2 min read

Are Password Managers Truly Safe?

Password managers have been all the rave lately. They’ve been advertised to help protect you from hackers and memory issues. You might’ve even heard of password managers through popular YouTuber’s sponsorships. It’s apparently a solution to store passwords with little effort on your end. Are they really safe though?

What is a password manager?

A password manager is literally as its name implies. Think of a store manager, but for passwords. It will guide you to help make the best choices and improve in terms of passwords. If there’s anything a manager hates, it is low performance. For passwords, performance grading will factor things like length and symbols used. If your password is only four characters long, your manager will tell you to make it longer. A longer password would then make it more difficult to hack via brute force. The manager will even suggest passwords by generating random passwords with the best practices in mind.

A manager doesn’t only help pick a password. Let’s imagine a scenario where you have two accounts and they use the same password. If someone were to crack account one’s password. They’d now be able to hack into account two using the same password. The problem is pretty apparent here. Re-using passwords is a terrible security practice. The manager would instruct you to use a new password for every account. It is known that 15 unique passwords with 20 characters each would be difficult to memorize. Thankfully, password managers will remember these for you. Even better, they store your passwords on the cloud so they can sync to all your devices with the manager. This in turns lets the manager auto-paste passwords, thus saving you the time from typing in 20 character passwords.

Should you let a manager store your passwords?

To be frank, storing your passwords on the cloud isn’t the smartest idea at all. You’re essentially putting all your passwords at the mercy of one. If someone were to somehow hack into your manager, they now have access to the usernames, emails, and passwords you’ve saved. Thankfully, the chances of this happening could be unlikely. Hopefully, you are smart and set an extremely difficult password to brute force. Additionally, most password managers request two-factor authentication upon signing in.

Password managers aren’t anti-viruses, so you’re still at danger from getting physically hacked. If someone gained virtual access to your computer with a remote access trojan, they can get into your password manager without your password. They could run a script to collect your manager’s login session, then use that login session as their own. The worst part is you’d never know until its too late. On that note, I extremely recommend you enable 2FA anywhere it is offered.

Should you use a password manager?

If you’re limiting a hacker to brute force, then sure, a password manager may suffice. It would be extremely difficult for the hacker to guess your password after all. If you’re truly paranoid because one of the passwords lead to very personal pictures which could end your career(Like a goat with human feet), I wouldn’t even put it up for a 0.00001% chance that you get hacked.

If you’re someone who has downloaded unofficial software like video game cheats or mods, I would say absolutely not. Who knows if you’ve got a virus and gave the hacker direct access to your computer. Like said, a physical hacker wouldn’t need your password manager’s password to get access.