Are password managers safe?

Since password managers store highly sensitive data such as account logins, payment information, and other personal records, it’s natural to wonder if they are safe and how well they protect your information.

In short, password managers can be safe as long as you choose your provider carefully and follow security best practices.

In this article, we’ll cover the various types of password managers and how they keep your info secure. We’ll also dive into their benefits and drawbacks and list some trustworthy providers. Finally, we’ll discuss whether free password managers are worth it and answer some FAQs.

How do password managers store passwords?

Password managers store your info using strong encryption, making them unreadable without the correct key. Most use AES-256 or XChaCha20 encryption, both of which would take an unrealistic amount of time to crack. This ensures that even if someone accessed the stored data, they couldn’t decipher your passwords.

The top password managers feature a zero-knowledge system that adds another layer of security by encrypting passwords before they reach the provider’s servers. Since you only have the decryption key, the vendor can’t read your stored credentials. Some apps also scan for leaked logins and assess password strength, helping you avoid security risks.

Your only concern is coming up with a strong, unique master password and storing it securely. We also recommend adding two-factor authentication (2FA) or other verification steps (e.g. face/fingerprint scan) to minimize the chances of a breach.

What if your master password is compromised?

We can’t stress the importance of 2FA enough. If someone gets a hold of your main password, they won’t be able to break into your account without the added verification.

For extra peace of mind, consider adding a unique code word, like “spaghetti,” to the end of each important password, but leave it out of the password manager.

This way, even if someone gains access to your stored passwords, they won’t have the correct ones for critical accounts like email or banking. It’s also helpful against software vulnerabilities and device theft, especially when combined with face ID/fingerprint scanning.

Otherwise, if you suspect your system has been infected with malware, start fresh with a complete OS reset and update your passwords to avoid headaches.

Password manager categories

There are three basic kinds of password managers, each with their own strengths and weaknesses. Below, we’ll cover browser, cloud, and app-based password managers and see which is the safest option.

1. In-browser password managers

While they are free and don’t require installing a separate app or subscribing to a service, browser-based password managers have some key drawbacks to keep in mind:

• Limited to one browser: Importing passwords from one browser to another usually involves creating an unencrypted .csv file on your system, which can be a security risk if not handled properly. Plus, syncing across browsers isn’t possible.
• No password health check: Browser-based managers don’t flag weak or recycled passwords. You’ll need to use a third-party service (such as HaveIBeenPwned) to check if your credentials have been involved in a data breach.

The lack of a password generator used to be a problem as well. Without this feature, most people default to weaker passwords that are easier to crack. Fortunately, major browsers like Chrome, Firefox, and Safari have implemented built-in tools to generate strong passwords automatically. Not all browsers may have one, so keep that in mind.

2. Cloud password managers

Cloud-based password managers like Dashlane, NordPass, and 1Password offer better security than browser-based options, with extra features to protect your data across multiple devices. Here’s what you need to know:

• Easy password backup: Cloud-based managers keep an encrypted copy of your vault online so you can restore your data if needed.
• Store more than passwords: Whether it’s credit card info, secure notes, or other important details, you can keep them all in one convenient place.
• Password health checks: Find and fix weak, repeated, or exposed passwords with built-in scanning tools and generate stronger ones.
• Cross-platform support: Sync passwords across browsers and devices for seamless access.

Of course, it’s not all sunshine and rainbows. Cloud platforms have a couple of downsides that might deter some users, such as:

• Cloud storage risks: Storing passwords in the cloud means they could be targeted by hackers. That said, reputable providers use advanced encryption to minimize risks.
• No internet, no access: Some managers won’t function without a connection, which could lock you out when you need your passwords most. Luckily, some offer offline support as well.

3. App-based password managers

If you want to minimize attack vectors on your password vault, getting a separate password managing app (e.g. Dashlane, 1Password, KeePass) is the safest choice.

Even if your vendor suffers a data breach, your passwords and other info are safe and sound in an encrypted format on your local system. That said, you’ll have to manage your own backups, and there’s no option to sync passwords across devices like with cloud-based setups.

This can be a huge problem if your device is stolen (or otherwise accessed without your permission), or if a hardware issue leads to data loss. Always keep a separate backup and secure your devices against unauthorized access.

What are the benefits of a password manager?

Here are the top reasons to use a password manager, including some less obvious ones:

1. Improved security

A good password manager encrypts your data, keeping passwords, payment info, and other sensitive details safe from prying eyes. Again, 2FA and a solid master password are essential if you don’t want anyone breaking into your vault.

Even if your device gets stolen, you’re the only one who can access your data. The same can’t be said if you keep your passwords in a notebook or unsecured document on your system.

