Even though it’s not surprising to hear the question “are password managers safe to use?”, the vast majority of cyber-security specialists agree that password managers are indeed the most secure way to protect your passwords.
How do password managers secure your passwords?
There are multiple ways that password managers secure your passwords – that’s why they are so safe to use. Even though they can be hacked, much like anything else, such a scenario is highly unlikely, provided you take the necessary precautions. It’s way easier for the attacker to use social engineering or phishing than to actually crack a strong password.
So, what makes password managers so secure?
First and foremost, password managers use encryption to protect your passwords. AES 256-bit is the industry standard that’s also used by the military because of its exceptional strength. It would take more than a lifetime to crack this cipher, so a brute-force attack has a near-zero chance of success.
Furthermore, password managers protect your data from themselves by using zero-knowledge architecture. It means that your passwords are encrypted before they leave your device. So when they end up on the company’s server, the provider has no tools to decipher them.
Most password managers will ask you to use a master password for accessing your vault. If it’s secure, you can be sure that the rest of your passwords are safe enough. Having said that, it’s recommended to also use two-factor authentication (2FA) to enhance your database safety. Using biometric authentication, such as fingerprint or face scan, is also a good idea.
Can password managers be trusted?
Good password managers are extremely difficult to compromise. The usage of AES-256 encryption, the “zero-knowledge” technique, and the possibility to use two-factor authentication make password managers a much safer and easier option than basically anything else available at the moment.
When it comes to safety, the most important thing from your side is the master password, as you have to create one in order to access all the other passwords.
So, make sure it is a strong one. For more tips, check out our guide on How to Develop Passphrases.
What if your password manager gets hacked?
In most cases, getting hacked won’t result in all your passwords falling into the wrong hands. However, even the most secure password manager may have a serious vulnerability that everyone overlooked.
Let’s start with the fact that your passwords are encrypted locally. Password managers have no way to decipher your data because they implement a zero-knowledge policy. So if a hacker breaks into your vault, he will see only encrypted information.
There’s a slim chance that the attacker could break into your physical device by stealing it, using malware, or logging keystrokes. Even then, he or she will need your master password. If you use biometric data, such as fingerprint or face ID, the chance of a successful attack becomes infinitesimally low.
If the attacker installs malware on your device, your best move is to reinstall the OS and change all passwords in your vault. Make sure to also turn on 2FA wherever you can. This way, you will notice when an unusual request comes to the authenticator app.
Bottom Line: Should you use a password manager?
Yes, you should use a password manager. It will allow you to keep track of your passwords without having to memorize them. Some password vaults can also generate and change passwords for you in one click, as well as securely store other types of data like credit card information. A password manager also makes sharing your data with family and friends safer. It’s a much better way than writing down your login details in an email or some unencrypted messenger.
Give us a call or contact us by email if you would like any additional information on how a password manager can work for you and your organization.
This is an excerpt from the article written by: Mindaugas Jancis, “Are password managers safe to use in 2022?” Cybernews October 2021