Are password managers safe? A cybersecurity expert explains
Between email, work and personal accounts, we all have multiple passwords to keep track of. And for cybersecurity, ideally they’ll all be unique, random and complex passphrases rather than passwords. So how do you remember them all?
That’s where password managers come in.
These software programs store, sync and organise your usernames and passwords so you don’t need to commit them to memory. Also known as “password vaults,” they also encrypt those details, making it harder for hackers to access your data.
We asked the experts at ESET for their take, and they said password managers are the best way to keep passwords safe for anyone who has more than one profile online. Here, they explain why.
What is a password manager?
Safe password managers are software programs that store, sync and organise your usernames and passwords so you don’t need to commit them to memory. These “password vaults” also encrypt your usernames and passwords, making it harder for hackers to access your data.
Some programs can also create unique, complex passwords for you, and notify you when one of your sites or accounts has been compromised, so you know to change the password.
How do password managers work?
When you start using a password manager, you’ll need to create a “master password” — and you type that in every time you want to access your vault. Most programs also use two-factor authentication, which means you’ll also be asked to enter a code sent via text or email. This adds an extra layer of security.
Once you’ve signed in, you’ll be able to see all your saved passwords.
Behind the scenes, password managers rely on “zero knowledge” security. This means the software knows your passwords, but the company that runs the program doesn’t — which keeps your data safe even if the company falls victim to a cyber breach.
Are password managers safe?
Yes! Along with being the best way to save passwords, they’re set up in such a way that makes it difficult for cybercriminals to gain access. These are the major safety features and benefits:
They have multiple lines of defence. The best password managers have a few layers of protection: strong encryption, the zero knowledge security key, and your master password — which only you know, and isn’t saved on the system. A hacker would need to find a way past all of those layers before they could unlock your stored passwords. With that in mind, a big part of your password manager’s security rests on your master password. Make sure it’s the strongest, most obscure password you can think of, then memorize it.
They protect your passwords and personal information. For the user, password managers are the most secure way to keep track of all of your passwords and protect the data within any account you access using a password. For example, your banking information, or the credit card details you use when making a purchase.
They encourage you to practice good cybersecurity hygiene. Password managers also allow you to use strong and complex passwords without needing to memorize them. Ideally, you should have a different password for every account — from online banking and shopping to email, Slack and social media. A password manager can not only remember those for you, but also generate unique passwords made up of a mix of numbers, symbols, and uppercase and lowercase letters. Since the passwords are randomly generated, a cybercriminal would have a hard time trying to guess them, even if they have some information about you (such as your date of birth or pet’s name).
They help to prevent password reuse attacks. This is when a cybercriminal successfully steals a users’ email address and password, and then tries to log in to other sites or platforms using the same credentials. Unfortunately, this strategy works a lot of the time because many people use the same passwords across multiple accounts.
They can also stop imposter sites from phishing you. If someone tries to trick you into signing in to a fake site, your password manager will raise a red flag because it won’t automatically log you in.
How to choose a safe password manager
We’re often asked: Are browser password managers safe? Are free password managers safe? Are saved passwords in Chrome safe?
These are valid questions, because there is a range of programs on the market, from standalone software to built-in browser extensions. But not all password managers are created equal.
It’s important to choose a password manager from a reputable and trustworthy company with a proven track record in cybersecurity. They’ll have high-quality encryption, and an emergency recovery process in case you lose your master password.
Invest in ESET Smart Security Premium
ESET Smart Security Premium is the safest password manager tool and a sophisticated anti-virus software rolled into one. It stores and secures your passwords while identifying and responding to a range of cyber threats, from malware and ransomware to phishing scams.
ESET also offers a 30-day free trial, which you can sign up for on their site.