How secure is a password manager and are they secure? Password managers like LastPass are useful and mostly free to use. But are they safe? And how do they keep you safe? When it comes to password managers, the point of using one, paid or free, open source or proprietary, is to protect and manage your passwords. But while they offer great convenience when it comes to managing dozens of passwords, are password managers safe to use?
Why do you need a password manager?
Passwords are an essential part of using the Internet. Ten years ago you should have only remembered a handful of passwords. Now, the average user has about 100 passwords. You can't remember them all without having to repeat passwords or write them down.
A password manager is software that allows you to store and manage your passwords securely. Some simply keep a secure log, while others generate secure passwords and autofill your logins on applications and web pages.
Password managers have many benefits, but they primarily promote online convenience and security. Since most of your online data needs this form of encryption to protect it, those passwords need to be as strong as possible. Especially if they are your only line of defense and you don't use two-factor authentication (2FA) on most sites and apps.
How to Manage Passwords - The Best Way to Remember Them
How password managers keep your passwords safe
There are two types of password managers. Device-based password managers store your logins natively on your device. And web-based password managers store your passwords on corporate servers, allowing you to sync data across multiple devices.
With either option, the only way to access encrypted logins is to use the master password. But when it comes to web-based password managers, you need to look for a service that doesn't store unencrypted passwords on their servers.
For example, the LastPass password manager operates on a zero-knowledge policy and uses end-to-end encryption to protect your passwords. LastPass encrypts your password before they leave your device and is only decrypted locally on your device.
This ensures maximum privacy and security, where both malicious hackers and company employees have difficulty accessing your passwords.
Additionally, password managers make it easier than ever to comply with the most critical element of online security: changing passwords regularly. Since you don't have to remember all of your passwords yourself, you can sit down every three months or so and change them all methodically.
Are password manager apps secure?
The question of trust is the most important to ask if you intend to use a free password management service. After all, companies have to make money, and if it's not through the subscription fee, then it's through something else.
LastPass offers a free package, for example. Comes with unlimited passwords, auto save and fill, password generator, and 2FA. But is that too good to be true for a free option?
Of course, a free password manager account won't have the same benefits as a paid one. When it comes to LastPass, you need to consider server support and downtime.
Since your passwords are stored on LastPass corporate servers and not locally on your device, if their servers go down, you may temporarily lose access to your logins. Additionally, the free account only includes basic support features, which may make it more difficult to recover passwords in an emergency.
However, LastPass is one of the safest companies you can choose to manage your passwords. But security isn't the same as privacy. LastPass is owned by the company LogMeIn, which values the security of its users very much, but not so much their privacy.
But the same doesn't apply to your behavioral data. They log everything from users' IP addresses to the most used sites on LastPass, along with hardware specs, location, and even language settings. They share them with third party affiliates to perform user analytics and run personalized ads.
How to know if a password manager is safe
Similar to other apps and software, the security of a password manager is based on the company that owns it and how much it cares about the users. Before choosing a password manager, here are some questions you should ask yourself.
Can others see my passwords?
For privacy and security reasons, look for password managers who follow a zero-knowledge policy and use end-to-end encryption. This ensures that your data is only decrypted when you use it and not during storage and transfer.
Is the data stored locally or on corporate servers?
Some password managers only store passwords locally on your device. This not only makes syncing between devices cumbersome; it's up to you to keep them safe. However, you are less likely to be targeted than a password management company's servers.
Does it have a clean enough record?
Any tech company that has been around for a while is bound to suffer at least one security incident or data breach. Before signing up for a particular password manager, do a quick Google search of the company. Find out about their latest security incidents and vulnerabilities. If they are too frequent and severe, try another one.
Does it have two-factor authentication?
Password managers store all your passwords in one place. It is important to add a second line of defense along with the master password. 2FA technology is widely available, and most apps allow you to enable the option. If a password manager doesn't have 2FA, they may not be that serious about user data security.
How secure are password manager apps?
Password managers are safer than the alternative, but only you can decide if their security meets your standards. But it's safe to say that not all password managers are equally secure. They all prioritize different elements, be it price, convenience or safety. Make sure you also know what you want to prioritize.
- Chrome does not ask to save passwords - how to fix
- How to save passwords on your iPhone
- How to use a password manager
- How to find lost or forgotten passwords
- How to see passwords on android phone