How do password managers work?
Reading Time: 5 minutes A few years ago, password managers were something obscure and mainly used by technologically savvy individuals, primarily those in the IT sector such as system administrators, programmers, and the like. Fortunately, those days are behind us. Many (IT) experts have openly started discussing the benefits of using password managers for the “average user,” and this topic is gaining traction in mainstream media. In the end, we’ve also dedicated countless articles to this topic, as well as to computer security in general.
Today, many web browsers have built-in this functionality in one way or another. The great thing is that people are becoming increasingly aware of this and starting to use them. In this text, we will look at what password managers are, how they store your passwords, and why you should use them, whether they are built-in browser managers or standalone applications.
The Problem with Secure Passwords
Almost every website, application, or service you use will require your password to meet certain criteria. Most often, it must include an uppercase letter, lowercase letters, a special character, a number, and so on. The intention is clear: they want to prevent people from using simple passwords. However, the final result is often counterintuitive.
Since such passwords are not easy to remember, people often “learn” one or two more complex passwords and then use them everywhere. And that’s a problem because if someone gains access to your password on Service A, they will likely try to use it to log in to Service B. There’s a good chance they’ll succeed. Most of us use the same passwords on Google, Facebook, Amazon, Netflix, Spotify, and so on.
How Password Managers Work
Password managers are here so that you don’t have to remember passwords for all the websites and applications you use. There are plenty of password managers on the market, and they all have some specific features. However, the way they function is almost the same for all of them.
Your passwords are stored in an “encrypted vault.” To access your passwords, you need to enter the “master” password. Some applications even have functionality where you need to load a specific file to unlock them.
Furthermore, most popular password manager apps come with very practical features. For example, when you create an account on a particular website, they will immediately offer to fill in the password field with a complex password.
This is an excellent way to have a different (and very complex) password for each website. When you visit the login page, and you have your login details saved in the password manager, it will automatically offer to retrieve the information for you. Or you can press a certain key combination, and the fields for the username and password will be filled in automatically.
So, you don’t have much to do, and each of your accounts has a unique combination of email and password.
Isn’t this the same as writing your password on a piece of paper?
At some point, you might wonder if this is the same as jotting down your password for a particular website on a piece of paper. It’s not the same. The main difference is that your passwords are stored in an “encrypted vault” that no one can access except the person who knows the “master” password. Hopefully, that’s just you.
Even if someone were to steal this “encrypted vault,” they wouldn’t be able to unlock it, and it would be meaningless to them. Some password managers even have the ability to obfuscate what you type, making it difficult for anyone who potentially planted a keylogger on your computer to steal your master password.
Additionally, many password managers automatically clear the clipboard where your password is located within 10-15 seconds after you enter it on the login page, so you won’t accidentally “paste” it somewhere else.
Built-in Password Managers in Web Browsers
Many modern web browsers have similar functionality built-in at the native level. However, the security of these built-in managers is highly questionable, at least in our opinion.
For example, if you use Firefox, you don’t need a master password to access the full list of saved passwords and usernames. This means that anyone with physical access to your computer could potentially access and copy all the stored data. Such incidents cannot happen if you use a proper dedicated password manager, and of course, if you use it correctly.
Of course, we’re not saying that these built-in password managers are entirely useless. They can be useful for some random accounts you rarely use and don’t care about if they get hacked or something similar. But you definitely don’t want to store the passwords for Gmail, Facebook, and similar services in this way, where someone could potentially harm you if they gain access to your account.
Conclusion
Now that you understand how password managers work, consider using one. Our recommendation is 1Password, but there are many other excellent options, such as Keeper, Dashlane, LastPass, Bitwarden, and more.
If you care about your user accounts, try using a password manager. Enter all your services you use, or at least the most frequently used ones, and you’ll see how you’re using the same password everywhere. Then, with the help of the password manager, generate new passwords and change them one by one. Use a different password for each service. After you’ve made all the changes, you’ll be much safer online, and you’ll sleep more soundly if a particular service gets hacked.
Plus, when you see how easy it is to “retrieve” a password from a password manager when logging in, you won’t worry anymore about your passwords being in the password manager. In fact, we believe you’ll install one on your mobile phone as well and elevate the protection of your passwords to a higher level.
ABOUT IVAN
Freelance Computer Technician and Creative WordPress Developer based in Germany, helping clients troubleshoot computer problems by remotely accessing their systems. I also create dynamic, responsive web designs that look great on all devices – from small to medium-size businesses.
