Some argue that using password managers creates a single point of failure. Technically, this is true: if someone gains access to your password manager, they can access almost everything in it, and the only thing that can stop them is multifactor authentication. However, we believe this viewpoint is misguided. Using a good password manager is significantly safer than any other alternative.
Best Practices for Passwords
- Have good, strong passwords (long and complex).
- Keep them nowhere but in your head (memorable).
- Use a different password on every site or service (unique).
While ideal, these requirements are impractical without a password manager. Breaking these rules will result in compromised security. Without a password manager, you’ll compromise your security by:
- Choosing less secure, easy-to-remember passwords (short and/or not complex).
- Using the same password at multiple sites (not unique).
- Saving passwords using insecure technology, such as paper notebook (not memorable).
Any of these actions can significantly compromise your security.
With a Password Manager
Password managers make best practices easy by allowing you to:
- Generate and use secure, complex, and long passwords.
- Avoid the need to remember passwords yourself.
- Use different passwords on different sites.
Most people don’t follow these practices without a tool to help them. Password managers are specifically designed to securely manage this.
Additional Features
In addition, popular password managers include features such as
- Synchronizing information across multiple devices.
- Compatibility with mobile devices.
- Automatic filling of passwords and common web forms.
- Secure storage of various types of information.
They provide more security than almost all alternatives.
If You’re Compromised, You’re Compromised
It’s true that if your computer is compromised, all bets are off. Malware could access whatever is stored on your computer, including your password manager when logged in. However, this risk exists regardless of whether you use a password manager. Avoiding a password manager doesn’t increase your security.
And if somebody has physical access to your computer, your safety depends on their intentions. It doesn’t take long to break most passwords for people who know what they are doing, but there are several security measures you can take to prevent that from happening.
What We Recommend
To keep your passwords even safer, this is what we recommend:
- Log out automatically after a certain time, or when the computer restarts. This helps if your device is stolen or accessed without permission.
- Keep master password secure and complex. After all, it’s the only password you’ll need to remember! We also recommend memorizing your email password just in case.
- Protect your password manager with multifactor authentication.
- Regularly back up the password vault. Yes, you can print all your passwords and keep it in a safe place.
Conclusion
Absolute security doesn’t exist, but password managers are the safest way to keep a record of your online account information. While nothing is foolproof, we are satisfied with the risks and trade-offs. Your safety depends on the master password you use to access the password manager, and your own common sense and ability to use your computer safely.
Good security demands unique and strong passwords for every site or service, ideally kept only in your head. Without a password manager, you’re likely to compromise your security. Perfect security doesn’t exist, but using a password manager ensures you’re as secure as possible without trade-offs.