How Do Password Managers Work?

How does a password manager store your data?

Instead of trying to manually keep track of all of your passwords, you can use a password manager to store them and keep them safe. In addition to being far more secure, password managers are also more convenient.

What Is a Password Manager?

A password manager is a software application which allows you to store, generate and manage all your passwords in one location. It can also store your sign-in URLs and online credentials such as usernames, credit card numbers, PIN numbers, and answers to your security questions.

Think of password managers like a virtual vault. When you start using one, you have to create a "master password" to use to log into your account whenever you need to access your stored passwords—or whenever you need to save or generate a new one. This should be the only password you have to remember.

How Does a Password Manager Work?

Password managers can work in different ways. They can be installed locally, accessed online via the web or used as a single sign-on.

Locally Installed Password Managers

Also known as desktop-based or offline password managers, locally installed password managers store and encrypt passwords on a specific machine or device, such as your computer or smartphone. Your data is stored in an encrypted file, which you'll be able to access via your master password through the password manager. The major downside to using a locally installed password manager is you'll lose all of your password manager data if you lose or break your device.

Web-Based Password Managers

Web-based password managers store your passwords on a server—also known as "the cloud." Unlike locally installed password managers, you can access and sync your data from different machines and devices as long as you have an internet connection, making it the most popular type of password manager. Your data is encrypted on your device before it hits the servers, so you know it's safe and secure. Like locally installed password managers, web-based ones are also accessed using a master password.

Single Sign-On (SSO) Password Managers

Single sign-on password managers allow you to use a single password for all web services and applications as a more secure and convenient alternative to using different credentials for each one. This type of password manager is used often in workplace settings so employees can easily access the sites and apps they need to perform their work while avoiding having to manage and share multiple passwords. SSO relies on passing tokens to the site or app to request authentication.

Are Password Managers Actually Safe?

Password managers are incredibly safe to use for storing your data. