What are password managers?
Password managers are tools that help you securely store and manage your passwords. All of your passwords are stored in an encrypted database that is protected by a master password. Password managers are generally considered safe as long as they are setup and used properly, but as with any technology, they can have security risks if they are not used correctly.
How do password managers work?
Password managers work by encrypting and storing your passwords in a database. This database is protected by a master password, which acts as the key to unlocking the password manager and accessing your passwords.
When you create a new account on a website, you can either create your own password or the password manager can generate a strong and unique password for you. This password is encrypted and stored in the password manager’s database, along with the website address and your username.
When you want to log in to a website, the password manager will automatically fill in your username and password, so you don’t have to remember it. Some password managers also have a browser extension that integrates with your web browser, making it even easier to log in to websites.
In addition to securely storing your passwords, password managers can help you manage your passwords by organising them into categories and allowing you to add notes or labels.
What are the benefits of password managers?
- Eliminates the need to remember usernames and passwords
- There is no need to re-use passwords
- Create unique, complex passwords that reduce the chance of your password being compromised through brute force attacks
- Receive alerts you if any of your passwords have been compromised in a data breach
- Sync your password database across multiple devices, so you can access your passwords from anywhere
What are the risks of password managers?
- Some password managers have reported security vulnerabilities in the past and they may not properly protect your password from hackers – we would recommend research before committing to a service
- Some password managers store your password database on their servers, so it’s important to read the privacy policy and understand how your data is being protected.
Which password manager should I use?
We would recommend a password manager that utilises zero-trust and zero-knowledge security. We would also recommend ensuring you set up the password manager correctly and make use of the tools for setting secure, unique passwords across all your accounts.
Using multi-factor authentication
In addition to good password management, where possible you should always implement additional account security. Most often this is in the form of multi-factor authentication. See our blog post on multifactor authentication for more details on when and why you should use MFA.
If you would like to discuss how your organisation is managing cyber security risk, please contact us.