Skip to content Skip to footer navigation

How to get the most out of a password manager


Trying to remember a long list of passwords is a recipe for insanity. We explain the ins and outs of password managers.

logging into banking website on tablet

Never use the same password twice


Security experts say you should create different passwords for every single account and login, but keeping track of an ever-growing list of letters, numbers and symbols is difficult. That's where a password manager comes in. 

These programs help manage and safeguard your collection of login details, pin numbers, credit card details and so on. This sensitive information is protected from prying eyes in a digital vault with layers of encryption, and a master password that only you know.

Looking for the best password manager?

See our expert product reviews.

What are password managers?

Put simply, password managers are a password protected list of passwords. They're affordable, easy to use, and are the most effective means of keeping your login details safe, short of memorising every single password across your accounts. Who has the brain power for that?

Most, however, have many more features. They can:
  • automatically log you into websites, services, accounts and so on
  • assess the strength and quality of your passwords (weak, strong etc)
  • set up two-factor authentication (which adds a second step to the login process, such as an additional, one-time password that's sent to your smartphone via text message)
  • provide security reports such as repeated password notifications and information on unsafe websites
  • notify you when someone has successfully used, or attempted to use, your login details
  • generate new passwords
  • sync with your smartphone (see Passwords in your pocket).

The latter feature is particularly handy, as your password manager can create complex passwords full of letters, numbers and symbols that would take thousands of years to crack – and you don't need to memorise them. They're a far cry from the collection of birthdays you've probably been using. 

Some also let you add multiple users to a single account, so you can share pertinent passwords with your partner, kids, relatives and close friends.


 

LastPass is a popular password manager.

Why do I need a password manager?

It's important to have a different password for every account. If you use one or two and they are compromised, hackers can break into any website, service etc that you log into. Password managers keep track of your different details so you don't have to, and they do it securely.

Even if someone steals your computer or accesses your desktop remotely, they can't get into your digital vault without your master password. This makes managers much more secure than a word document hidden on your PC. The only equivalent is a handwritten list, locked in a safe and let's face it, that's just impractical.

Passwords in your pocket

Most password managers also include apps, so you can securely access your login details on the go. You don't need to worry if your phone goes walkabout either, as good apps provide the same level of protection as their software equivalents.

Many can also:

  • automatically log you into websites, services, accounts and so on
  • assess the strength and quality of your passwords (weak, strong etc)
  • generate passwords
  • notify you when someone has used or attempted to use your login details
  • synchronise with your PC so you don't have to re-enter password and login details.

Note that desktop and mobile versions of the software are not always identical for features and ease of use, so try out the software on both platforms before deciding which one you want to use.

Are password managers safe?

Once you enter your information, password managers use a multi-step system to protect your details.

Master password

When you create an account, you need to come up with a master password that unlocks your protected details. This is the only key to your vault, so you have to keep it secret and safe. The password manager will not store this information for security reasons.

But what happens if you forget your master password? Well, it's called a master password for a reason, and unless your memory returns, you're not getting into the vault. Very few have a password recovery feature, purely because that can be compromised.

However, some password managers have a feature that can allow a third party, such as a close relative or friend, to access your vault after a certain time. This is handy in the case of accident or death and allows your precious information to be passed on to a trusted person.

You can also use this to access the account of a relative that's deceased, or no longer able to support themselves (for example, due to dementia or a stroke). This level of access requires proof of relationship, such as a birth certificate, or approval from the second party.

Encryption

Even if a hacker managers to get into your vault, the data contained within is encrypted. This basically means that the software converts it to a series of random letters, numbers and symbols that are completely meaningless.

Your master password acts as the decryption key, which is why you can view everything in your vault. Once you log out, the content is encrypted again. Should someone get in, it can take them more than a lifetime to manually decrypt the contents of your vault, if they even know how.

Most password managers use AES-256 bit encryption, which is the security tool of choice for the FBI and other government agencies across the world. So basically, a good password manager can provide government-grade protection.

 


Automatic log-ins

Plugins that create a link between your vault and the website, program or app allow you to automatically log in. These plugins are created by the password manager software developer. However, they're entirely optional.

Storage

Your passwords will be stored in one of two places – locally or in the cloud.

Cloud storage pros

  • Instant backup
  • Little chance of losing data in your vault (especially if your hard drive fails)
  • Easy to sync info across devices

Cloud storage cons

  • Arguably less secure
  • Target for hackers
  • Risk of losing data if the company servers fail or shut down
  • Risk of losing data if the company shuts down
  • Potentially unable to access vault if internet is unavailable

Local storage pros

  • Potentially safer than storing data offsite (particularly if you keep the computer offline)
  • Accessible without internet connection
  • Lower risk of data loss (no dependence on company servers)
  • Less tempting for hackers (one user versus tens of thousands)

Local storage cons

  • No instant backup offsite
  • Chance of data loss if hard drive fails
  • Difficult to sync data across devices

What do password managers cost?

Most are sold as a subscription service. They cost between $US15 and $US50 per year. Some have family packages that charge less per user if you sign up in groups. Others can be bought outright. They typically start at $US60.

You can also find free alternatives that perform quite well. They are available under open source licensing (free and legal). Most paid and free programs are built on the same open source encryption tools. Odds are, the tools in paid programs are identical, or very similar to, the ones in free alternatives.

So why pay?
  • A subscription generally provides access to the cloud.
  • Outright payment for a lifetime license limits you to local storage, though there are some exceptions.
  • Both subscription and lifetime licenses provide access to ongoing support as long as the company is active.
  • Freebies are typically built and maintained by small teams of enthusiasts or online communities (not a bad thing if they're experienced with security and programming, but you may not get consistent product support if something goes awry, or access to cloud storage because servers cost money).

Pretty much all password managers include a free trial period however, so you don't need to risk laying down cash on a program that may not match your needs.

Are my existing passwords secure?

An understated benefit with this sort of software is the ability to quickly and easily generate new passwords for various online accounts. This should happen at least twice a year, but few of us are actually that vigilant. However, you can easily create new, highly secure passwords and save them in your vault with the click of a button when you buy a password manager.


 

An example of a password generator. This one is included with RoboForm.

People tend to underestimate how easy it is for hackers to crack passwords. For example, someone in the know could crack the following passwords almost instantly:

  • abcd
  • 1234
  • password
  • drowssap
  • starwars
  • qwerty
  • family
  • coffee
  • sandwich

Be honest, how many of these passwords do you use? How many do you use with four or five symbols, and which ones are inspired by popular culture or whatever's sitting on your desk? Thought so.

Random generators in password managers make for an easy fix to this problem. For example, you can throw a mix of symbols and numbers in there, and things get a little trickier for prying eyes.

  • +!password!+ =  around 18 years to crack
  • <+family?/{ = around 29 years to crack
  • ?+qw3r7y:{? = around 200 years to crack
Once you start using randomly generated passwords, you'll get results like this:
  • 4dhrE_gaB9pJ$ = about three million years to crack
  • sArRUZ88Yv\tN_jf9 = approximately four quadrillion years to crack

So, unless you're some sort of encryption genius, a walking random number/letter/symbol generator, or human supercomputer with the ability to permanently retain complicated chunks of data and information, it's time to get a password manager.

Looking for the best password manager?

See our expert product reviews.

Leave a comment

Display comments