Updated · May 19, 2022
How Do Password Managers Work
Updated · May 10, 2022
How good are you at remembering your passwords?
If you answered “Very”, that means you’re using one, max two passwords for all your accounts… which is definitely not good.
What you need is a password manager.
But, how do password managers work? And which one should you choose?
Here’s the deal.
What Is a Password Manager?
A password manager app houses all your passwords in a single, convenient location.
It requires the so-called master password - think of it as a key that unlocks a safe. It’s the only one you’ll have to remember.
In addition to storage, most programs offer to generate unique codes for you. That way, they can create a truly strong password for you.
Most password apps can also store other sensitive information. In short, you won’t need to memorize your usernames or email addresses.
Many managers offer another extra layer of protection by utilizing two-factor authentication. Basically, you have to input a one-time verification code when you want to access your account.
How Do Password Managers Work?
To answer that, we need to look at three major variations of the software.
Here they are:
Offline Password Managers
Offline password managers let you store all combinations on your computer. In short, this means people will need direct access to your device, in order to see your passwords. So, if security is your highest priority, this is the best thing to do.
Although that’s the more secure password manager option, it’s not really convenient. Especially when you want to access accounts from more than one device.
The easiest way to do it is to use something like a NextCloud server to sync passwords across devices.
This means all devices have to be online, and there’s a possibility of a third party accessing them. Also, if the device breaks and you don’t have a backup, you’re in for a ride.
Online Password Managers
Online password managers are a more convenient option, but they offer less security. They often rely on cloud storage.
The company that stores your data has access to your passwords. That, however, doesn’t mean anyone else does.
In fact, you can opt for an online password manager with a zero-knowledge architecture that ensures your data stays safe. Also, let’s not forget the two-factor authentication system which will inform you if your account is being accessed.
Online password managers can also be browser-based. Chrome, Firefox, and Safari have a built-in option that can keep your login credentials.
The downside is that they don’t come with advanced features and are less secure than cloud-based options.
It’s important to keep in mind that these managers have been designed to offer more convenience without much focus on protection.
External Password Managers
The next password app type offers a bit of both. You get to keep all your combinations locally but still use the program on multiple devices.
So, you don’t have to worry about not being able to access any of your accounts while on the go. If you have the program on your USB stick, all you have to do is insert it and load your passwords. Your flash drive acts as a synchronization tool.
In terms of security and encryption, storing your passwords externally is just as reliable as doing so on your PC.
This type is also more reliable than the offline programs that store data on your PC. That’s because even if something goes wrong, all your combinations will remain safe.
You can, however, lose your USB stick, external hard disk, or whatever device you choose to run your manager on.
What to Remember
The majority of password software has three main functions. These are:
- securely storing your passwords
- generating new ones for you
- popping them into the correct fields when logging into a website
Let’s talk more about each of them.
The whole point of using a password manager tool is to avoid worrying and enjoy convenience.
We’ll talk about security later, but password managers also encrypt your data and ensure no one can access your combinations.
Another thing these programs do is encourage users to use stronger combinations. Most of the apps can also generate options.
Here’s what we got when we used the Windows password manager:
A brute-force searching for a password like this would take about 53 years.
Replace just one character in one of these with a punctuation mark, and the number rises to about 110698 years. Uppercase letters also add an extra layer of security.
Another important thing to mention is how this tech works on mobile.
If you often browse the web using your mobile device, you can also get an Android or iOS password manager. Most major services have dedicated apps that are just as effective as their desktop counterparts.
The process is pretty much the same as on desktop devices, with some small differences.
For example, mobile apps usually let you access your data with either your master password or with a fingerprint/face ID scan. The latter usually isn't available on computers.
Also, they try to make accessing your combinations easier while browsing the web by adding a “passwords” button above your keyboard.
Which type should you choose?
There is no magic formula to help you decide which password storage app to use
If you’re uncomfortable with the provider keeping your passwords, you can store them locally. You will, however, have to memorize all your passcodes.
How Do Password Managers Encrypt Passwords?
When storing sensitive data such as your banking, email, and social media passwords, security has to be a priority.
So, are password managers safe?
Most of the time - yes.
This is because most programs use military-grade encryption to keep all data safe.
Cryptographic algorithms ensure that the only way you can retrieve your information from the manager is by unlocking the encryption.
Hackers can try using password crackers and similar tools but still won’t be able to get their hands on your data.
Here are the most common ones:
- Triple DES - As the name suggests, it encrypts thrice, which makes it slower. Its encryption is easier to crack, because it uses only a 56-bit key compared to the industry's standard of 256-bit keys. This increases the risk of data theft.
- AES - It works in 128-bit and 192-bit, and can be extended up to the 256-bit key length. It’s considered to be one of the best algorithms for encryption. The US National Institute of Standards and Technology relies on it.
- RSA - Another popular encryption algorithm that works on 1024-bit and can even extend up to 2048-bit key length. Slowest but also the strongest encryption type.
A good password vault manager app can also protect you from keystroke logging tools. They can scramble the input when entering the password and mask the real combination.
Some password manager software also clear your clipboard.
Password Managers Worth Your Attention
First things first.
There are both paid and free programs available. Obviously, the former offer more security and are overall a better choice. The latter usually come with some limitations.
To help you make your choice, we singled out three of the best password managers:
If you want free password management software, LastPass is a great option. It secures data using AES 256-bit encryption, and it has a zero-knowledge policy. Plus, there’s a multi-factor authentication system for some extra security. No other free password manager matches the protection LastPass offers.
This cross-platform password manager is available on Windows, macOS, Android, and iOS. It also has its own browser extensions.
There’s also a paid version which starts at $3. And while the free plan looks great, this one is even better. Premium users also have emergency access. You can add a trusted contact who can open your vault if necessary.
Paid users also get 1GB of secure cloud storage for document backups.
1Password is one of the best-paid options on the market. Besides the AES-256 encrypted vault, it offers a unique 128-bit key. It is stored locally and works with your password to authenticate your account.
The 1Password watchtower will tell you if your password is too weak and even if your credit cards are expiring.
It’s a great password manager for Windows, Mac, and mobile devices. You won’t find a browser extension, however.
1Password plans start at $2.99 for a one-person account, but there are also family, team, business, and enterprise plans. Although there’s no free version, you can check out the free 30-day trial.
Each plan also grants you at least 1GB for document storage.
Keeper is also among the top options.
Although the app is secure, it doesn’t offer AES encryption. Instead, it uses PBKDF2 with HMAC-SHA256 to reduce vulnerability and attacks. Its cloud security vault is hosted with Amazon web services, however, meaning your data is safe.
It’s another multi-platform password manager, and you can run it on Windows, Mac, Android, iOS, and as a browser extension.
The program is available for free, but this version is very limited. It only covers one mobile device per account. You can get the personal plan for $2.91. Family, business, and enterprise plans are also available at higher fees.
Keeper offers a free 30-day trial for premium deals. Also, there’s a 50% off for students.
Are password managers safe?
They are easily the best option to store passwords. If you’re counting solely on your memory, you’ll never create a strong enough password.
The apps can do that for you. They also offer superior protection.
Most of the top password managers offer plans for both individuals and businesses, so you can surely find a suitable option.
What are you waiting for? Jump on that bandwagon and enjoy safe browsing!
Is it safe to use a password manager?
Using a password manager is a safe way to keep track of your passwords and generate stronger ones. Some options even come with extra security features. If you don’t want anyone, even the provider, to be able to access your passwords, you can opt for an offline password manager.
How do password managers work across devices?
Online password managers can be used with PCs, mobile phones, and browsers. Some of them even let you access your account directly from the provider’s website.
Is it worth paying for a password manager?
Using a password manager is the best way to store passwords. Free plans mean no fees are involved, but you can get some extra features if you’re ready to go premium. For example, LastPass’ paid plan lets you assign a trusted contact who can access your account if necessary. So, if you want extra features, definitely go premium.
Dejan is a techie at heart who always dreamed of turning his fascination with gaming into a career. He finds working for TechJury a perfect opportunity to express his views of all kinds of different software. Being an avid reader, particularly of fantasy and sci-fi, Dejan pursued a degree in English Language and Literature. When not at his computer, he’s watching sports or playing tabletop games.
Latest from Author
Your email address will not be published.