What Are Password Managers, And Why Should You Use Them?

If we could determine by show of hands how many people forget their password, we’d get a lot of raised hands.

The number of persons who have experienced signing up on an application and subsequently forgetting their password, and having to resort to using the “forgot password” option to generate a new password to access the website or app content, not once but multiple times is a lot as a situation like this tend to reoccur continuously.

There are many reasons why we use passwords, the most obvious reason and most prevalent is privacy and security.

Safeguarding private information is important, given how often security breaches happen, and in this digital society where we perform almost everything online we need to ensure that our private and vulnerable data is as secure as possible to prevent identity theft, bank information theft amongst many other potential threats.

Knowing and recognizing the natural tendency of forgetfulness and the significance of constantly resetting passwords, having a password manager can help make life easier, offering a solution to enhanced security measures especially when it comes to password management.

Let’s discuss what password manager is about and explore ways and why it is useful.

Just as the term suggests, a password manager is designed to securely manage passwords. These software tools store, organize, and manage passwords from different online accounts.

Why do we need a password manager?

The need for a password manager comes from the necessity of having a strong password. These days, passwords have to be complex, and it has almost become unrealistic to remember.

There are not a lot of people who would be able to remember intricate passwords riddled with letters, numerals, and signs combined, just imagine having to access credentials across multiple platforms - imagine having to log into 20 accounts/websites.

Many people use the same password for multiple websites, which is not advised. Some websites suggest using new passwords when registering on them.

A study about how often people forget their passwords was conducted, and the results showed that 51% of users kept forgetting their passwords and opted for password managers.

How password managers work is that they store passwords in an encrypted database. Cloud-based password managers for instance don't handle encryption and decryption - this means that the vault or repository is encrypted at the client side and sent encrypted to the server.

This way even employees at the password manager company cannot have access to the details of their users.

All password managers have a master password, and two keys are derived from the master key. One is to produce a vault key and the other is for the authentication mechanism with the server to confirm authenticity.

However, during this period the server still doesn’t know what the master password is.

The server sends the encrypted vault or repository and the vault key will be used to decrypt it locally. Parcels (which could be a website's URL and login credentials you want to manage) are added or removed - the vault is encrypted once again and sent back to the server.

This process is quite complex and can vary depending on the password managers.

Having strong and secure passwords is crucial - in December 2023 alone there were 2,241,916,765 breaches reported globally imagine the number of breaches in an entire year.

A few reasons why you need strong and secure passwords include;

• Prevention of Identity Theft

Weak passwords are easier to access and this is why criminals can steal identity and impersonate people online.

• Prevention of Data Breeches

Data breaches are possible due to poor or weak passwords, among other vulnerabilities, hence the need for strong passwords.

Many websites suggest how to create strong passwords; examples may include using more than 12 characters, using uppercase and lowercase letters, and symbols. These are ways to reduce the risk of compromises.

• Prevention of Unpermitted Access

Having strong passwords makes it hard for criminals to access your private information. The stronger and more complex the password is, the more difficult it is to crack.

• Compliance

Regulatory bodies or government agencies require strong passwords as part of compliance standards and security policies. Companies and organizations must follow these security standards for securing clients' private information.

Password managers offer certain features that include, but are not limited to;

• Password Storage and Management: Password managers store login credentials in an encrypted database and manage passwords in various ways e.g. complex passwords can be generated and stored saving users the trouble of coming up with strong passwords.

• Password Generation: Strong passwords are generated automatically and randomly by the password manager. These passwords are usually long and complex ensuring that they are hard to crack.

• Auto fill and Auto Login: Password managers support auto fill and login features which automatically fill in your login credentials or log you into the website or web application.

• Password Sharing: Password managers can enable secure sharing of passwords between individuals. The passwords are shared in an encrypted format to ensure security and can be revoked anytime.

• Multi-Platform Support: Password managers work across multiple operating systems and devices e.g. windows, IOS, Android, web browsers, etc.

Benefits of Password Managers

• Convenience: The main purpose of password managers apart from security is convenience, users can access multiple websites or applications automatically without the need to memorize, write down passwords, or manually input passwords.

• Secure Sharing: Sharing passwords is convenient and password is not exposed to the receiver which also secures your private information.

