Password managers have made a big splash in the world of cybersecurity. A lot of experts are advocating the need for these tools. Yet, at the same time, many IT and cybersecurity experts are against storing every password in the same place. Here’s a quick breakdown of the most significant advantages and downsides of using a password manager.
As a core concept, it isn’t hard to understand the need for password managers. Each year, SplashData releases the list of 100 worst passwords of the year. The top contenders are often the same. Pair that with the half a billion compromised passwords that HaveIBeenPwned has gathered up until now. Many of their records consist of the same reused passwords. It’s easy to see why people need to manage their passwords better.
How Do Password Managers Work?
A password manager is a program, usually an app, that stores passwords in an encrypted digital safe. You can view these passwords at any time. You only need the master password to open said safe. These apps exist to curb the lousy password management habits of writing passwords down or reusing them.
Password managers also help users generate new, more robust passwords. These are harder for hackers to guess or reveal in a brute force attack.
Why Everyone Should Be Using Password Managers Right Now
Pro: There’s Only One Password to Keep Safe
The average person has more than 90 (yes, that many!) accounts to keep track of, and almost everyone will reuse passwords more than 50% of the time. It happens despite people knowing about good password habits and the danger associated with ignoring them. But with so many other things to worry about every day, it’s hard to justify having to remember 90+ unique passwords.
Using a password manager makes things much more straightforward. You only need to remember and protect one password. It works like a key to unlock all other passwords.
In any other case, having one password is a bad security practice. But password managers don’t (or, at least, shouldn’t be able to) see the passwords they store. They pass the encrypted data from a secure server to the user and vice versa.
Pro: Never Lose a Password Again With Backup and Sync
Many password managers — the good ones, that is — enable password backup and sync in secure cloud servers. It allows users to access their passwords from different devices.
It’s also much more convenient in the case that a device ever gets stolen. When you store passwords locally, you can lose them forever, along with that device. But with cloud storage, you can sync saved passwords to a new device.
Pro: Get Stronger Passwords by Generating Them
Weak passwords are still a huge problem when it comes to keeping accounts safe. Password managers have opted to help you with this problem too. They offer to generate unique, secure passwords for new accounts.
They can also generate new passwords to replace old ones. It brings up another critical point. Many experts claim that you need to change passwords often to keep your accounts secure. But it’s challenging to keep track of and remember all those password changes. Meanwhile, a password manager can remind you to change your passwords and generate new ones in an instant. It eliminates the struggle of remembering every password or when you need to replace them.
Why It’s Fine to Be Hesitant About Password Managers
Con: There’s Only One Password That Attackers Need to Steal
Passwords get stolen every day, via individual carelessness and corporate data breaches. Usually, people only have one or two accounts at risk when a password falls into hackers’ hands unless they’ve been using the same one across all their accounts. But if your master password gets stolen, attackers can see all your passwords and thus access all accounts.
So while having a single password to remember is more convenient, it can also make for a much bigger disaster if it is ever compromised.
Con: Even Strong Passwords Can be Stolen
Hackers guessing weak passwords aren’t the only way that passwords get stolen. Someone can have the most unguessable password, and it still won’t be safe. From keyloggers to credential leaks to phishing emails, criminals always find a way to get what they want.
That’s why a password manager shouldn’t be the only form of protection a person uses. Make sure you know what phishing messages look like, use multi-factor authentication, and follow other cybersecurity practices too.
Often passwords are the only things standing in the way of criminals accessing your accounts. That’s why it’s vital to protect them as much as possible. Using a password manager is one way to keep your account passwords safe. But it’s not a reliable method of password protection by any means. Always make sure to keep this in mind with every security tool. No single solution can ever protect against everything.