, are going to be really upfront with this information.

>> Related: The Best Password Managers for Google Chrome

Check to See if the Company Uses Zero-Knowledge Architecture

In the privacy world, there’s this thing called a zero-knowledge security model. What that means is that the service provider has set things up in such a way that they cannot access your stored passwords. Not that they won’t. They can’t. Big difference. If they are truly zero-knowledge, only you hold the key to decrypt your information with your master password.

See If They Use Two-Factor Authentication

The Passkeys feature of Apple’s Passwords app is an example of two-factor authentication
The Passkeys feature of Apple’s Passwords app is an example of two-factor authentication

If you really take your privacy seriously, look for a password manager that uses two-factor authentication, or 2FA for short. This adds yet another layer of protection by requiring a second form of verification — like a code sent to your phone — when you’re unlocking your vault. This significantly reduces the risk of unauthorized access to your accounts. Even if someone gets their hands on your master password — or even one of your devices — they won’t be able to do anything with it.

Take a Look at Their Security Audit History

Here’s something to keep in mind, too. Reputable password managers will regularly perform security audits and vulnerability assessments, and the best use third parties. These audits help identify and address potential vulnerabilities, making sure that the software remains up to date and out ahead of the latest security threats.

Trustworthy Providers

Now, we’re normally pretty brand-agnostic here. That’s why we personally test and retest all of the security products we review. We want to make sure that a company lives up to its promises and provides great service regardless of the name. That said, generally speaking, choosing a well-reviewed and trusted password manager is kind of important. If it’s from a big-name security provider, you can probably trust it a little more than “davespasswordzmanager.ru.”

>> Compare services: Lastpass vs. Nordpass

Essentially, how safe the password manager you use is a function of how legitimate the service is to start with. One hallmark of a reputable company? How transparent they are. If you can easily find out their privacy policy, their encryption standards and how they bill, you’re probably in good shape. That said, there is an element of personal responsibility here. While password managers provide great security features, ultimately, you’re responsible for your own safety. This includes creating a strong master password, enabling two-factor authentication and not giving your login credentials over to scam artists.

Do I Need a Password Manager?

As with most things in life, there are no real one-size-fits-all solutions. The simple reality is that some folks are going to get more use out of password managers than others. Personally, we use ours a lot. Our off-the-grid uncle? Yeah, not so much.

Checking out 1Password’s browser extension on an iMac
Checking out 1Password’s browser extension on an iMac

With that in mind here are a few types of folks that would benefit most from using a password manager.

If You’re Frequently Online

Ask yourself this — how many online accounts do you have? Can you count them on one hand, or is the number so large you couldn’t start to guess? If you have a ton of accounts online, you’re going to want a password manager. It’ll improve your security while streamlining your browsing experience.

If You’re Handling Sensitive Information

If you work in a field like finance, healthcare or IT where you’re handling sensitive data often, a password manager should be a required piece of software. If your company doesn’t already use one, you might want to suggest a great password manager for businesses to them. Hey, you might just be that hero that prevented the next massive data breach.

If You Share Accounts With Friends and Family

Raise your hand if you share your Netflix account with a friend. All of you? Great. You need password managers. They allow for the safe sharing of credentials without revealing your actual passwords. This is especially important if you haven’t yet taken the hint to use different passwords for different accounts. If your streaming password is the same as your banking password, you might be in a lot of trouble if you break up with your boyfriend.

If you Travel a Lot or Work Remotely

1Password has a Travel Vaul that removes sensitive files from your device when you’re traveling.
1Password has a Travel Vaul that removes sensitive files from your device when you’re traveling.

If you travel frequently for work or just for fun, accessing accounts from different devices can pose a security risk, especially if you’re on public Wi-Fi or using a mobile hotspot. A good password manager will allow for secure cross-device syncing, making sure you can access your passwords safely regardless of where you are in the world.

If You Care About Your Privacy

If you’re someone who really values your digital security and you want to be using best practices, a password manager is a really smart choice. You always want to be one step ahead of potential threats, and using mega-secure passwords is one great way to do that.

If You Don’t Care About Your Privacy

If you’re the type of person who can’t remember your password unless it’s “password,” you really should think about using a password manager. We know, we know, you don’t really care, but trust us. If you haven’t been taking your digital security seriously, you’re probably needlessly exposing yourself to a lot of threats. You don’t want to end up with your identity stolen.

Interested? Good. We know we said above that some folks would get more use out of a password manager than others, but hopefully, you got the impression that way more people would benefit than wouldn’t. If you think you can get some use out of one, here’s what to expect after you purchase a subscription.

How Do I Use a Password Manager?

All password managers are built a little differently, so these steps might change slightly from provider to provider. Generally speaking, here are the steps you’re going to take to purchase one and get it set up.

You can easily import your saved passwords into your password manager vault.
You can easily import your saved passwords into your password manager vault.

1. Create Your Account

Once you’ve read our password manager reviews and selected the service that’s right for you, you’re going to download that company’s app or visit its website to create your account. You’ll be prompted to set up a master password — this is the only password you’re going to need to remember from here on out. Make it strong and unique, as it will grant you access to all your stored credentials.

2. Set Up Two-Factor Authentication

If your password manager has 2FA built in, use it. Remember, this adds an extra layer of protection by requiring a second form of verification, like a text message or authentication app, in addition to your master password. That way if someone ever gains access to that master password, they aren’t going to be able to access anything.

3. Import or Add Your Passwords

With most password managers, you can either import existing passwords from your browser or start fresh by manually entering your login credentials. Many password managers offer browser extensions that can automatically capture passwords as you log in to accounts, making this process a lot easier.

