Are password managers secure?
Passwords are important when it comes to privacy, online security, and protecting your data. Enter the password manager: a tool that stores one strong master password that gives you easy access to all of your accounts while helping to keep cybercriminals at bay.
Password management can be tricky. You might resort to using the same password over and over — or tweaking each password just a bit — so you don’t forget your passwords and get locked out of your accounts. You might go for something easy to remember. But that also makes it easier for cyberthieves to figure out.
Each password for every service should be unique, complex, and long. While there are potential drawbacks to any software, password managers offer encrypted solutions for creating and storing strong passwords that should help keep your data more secure.
What is a password manager?
A password manager, also called a password vault, is a software application that stores and organizes your usernames and passwords. Some password managers even have the capability to generate complex passwords unique to each of your online accounts.. A password manager also provides strong encryption. All you need to do is remember one master password to unlock them all.
Password managers offer a variety of services that may include:
- Site and password breach alerts
- Syncing across multiple devices
- Assistance changing old passwords automatically
- Auto-filled information on forms
- Encrypted file storage vaults for your financial and other sensitive data
- Industry-standard encryption
- Security questions and answers
- Two-factor authentication or multi-factor authentication
- Fingerprint and facial recognition
- Credit monitoring
- 24/7 customer service
Password managers have similar aims, but have functional differences in how they work. The big difference in password-manager approaches is in cloud-based vs. local storage. For instance, a web-based manager keeps your passwords encrypted in the cloud.
Others are built into your web browsers, such as Chrome, Safari, Firefox, and Edge, the default browser of all Windows 10 computers. Still others store your passwords locally in a file on your Mac or PC or mobile device, whether Android or Apple iOS.
Why are there password managers?
Just about every online service and app requires a password. You might have a common one you use — or a variation of a common password so you don't forget it.
The problem? Such passwords are likely weak and they probably won’t provide much protection against cybercriminals.
Instead, you need a complex, long, unique password composed of at least 12 characters that include uppercase and lowercase letters, numbers, and symbols. Plus, you need a different one for each program or account.
It's also important for those strings of letters, numbers, and symbols to be random. That helps keep cyberthieves from figuring them out based on information they might have on you — such as your birthdate or name of your pet.
Unless you want to keep going back to a notebook where you write down different passwords, it might be challenging to create and remember passwords that will help protect you.
Are password managers secure?
You might worry about trusting a program or app with your master password and other private information. Can't app makers be hacked, too?
The quick answer is “yes.” Password managers can be hacked. But while cybercriminals may get "in" it doesn't mean they will get your master password or other information. The information in your password manager is encrypted. And deciphering that encryption, which is usually industry-standard encryption like Advanced Encryption Standard (AES), is almost impossible.
Plus, most password managers do not store or have any access to your master password or the encrypted information in your password database.
Much of the security of your password manager depends on the strength and safety of your one master password. And for many password management systems, that master password is not stored on the same server as your encrypted information. This adds an additional layer of security.
Password manager pros
Password managers are a relatively new security innovation, and there are quite a few great things about them.
Pro: Ease of use
Most password managers are easy to use. They save you time because you no longer have to remember all of the passwords you need. You’ll only need to remember one master password that will unlock all of your passwords.
Another benefit? You’ll no longer be locked out of your accounts because you couldn’t remember one of your many passwords.
A password manager’s browser extension can also automatically fill in your user information and help create strong security questions and answers.
Pro: Strong, random password creation
Password managers generate, store, and keep track of a unique and different password for each of your online accounts. The passwords are often random sets of at least 12 characters that include numbers, uppercase and lowercase letters, and symbols.
If the password management system you select includes a password generator, it can help create logins that probably mean nothing to you, and that’s good. Cybercriminals would be unable to figure them out based on any information they have about you.
It’s unlikely you would remember them if you didn't write them down — or have a password manager remember them for you.
Pro: Strong encryption
Password managers provide strong encryption, which serves as a strong defense against cybercriminals. Many password managers are protected by strong encryption like AES, the industry-standard protection the U.S. government uses to protect its sensitive data.
Pro: Family sharing
Some password managers enable secure sharing of passwords with family members, which can be a bonus for helping to keep your family’s data safe and secure.
Password manager cons
Like most security solutions, there are potential drawbacks to password managers, depending on the software. Here are some cons:
Con: Putting all of your eggs in one basket
The metaphoric ‘elephant in the room’, of course, is the scenario where a hacker finds out your master password that unlocks all of your others. One way this could happen is if a hacker was able to install a keystroke-logger program on your computer or other connected device and recorded your master password. Your password manager vault and all of your accounts could then be compromised.
Con: Password manager breach
Another potential negative aspect of a password manager is if the password manager itself is breached. However, even if a breach occurs, the data in your password manager should be encrypted and stored elsewhere, and password managers do not retain your master password.
Con: Forgetting your master password
What happens if you forget your master password? Most password managers will lock you out of your vault. You'll have to reset every password yourself. So be sure to write down your master password and store it in a safe place.
One thing you will have to do when initially setting up your password manager is to remember and enter your current usernames and passwords for every site and account. After you’ve entered each username and password, your password manager will then remember that login information for you going forward.
Most password managers aren't free. For those that cost more, you're often paying for ease-of-use, breach alerts, priority customer service, automatic changing of old passwords, cool interfaces, and ease of syncing across multiple devices.
Does Norton offer a password manager?
If you're looking at different password managers, you might consider Norton Password Manager to help you create, store, and manage all your complex passwords, as well as credit card details and other sensitive data.
Norton stores all of this information in your own encrypted, cloud-based vault that only you can access. Whether it’s filling in forms or syncing devices, Norton offers easy-to-use solutions for making password management safer and more secure.
Help take back control of your online privacy.
With the Norton Privacy Manager app, it’s easy to be smart and secure about what information you share online.
Editorial note: Our articles provide educational information for you. Norton LifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.
Norton by Symantec is now Norton LifeLock. LifeLock™ identity theft protection is not available in all countries.
Copyright © 2019 Symantec Corporation. All rights reserved. Symantec, the Symantec logo, the Checkmark logo, Norton, Norton by Symantec, LifeLock and the LockMan logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the United States and other countries. App Store is a service mark of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution Licence. Other names may be trademarks of their respective owners.