Should You Use a Password Manager?

Young couple researching how to diversify investments on a tablet

Our online life is ruled by passwords, and remembering each of them can be a high-tech hassle. This causes many to use the same password for multiple accounts—something 66% of respondents to a survey by Harris Poll and Google admitted to. Fortunately, a tool called a password manager can create and keep track of unique passwords, which can help you avoid identity theft and other forms of online fraud. Think of a password manager as both a warehouse for your passwords and a security guard for your personal data.

As with any technology, password managers aren't perfect. You'll come across pros and cons with every service, but a password manager could be just what you need to stay safe online. Come along as we give you the lowdown on what a password manager is, the advantages and disadvantages of using one, whether they're safe and what the top password managers are. We'll also explain some other ways to protect your information online.

What Is a Password Manager?

Password managers—used by fewer than 15% of Americans as of 2019, according to the Google poll—store your login information, such as usernames and passwords. Throughout the course of a day, you might access email accounts, social media accounts, e-commerce sites and other online destinations. Since each site you have an account with typically has its own login requirements, you could easily find yourself using dozens of usernames and passwords every day.

You can download a password manager app or install a browser plugin that'll automatically enter your login information when you go to sign into a website. To unlock the "vault" containing all of your passwords, you'll use one "master" password. Some password managers even generate individual passwords for the sites you visit.

Because your passwords are securely stored, password managers make it easier to maintain secure, unique passwords. For instance, instead of using a simple, easy-to-remember password for all your accounts, you can use your password manager to store complex passwords (like Gn$3kj$g34s) that are unique to your every account. Not only will those passwords be much harder to guess, their uniqueness is an additional security measure. When you reuse passwords, every account that uses the same password becomes vulnerable if one account is compromised.

Some password managers are free, but more feature-rich services tend to charge a monthly subscription fee.

What Are the Pros and Cons of a Password Manager?

A password manager can help you achieve online security, but they do come with some drawbacks. Here are some of the pros and cons of using a password manager.

Pros

  • Passwords are remembered for you. A password-protected vault of passwords simplifies access to websites that require logins. Memorizing one master password is easier than memorizing a few passwords or, worse yet, dozens of passwords. According to the Google survey, 36% of people surveyed said they keep track of their passwords by writing them on a piece of paper.
  • Passwords can be unique and complex. If your password manager automatically generates a hard-to-guess password for each site you visit, it can prevent you from repeatedly using simple-to-guess passwords. The most commonly used passwords are easy to figure out: 123456, Password and abc123. A secure password, however, will feature at least 12 random characters, including numbers, uppercase letters, lowercase letters and symbols.
  • Passwords are encrypted. Password managers protect the data they store through what's known as encryption. This process scrambles data so that it's tougher for hackers, cybercrooks and others to access your personal information, such as Social Security numbers and credit card numbers. Compared with storing your passwords on a piece of paper in your desk or in a digital file stored on your laptop, encryption with a password manager is akin to locking passwords up in a bank vault.

Cons

  • There's still some vulnerability to consider. If a hacker or someone else somehow learns the master password for your password manager, the master password and all of the other passwords stored there could be stolen.
  • You might forget your master password. Many of us forget passwords from time to time. But what happens if you forget the all-important master password? Typically, you'll be locked out of the password manager's database. There are ways to get back in, but the worst-case scenario is that you'll then be forced to reset the password for every account included in your "vault." To avoid this nightmare, make sure you commit your password to memory. You could even write down your password and keep it in a real-world safety deposit box.
  • Setup and use could be difficult. Setting up a password manager can be tedious. You may be able to import passwords stored in your browser or elsewhere to populate the database, but you might have to do much of it manually by entering the username and password for every account you want in the password manager. Using a password manager can also be hit and miss, as autofill features might not work well with every website and you may have to type in complex passwords manually, which isn't fun.

Are Password Managers Really Safe?

Online security experts generally recommend a password manager as the best method for keeping all of your passwords safe. While password managers defend against unwelcome visitors by encrypting data, they may themselves be vulnerable to cyberintruders. When you use a password manager, you'll need to have some faith that the company behind the technology isn't cutting any corners with the security of your data. Even with these risks in mind, password managers are still a smart alternative to juggling dozens of passwords in your head or writing them on sticky notes.

What Are the Top Password Managers?

If you're committed to using a password manager, how do you decide which one to pick? Here are five highly rated options that might be right for you. Most of the services below come with basic free versions and subscription versions that have more features, but the free versions are good enough for most users.

  • Bitwarden: Bitwarden offers three password manager plans: a free basic version, a $10-a-year premium version and a $40-a-year family version. The free version is limited to one user, and includes the ability to sync all of your devices with Bitwarden and to generate secure passwords.
  • Dashlane: Dashlane offers three password manager plans: a free version, a $59.99-a-year premium version and an $89.99-a-year family version. Highlights of the free version include the ability to store as many as 50 passwords (limited to one device) and the availability of personalized security alerts.
  • NordPass: NordPass offers three password manager plans: a free version, a $29.88-a-year premium version and a $47.88-a-year family version. The free version syncs across all devices and saves unlimited passwords.
  • 1Password: 1Password offers two password manager plans: a $35.88-a-year basic version and a $59.88-a-year family version. Highlights of the basic version include unlimited devices and unlimited passwords. 1Password does not have a free version, but offers a 14-day free trial.
  • LastPass: LastPass offers three password manager plans: a free version, a $36-a-year premium version and a $48-a-year family version. The free version is limited to one user and one device type (desktop or mobile), includes access to a password generator and the ability to share passwords with family and friends.

How Else Can I Protect My Information Online?

Aside from protecting your passwords, what else can you do to safeguard your information online? Here are five tips.

  1. Don't share too much personal information online. Even simple things like your birthdate and hometown could lead to identity theft and other problems in the wrong hands.
  2. Be careful with Wi-Fi. Free Wi-Fi provided in public places like airports and coffee shops may be less secure than your Wi-Fi network at home.
  3. Treat links and attachments with caution. If you receive emails or text messages with links or attachments from unfamiliar sources, it may be an attempt to trick you into sharing personal data like credit card and Social Security numbers.
  4. Install security software. Technology like anti-malware and anti-virus software can stop hackers, cyberthieves and others from snooping around in your computer.
  5. Keep an eye out. Services like Experian's dark web scan can help you find out whether your information has been compromised. Identity theft protection from Experian can also help you keep your personal information safe.
  6. Use two-factor authentication. This is the security feature that sends a text message or email with a code or link you'll use to verify your identity. It may be a mild inconvenience, but using it whenever possible can put a stop to a hacker getting into your account.

Protecting your personal information online can involve many strategies and requires a careful eye to spot threats. Using a password manager won't cover every aspect of your online and financial life, but it'll help you take care of one very important part of it.