4. Use the Password Generator

Here’s where you really increase your security. Take advantage of the password generator feature to create strong, unique passwords for each of your accounts. Remember to use different passwords for different accounts to really maximize your security because the manager is going to store these generated passwords for you. You don’t have to memorize anything!

5. Organize Your Vault

Most password managers allow you to categorize your saved credentials — think work, personal and financial. Organizing your vault can make it easier to find specific passwords when you need to. Keep in mind you can also add secure notes or other sensitive information if your password manager allows it.

6. Autofill and Log In

Once your accounts are saved, you can start using your password manager. In practice, it will autofill your login credentials to quickly log in to different accounts. This helps increase your security, streamline your efforts, and cut down on fat-fingering your password and getting locked out of things.

Pro Tip: Make it a habit to periodically review your stored passwords. Use any built-in security audit features to identify weak or reused passwords and update them as necessary. Staying proactive about password security is really important!

Are Free Password Managers Sufficient?

Wait a minute, doesn’t your browser already kind of do this?

Well, yeah. Kind of.

Popular browsers like Firefox and Chrome have the capacity to remember your login credentials, but they are nowhere near as secure as premium purpose-built password managers. Here are a few more reasons why using a free service might not be the best idea.

Limited Features

Free versions of services often come with restricted functionality. Advanced features like secure sharing, password health monitoring or two-factor authentication practically don’t exist with free services.

Storage Limits

Some free password managers impose limits on the number of passwords you can store. This is a pretty big drawback if you have a bunch of accounts and want all of your logins to be unique.

Potential Security Risks

While a lot of free password managers say they use “encryption,” the reality is they may lack the robust security measures of their premium counterparts. Some may even monetize their services through ads or by selling user data, raising serious concerns about privacy. Remember, there’s no such thing as a free lunch. If someone provides a free service online, 999 times out of 1,000, they’re harvesting and selling your data.

FYI: If you use a browser password manager, anyone with access to your browser can see your stored passwords. On Chrome, for example, a simple click on the eye icon reveals your passwords.

Less Frequent Updates and Support

In that same vein, free services probably won’t update as regularly as paid ones, which can leave them vulnerable to emerging digital threats. The threat landscape is always evolving, and you need a service that’s going to stay up with the times.

So at this point, you might be rethinking if a free password manager is right for you or whether you want to pony up and go premium. There are a handful of good free password managers out there, but let’s make that decision a little easier by talking about how much these things actually cost.

How Much Do Password Managers Usually Cost?

So here’s the good news: Most premium password managers are cheap. Like, pennies-per-day cheap. With that in mind, most premium password managers operate on a subscription model, typically offering monthly or annual plans. Those prices are going to range from about $3 to $10 per month depending on the features included. If you go with an annual subscription, though, you’ll probably save money in the long term. Our research has revealed most of these annual plans range from between $30 to $60 per year.

Setting up our 1Password account
Setting up our 1Password account

That’s for individuals, though. There are some other common ways of buying these tools as well.

Many password managers also offer family or business plans, which provide a more cost-effective way to manage multiple accounts. Family plans can typically range from $40 to $100 per year and allow multiple users to share a single subscription. Business plans are usually more expensive, often starting around $5 to $10 per user per month, and come with additional features tailored for team collaboration and security management.

Finally, some password managers offer a one-time payment option for a lifetime license. We’ve seen these cost anywhere from $30 to $100 depending on what you’re buying. If you’re looking at a one-time license, though, it’s pretty important to verify what kind of updates and support you’ll receive. We’ve seen some services that do not include future upgrades or customer support.

Final Thoughts on Password Managers

Ultimately, the pros seriously outweigh the cons here, in our opinion. These hugely affordable security tools not only significantly reduce the risks of unauthorized entry to your accounts, they also make your day-to-day digital comings and goings a lot more convenient. No more trying to remember the password for that boutique stained glass supply store that you made six years ago and no more falling victim to data breaches and security leaks. The best of both worlds for less than a cup of coffee per day? Sign us up.

Ready to get started finding the best password manager for you? Check out our guide to the best password managers in the industry today to get pointed in the right direction.

FAQ

  • Are password managers safe to use?

    Yes, password managers are generally considered safe when using reputable services. They employ strong encryption methods to protect your data. However, it’s essential to choose a well-reviewed password manager and use their additional safety protocols like 2FA or biometrics.

  • Are password managers secure?

    Yes, reputable password managers use strong encryption and heightened security protocols to protect your data, making them safer than reusing passwords or storing them insecurely, like in a Word document on your desktop.

  • Do password managers work offline?

    A few password managers have offline functionality, allowing you to access your passwords without an internet connection, while others require online access for syncing.

  • How do I choose a good password manager?

    Look for features like strong encryption, user-friendly interface, cross-platform support, two-factor authentication and a solid reputation in user reviews. Additional features like secure storage are nice finds, too.

  • Do I need to change my passwords regularly if I use a password manager?

    It’s still a good practice to change passwords periodically, especially for critical accounts. Most password managers can remind you to update them as necessary.

Citations
  1. Identity Theft Resource Center. (2021). Identity Theft Resource Center 2023 Annual Data Breach Report Reveals Record Number of Compromises; 72 Percent Increase Over Previous High.
    idtheftcenter.org/post/2023-annual-data-breach-report-reveals-record-number-of-compromises-72-percent-increase-over-previous-high/

  2. Ubiq Security. (2021). 128 or 256 bit Encryption: Which Should I Use?
    ubiqsecurity.com/128bit-or-256bit-encryption-which-to-use/

  3. Time. (2023). Quantum Computers Could Solve Countless Problems—And Create a Lot of New Ones.
    time.com/6249784/quantum-computing-revolution/