2. Password generation

With a password manager, you don’t have to rely on weak, memorable passwords. Most services let you generate and store long, complex passcodes, ensuring each one is unique and much harder to crack.

This protects you from so-called credential stuffing, a common attack where hackers use leaked passwords to break into multiple accounts. Since each login is unique, even if one password gets exposed, the rest of your accounts stay secure.

3. Easy access across devices

Not having to memorize any of the passwords you generate is a plus to convenience. No more resetting a password because you can’t remember if the “!” came before or after the totally random string of numbers.

Even better, syncing keeps your logins accessible on all your devices, so you can sign in whenever necessary. Many password managers also offer secure password sharing, so trusted contacts can access your accounts without texting sensitive details.

4. Defense against phishing

Phishing sites trick users into entering their credentials on fake login pages. A password manager detects legitimate websites and only autofills passwords when the URL is an exact match, thus helping you avoid scams.

Are there any risks with using a password manager?

As with anything that involves online data, password managers carry their own set of risks. Here’s a quick rundown of each, along with some preventative measures:

• Data breaches: Cloud-based providers store your encrypted info on their servers. If hackers manage to breach their security systems, your password vault ends up on the dark web. Choose a reputable password manager with a clean track record of avoiding breaches, create a strong master password, and use 2FA to improve your security.
• Backup issues: Using a standalone app to store your passwords? Then make frequent backups and store them securely to prevent losing them. For cloud-based services, choose a provider with proper backup systems in place to avoid the same issue.
• Password sync: While it’s convenient to sync your passwords across all your gadgets, if one of your devices is infected with malware, attackers could steal your valuable logins, payment details, and more. Use a capable antivirus to keep your devices safe.
• Vendor problems: Let’s face it, not every app or service is worth the money. Some may have poor security practices or lack essential features that protect your data. While it may be a pain to research which password managers are safe, it’s worth taking the time to find one with strong encryption, regular security audits, and a solid reputation.

We’ve listed a few solid options in the next section so you know where to start looking.

What are the best password managers?

Our breakdown of the best password managers covers both free and premium features, but here’s a quick look at each:

1. Dashlane: Our top pick. Beginner-friendly password manager with a handy premium version that includes dark web monitoring, automatic sync and backups, and the option to add 2FA protection.
2. Sticky Password: Great all-rounder and very affordable. Free version includes most things you’d need, including unlimited password storage, 2FA, biometric authentication, and more. Upgrade to premium for easy sharing, sync, and cloud backups.
3. NordPass: With unlimited password storage, a built-in generator, and secure note/credit card info storage, the free version has all you need to get started. You’ll want the premium plan to use it on unlimited devices simultaneously, along with many extras.
4. Password Manager Pro: Ideal for businesses. Comes with role-based access controls and advanced security, helping you manage multiple users and credentials securely and in compliance with industry standards.
5. 1Password: Perfect for families and businesses. Has shared vaults, access controls,  and Watchtower, which checks for weak or reused passwords and data breaches to keep your logins secure. No free version, unfortunately.
6. KeePass: Open-source password manager with a strong security offering. It’s great if you want full control over your passwords, though we only recommend it for tech-savvy individuals due to its complexity.

See also: The best enterprise password managers

Are free password managers safe?

Yes, free password managers are generally safe, especially if you go with a trusted provider. They use the same encryption standards as their premium counterparts, and some offer basic security features like 2FA for extra protection.

That said, they come with some limitations, such as lacking password health checks, dark web monitoring, or being limited to one device. On that same note, you may be unable to sync passwords across devices on the free version, which can be a hassle.

Moreover, lesser-known providers may sell your data to make money, so be sure to do your research before entrusting your logins to any company.

Which password manager has never been hacked?

There are numerous password managers out there, so this isn’t an easy question to answer. That said, here are some notable password managers that have never been hacked or experienced a data breach:

• Dashlane
• NordPass
• Sticky Password
• KeePass
• Bitwarden
• Password Manager Pro

Meanwhile, 1Password was involved in a data breach situation due to Okta, yet no user data was exposed thanks to 1Password’s vigilance and prompt action. We’d say that makes a real difference if you’re looking for a password manager that’s never been hacked.

Of course, nothing is infallible, as security researchers constantly warn vendors of password manager vulnerabilities. As such, you should still use strong, unique passwords, turn on two-factor authentication, and keep your software updated to stay secure.

Feels like a lot, doesn’t it? Well, that’s the sad truth of it. While password managers are safe and offer strong protection, maintaining your online security is an ongoing process.

Are password managers safe? FAQs