• Auto-Fill and Auto Login features: These features which automatically fill in the password when you want to log on to a site you’re registered on or even better automatically log you in are so convenient that you don’t have to think too much about accessing the one hundred and one sites you’re registered on saving time and effort

• Security: Password managers are secure because they use encryption algorithms to encrypt passwords stored in the users' vaults. The risk of also reusing passwords or creating weak passwords is eliminated making it difficult for attackers to gain access to your credentials.

Limitations of Password Managers

• Compatibility Issues: Some password managers do not work on every device, and some work on specific browsers therefore it’s necessary to choose one that supports your needs.

• Cost: Some password managers may offer free versions but would require users to pay for ongoing usage or access to more advanced features and this fee may not be affordable for certain persons.

• Security Threat: Password managers are not exempted from security breaches, or vulnerabilities there have been cases where attacks have been attempted causing data breaches.

• Master Password Vulnerability: Master passwords are required to access the sites and passwords that are managed by the password manager. If the user loses the password, they may lose access to all credentials.

The master password must be complex and must be different from every other password. Also, 2FA (2-factor authentication) should be enabled to add a layer of security.

These password managers are great to consider for the following reasons;

NordPass:

• Easy to use
• Affordable pricing (premium or family options)
• Has a good reputation (has never been breached)
• Uses industry-leading encryption algorithm (XCHACHA20)
• Zero-Knowledge Architecture - only you have access to your information
• Has biometric and 2FA options for extra security
• Auto password generator feature
• Passphrase option (so users can easily remember their password)
• File sharing feature (encrypts your files)
• Autofill feature - this requires you to install NordPass browser extension
• Import - If you’d prefer to switch to NordPass you can import information from other managers like Keeper, Roboform, and TrueKey etc.

RoboForm:

• User-friendly
• 2FA for extra security
• Originated in 1999 and has never been branched
• Uses industry-standard encryption
• Handles encryption and Decryption of files locally - only you have access to your stored passwords.
• Has a security center to check for old and weak passwords.
• Secure file sharing
• Strong password generator
• Dark web monitoring
• Form -Fill features
• Requires yearly subscription (premium and family option), also has a free version with limited features.

Keeper:

• User-friendly
• No data breaches
• Uses industry-standard encryption
• Has its 2Fauthenticator that eliminates the need for third-party tools.
• Self-destruct feature - which allows users to automatically erase local passwords, vaults, and files.
• Strong password generator
• Password sharing features
• Autofill feature
• Password security audits
• Keeper’s breach watch dark web monitoring tool
• Payment is not as affordable (it has premium and family subscriptions as well as a free version)

1Password:

• Uses industry-standard encryption (AES 256-bit), a unique 34-symbol secret key, and 2FA
• Has an account recovery option if you lose access to your account.
• Large storage space
• Has a watch tower that monitors leaks or password compromise
• Secure file sharing
• Travel mode- users can choose which vaults are safe and unsafe for traveling
• Password generator and passkey feature
• Affordable pricing with options for individuals, families, teams, and businesses.
• Offers 14 days free trial.

Total Password:

• Data is encrypted and decrypted locally
• 2FAuthentification option
• Password generator
• Autofill options
• No file sharing

Other password managers that may be considered include Dashlane, Bitwarden, and LastPass.

The world is transitioning into a time where we may no longer have to come up with passwords or need to have them in memory. We see a lot of companies integrating face, and fingertip verification for apps and this may transition into websites sooner than we think.

However, while we are transitioning into a password less society, password managers can help us manage passwords, they can generate complex passwords randomly so that passwords cannot be figured out by an intruder.

Passwords are also stored securely and filled when we require them. This saves us the trouble of manually remembering or typing these passwords.

There are risks involved because, as we know, nothing is ever 100% secure, and we are taking a risk by relying on password managers to help manage our passwords. For example, LastPass was breached in 2023.

A software engineer’s corporate laptop was compromised, allowing the unauthorized threat actor to gain access to a cloud-based development environment and steal source code, technical information, and certain LastPass internal system secrets. No customer data or vault data was taken during this incident, as there is no customer or vault data in the development environment.

However, password managers have proved effective in securing their databases and ensuring that users' information is as secure as possible