Are Password Managers Safe? Micheal Goodwin March 10, 2018

Are Password Managers Safe?


I got a text from a friend last week. “My wife keeps changing our Netflix and other online passwords and doesn’t tell me so we get in a password change battle. What can I do?”

Well, I’m not a marriage counselor but I do know something that can help. There is a huge market of good password managers and most have family plans where people can have their own passwords and share others with select family members. A perfect solution for Hulu passwords and bank account login info. With one password or fingerprint authentication to your password manager, you can store all your other passwords and easily login to your web sites and services with a single touch.

But with so much access to your personal information stored in one place, users need to know, are password managers safe?

What is a Password Manager?

Let’s start with the basics of what is a password manager? A password manager is a web-based service, usually with a web page interface and a smart app, that allows users to store passwords for websites and services. In fact, most any “secret” you can type can be entered into a password manager such as credit card numbers, personal identification information, and health insurance info.

These passwords and secrets can be shared with others as needed. The password manager will become the central vault for your login information. This can allow you to make your passwords for each individual website and service VERY STRONG because you do not need to remember the individual passwords. Password managers can automatically generate these long, complex passwords for each of your individual services. This makes it easy to have distinct passwords for each online service so a password compromise at one will not jeopardize your login information for another.

Are Password Managers Safe?

So with all your credentials and secret information stored in one place, it begs the question of what if the password manager is breached?

There is no way to sugar coat this . . . it has happened. As recently as June 2017, password manager OneLogin was hacked and had customer encrypted information stolen. With so much information stored in one place, it seems an obvious target for concerted hacking attempts. And there are other instances of password managers susceptible to compromise including the biggest ones on the market.

With documented instances of breached password managers, how can I still recommend using them?

In spite of the risk of having all your password eggs in one basket, password managers do take extreme measures to protect information and the security enhancements. The reported incidents of password managers being breached is very low and the net effect of using the service is like having a personal team of cyber security experts guarding your passwords. And of course there is the convenience of having all your passwords in one place.

Remember password managers also promote better password behavior:

  • Generate strong passwords
  • Generate unique passwords for every online service
  • Apps may offer biometric login on smart phones
  • No writing down passwords
  • No storing passwords unencrypted

Password security at work and home is increasingly important with so many online accounts to manage. If keeping all your user accounts organized and secure with strong unique passwords is too big a challenge, consider using a password manager. And if your husband won’t stop changing the Amazon Prime password because he can’t remember your wedding anniversary date, a password manager may save everyone some grief.