Take a moment to list all the digital accounts you've signed up for, and it's probably more than you realized: email, social media, banking, streaming services, cloud storage, music, gaming, and fitness...it adds up. But using the same login credentials for every service is a bad idea, and if you reuse passwords across accounts, let me summarize the simplest advice you should take away from this article: You shouldn't. But, of course, it's nearly impossible to remember as many unique usernames and secure passwords as you need for your various accounts. That's where password managers come in.
Password managers hide your various login credentials behind one main username and password so that logging into the password manager gives you access to everything else. It's a secure alternative to writing your passwords down or saving them in a spreadsheet, and more reliable than your memory. They can often store other data, too—think credit card numbers, PIN codes, and authenticator keys—and may also give you extra features like scanning data breaches for your credentials. If you've yet to switch to a password manager, consider this a sign to get started. It can be intimidating at first, but getting started may be easier than you think.
Some of the most important password manager features
Password managers are all slightly different, but you'll find many of the same features across brands. First and foremost, they store your passwords—often popping up inside web browsers and on phones whenever you need to log into an account—and provide you with your login credentials with one click or tap. As sign-in technologies have evolved, though, so have password managers. Many can now also help with two-factor authentication codes and passkeys for websites or apps that need more than just a username and password. At the same time, these password managers are secured with a main username and password you need to remember—and often with biometric authentication, too.
The best password managers work seamlessly across devices.
Credit: NordPass
Most password managers will also suggest strong passwords for new accounts: Passwords that mix up random special characters, letters, and numbers, so they're extremely difficult to hack. With a password manager, you don't actually need to know what your passwords are—the program handles everything. You'll often see password managers offer additional security features as well, ranging from notifying you of duplicate passwords, to dark web monitoring for your email addresses, usernames, or passwords. If your login details appear in a data breach, you get an alert about it, and you can change them.
How password managers secure your data
You might wonder how password managers make sure your passwords are securely and privately locked away. Details vary between software packages, but they'll invariably use end-to-end encryption, with your main password as the decryption key, meaning that means no one else—from hackers to password manager developers to government agencies—can access your details without that password. Additional security measures are often implemented as well. Take 1Password as an example: It uses PBKDF2 (Password-Based Key Derivation Function 2) key strengthening, which, in simple terms, means that passwords are obscure enough that it would take decades to crack. It also gives users a secret key, known only to them, that works as an extra security layer on top of your password.
A host of encryption and other security layers are applied to your password vault.
Credit: LastPass
In other words, you can't just use your pet's name as your password manager password. Extra security layers, including two-factor authentication and biometric scans, are often added too. Where your credentials need to be synced across multiple devices, strong encryption protocols are again deployed. Without your password, the data is useless, and only you know your password.
Most password managers now combine local and cloud storage options, because we all need our passwords on so many devices. However, it's worth bearing in mind that the fewer places you have your password manager installed, the less chance there is of someone else gaining access to it—so some users just keep their password manager on their phone.
Why you should use a password manager
Simply put, using a password manager is a whole lot more secure than other options, like listing them in a Google Doc. Say, for example, that you left your laptop unlocked and someone sat down at it. With a Google Doc, that person would be more likely to access your password document than they would a password manager where they would need extra security clearance.
Apple and Google have their own password manager options.
Credit: Lifehacker
The free offerings from Google and Apple have improved significantly in recent years, but they still don't quite offer the level of protection, breadth of features, and cross-platform support of the best dedicated password managers. One example: In the case of Google Password Manager, on-device encryption (meaning that you manage the decryption key locally, as with a password manager, rather than Google managing it) remains an optional extra that you have to enable, rather than enabled by default.
Given the protection and features that come with dedicated password managers, it's typically worth most people investing in one. Some software packages offer a free tier, but they may be limited in terms of the features you get and the number of devices you can use them on. You can expect to pay a few bucks per month for most apps, but you can also look for bundled deals that include VPNs and adblockers, for instance. Whatever brand or package you choose, though, you should begin using a password manager. You get a private password vault, a host of protections to keep it safe, and added features like data breach monitoring and strong password generators. Plus, the best password managers sync seamlessly across all of your devices, ready when you need them.