Are password managers secure?

Passwords are important when it comes to privacy, online security, and protecting your data. Enter the password manager: a tool that stores one strong master password that gives you easy access to all of your accounts while helping to keep cybercriminals at bay.

Password management can be tricky. You might resort to using the same password over and over — or tweaking each password just a bit — so you don’t forget your passwords and get locked out of your accounts. You might go for something easy to remember. But that also makes it easier for cyberthieves to figure out.

Each password for every service should be unique, complex, and long. While there are potential drawbacks to any software, password managers offer encrypted solutions for creating and storing strong passwords that should help keep your data more secure.

What is a password manager?

A password manager, also called a password vault, is a software application that stores and organizes your usernames and passwords. Some password managers even have the capability to generate complex passwords unique to each of your online accounts.. A password manager also provides strong encryption. All you need to do is remember one master password to unlock them all.

Password managers offer a variety of services that may include:

• Site and password breach alerts
• Syncing across multiple devices
• Family-sharing
• Assistance changing old passwords automatically
• Auto-filled information on forms
• Encrypted file storage vaults for your financial and other sensitive data
• Industry-standard encryption
• Security questions and answers
• Two-factor authentication or multi-factor authentication
• Fingerprint and facial recognition
• Credit monitoring
• 24/7 customer service

Password managers have similar aims, but have functional differences in how they work. The big difference in password-manager approaches is in cloud-based vs. local storage. For instance, a web-based manager keeps your passwords encrypted in the cloud.

Others are built into your web browsers, such as Chrome, Safari, Firefox, and Edge, the default browser of all Windows 10 computers. Still others store your passwords locally in a file on your Mac or PC or mobile device, whether Android or Apple iOS.

Why are there password managers?

Just about every online service and app requires a password. You might have a common one you use — or a variation of a common password so you don't forget it.

The problem? Such passwords are likely weak and they probably won’t provide much protection against cybercriminals.

Instead, you need a complex, long, unique password composed of at least 12 characters that include uppercase and lowercase letters, numbers, and symbols. Plus, you need a different one for each program or account.

It's also important for those strings of letters, numbers, and symbols to be random. That helps keep cyberthieves from figuring them out based on information they might have on you — such as your birthdate or name of your pet.

Unless you want to keep going back to a notebook where you write down different passwords, it might be challenging to create and remember passwords that will help protect you.

Are password managers secure?

You might worry about trusting a program or app with your master password and other private information. Can't app makers be hacked, too?

The quick answer is “yes.” Password managers can be hacked. But while cybercriminals may get "in" it doesn't mean they will get your master password or other information. The information in your password manager is encrypted. And deciphering that encryption, which is usually industry-standard encryption like Advanced Encryption Standard (AES), is almost impossible.

Plus, most password managers do not store or have any access to your master password or the encrypted information in your password database.

Much of the security of your password manager depends on the strength and safety of your one master password. And for many password management systems, that master password is not stored on the same server as your encrypted information. This adds an additional layer of security.

Password manager pros

Password managers are a relatively new security innovation, and there are quite a few great things about them.

Pro: Ease of use

Most password managers are easy to use. They save you time because you no longer have to remember all of the passwords you need. You’ll only need to remember one master password that will unlock all of your passwords.

Another benefit? You’ll no longer be locked out of your accounts because you couldn’t remember one of your many passwords.

A password manager’s browser extension can also automatically fill in your user information and help create strong security questions and answers.

Pro: Strong, random password creation

Password managers generate, store, and keep track of a unique and different password for each of your online accounts. The passwords are often random sets of at least 12 characters that include numbers, uppercase and lowercase letters, and symbols.

If the password management system you select includes a password generator, it can help create logins that probably mean nothing to you, and that’s good. Cybercriminals would be unable to figure them out based on any information they have about you.

It’s unlikely you would remember them if you didn't write them down — or have a password manager remember them for you.

Pro: Strong encryption

Password managers provide strong encryption, which serves as a strong defense against cybercriminals. Many password managers are protected by strong encryption like AES, the industry-standard protection the U.S. government uses to protect its sensitive data.

Pro: Family sharing

Some password managers enable secure sharing of passwords with family members, which can be a bonus for helping to keep your family’s data safe and secure.

Password manager cons

Like most security solutions, there are potential drawbacks to password managers, depending on the software. Here are some cons:

Con: Putting all of your eggs in one basket

The metaphoric ‘elephant in the room’, of course, is the scenario where a hacker finds out your master password that unlocks all of your others. One way this could happen is if a hacker was able to install a keystroke-logger program on your computer or other connected device and recorded your master password. Your password manager vault and all of your accounts could then be compromised.

Con: Password manager breach

Another potential negative aspect of a password manager is if the password manager itself is breached. However, even if a breach occurs, the data in your password manager should be encrypted and stored elsewhere, and password managers do not retain your master password.

Con: Forgetting your master password

What happens if you forget your master password? Most password managers will lock you out of your vault. You'll have to reset every password yourself. So be sure to write down your master password and store it in a safe place.

Con: Setup

One thing you will have to do when initially setting up your password manager is to remember and enter your current usernames and passwords for every site and account. After you’ve entered each username and password, your password manager will then remember that login information for you going forward.

Con: Cost

Most password managers aren't free. For those that cost more, you're often paying for ease-of-use, breach alerts, priority customer service, automatic changing of old passwords, cool interfaces, and ease of syncing across multiple devices.

Does Norton offer a password manager?

If you're looking at different password managers, you might consider Norton Password Manager to help you create, store, and manage all your complex passwords, as well as credit card details and other sensitive data.

Norton stores all of this information in your own encrypted, cloud-based vault that only you can access. Whether it’s filling in forms or syncing devices, Norton offers easy-to-use solutions for making password management safer and more secure.