How password managers work and why you should use one

Security experts agree on two essentials: update your passwords regularly and never reuse them. Frequent updates reduce the risk of long-term compromise, while unique passwords prevent a breach on one account from putting all your others at risk.

With so many accounts to manage these days, that’s a tall order. But a password manager can help keep you on top of your credentials and one step ahead of hackers with encrypted storage, auto-fill, and password generation features.

What is a password manager and what does it do?

A password manager is a digital vault that encrypts and stores your login credentials (usernames and passwords) so that only you can access them via a master password. Apart from secure storage, password management tools often come with bonus features, including password generation and password sharing.

While password managers can’t block every kind of hack, they significantly reduce your exposure to password attacks like credential stuffing, where hackers use stolen logins from one breach to break into accounts elsewhere.

Let’s take a closer look at what password managers do exactly.

Stores information securely

Password managers secure your saved login details with strong encryption, typically AES-256, which scrambles your credentials into unreadable data using a unique encryption key. With an almost limitless number of possible combinations, AES-256 encryption keys are practically impossible to break through brute force attacks, where hackers systematically try every combination until they find the right one.

Additionally, some password managers level up their storage security by offering two-factor authentication (2FA) and using “zero-knowledge” architecture. This means your data is encrypted on your device before it reaches your provider’s servers, so even they can’t see your passwords.

Generates passwords

Password managers often come with password generators that can help you choose strong passwords with random combinations of characters. These password suggestions make it a breeze to protect each account with a unique password.

Auto-fills logins

Password managers can auto-fill your credentials with a single click, sparing you the effort of typing or remembering every password. More importantly, they’re often designed to enter details only on safe sites, helping protect you from spoofed websites.

To enable password auto-filling, you usually need to enter your master password or biometrics once per session.

Syncs and shares passwords

While you should generally avoid sharing passwords, sometimes it’s unavoidable. If your kids are bugging you for the Netflix password or a co-worker needs access to files, a cloud-based password manager can let you share them securely without exposing them.

Many of these password managers let you grant access through the recipient’s own encrypted vault. The app then auto-fills the login details, giving them access to the account without ever seeing the actual password.

Sends password update reminders

Some password managers offer bonus features, such as reminders to update your passwords. These prompts help you reduce security risks by encouraging regular updates, often making it quick and easy to refresh your credentials with just a few clicks.

Dark web monitoring and data breach alerts

Depending on the password manager you choose, you may also get access to dark web monitoring and data breach alerts. These features generally work by scanning the dark web for lists of leaked passwords with your details. If a match is found, you’ll receive a notification, giving you a vital opportunity to change your passwords before cybercriminals have a chance to exploit them.

Should I use a password manager?

Yes, you should use a password manager. It’s one of the simplest ways to boost your security while keeping track of all your logins. Just make sure you set a strong master password — the key that protects your entire vault. If it’s easily guessed, all your accounts could be compromised in one fell swoop.

Here are the pros and cons of using various password managers:

Pros

• Store all passwords securely
• Generate strong passwords
• Autofill logins for convenience
• Sync across devices
• Make password sharing more secure
• Provide dark web monitoring and breach alerts
• Work with most browsers and devices

Cons

• A compromised master password exposes all your passwords
• Set-up can be time-consuming
• Not all websites support auto-fill
• Data may be lost if you forget your master password
• Some associated features cost money

Which type of password manager is right for me?

There are three primary types of password managers for individuals to use: cloud-based, browser, and desktop.

Cloud-based password manager

Cloud-based password managers are standalone apps that generate, store, and auto-fill passwords. Many are known for their strong encryption, cross-device syncing, and extra features like secure sharing and dark web monitoring.

The providers store passwords on cloud-based servers, so you can enter credentials on any browser. They’re ideal for users who emphasize security and convenience. Norton Password Manager is an example of a cloud-based password manager, and it uses zero-knowledge architecture as a bonus.

Browser password manager

Web browsers like Chrome, Firefox, Microsoft Edge, Opera, and Safari come with free, built-in password managers. These are easy to use, as they integrate seamlessly with the browser to make logging in faster.

However, one of the downsides is that your saved logins are tied to that specific browser, so you can’t automatically access them in a different browser. This may be fine for people who stick to one browser, but another drawback is that most browser-based password managers don’t offer zero-knowledge architecture.

Desktop password manager

A desktop password manager stores your encrypted credentials locally on your device. This can reduce exposure to cloud-based attacks, since your data isn’t stored online. However, if your device is lost or stolen, you could lose access to all your passwords unless you’ve set up a reliable backup.

Another downside is that your password won’t automatically sync across devices. You might find this inconvenient if you regularly use both a smartphone and a computer.

How to use a password manager

Getting started with a secure password manager is usually straightforward. For online services, you just choose the provider (whether it’s a browser or cloud-based option), create an account, and set up a master password.

How to set up Norton Password Manager on a computer

1. Download and install the Norton Password Manager extension.
2. Click Sign in, or Create an account if you don’t have a Norton account. Add your details and create a strong account password.
3. Start setting up your vault password by clicking Create. Enter your vault password twice and make sure you keep it somewhere safe — Norton can’t see your password or help you recover it. On the next screen, you’ll also be given the option to download a recovery key — click Download.
   
4. In the new window, choose Set as default or Remind me later.
   
5. Now you can import your passwords or manually add them. You can also add important addresses, notes, or payment card details to your vault.

How to set up Norton Password Manager on mobile

1. Download and install the Norton Password Manager app on your phone, then open it.
2. If you don’t have an existing Norton account, tap Create an account, and follow the instructions. Otherwise, tap Sign in and add your Norton credentials.
3. Type your Norton Password Manager password to access your online vault, then tap Open Vault.
4. To open your vault faster, you can set up a PIN. Tap Set up PIN code, choose a 4-digit code, and confirm it.

Manage and protect your passwords

Now that you know how password managers work, take the next step toward better online security with Norton 360 Deluxe. Whether you’re new to password managers or looking to upgrade from a basic solution, it comes with a password manager, along with other security and privacy tools.

Norton 360 Deluxe is known for its award-winning antivirus, but you’ll also benefit from its new AI-powered scam detection. Blocking millions of cyberthreats every day, you can trust Norton to help keep you safe online.

FAQs

Is it worth paying for a password manager?

It could be worth paying for a password manager if you want advanced features or unlimited device syncing. However, free options are often enough for those who want secure password storage for a limited number of devices on a single account.

Is Norton Password Manager safe?

Yes, Norton Password Manager is considered highly secure and safe to use. It uses industry-standard AES-256 encryption and incorporates advanced privacy features like zero-knowledge architecture for added protection.

Is Google Password Manager safe?

Google Password Manager is a convenient and generally secure option, especially for those already using the Google ecosystem and who have two-step authentication set up. However, unlike some dedicated password managers, Google doesn’t provide as much publicly available detail about its encryption approach, and it doesn’t use zero-knowledge architecture.

Can password managers be hacked?

Yes, password managers can be hacked. In 2022, for example, LastPass suffered a breach that led to millions in user losses. That said, such incidents are extremely rare, and most password managers remain a far safer option than reusing weak or repeated passwords.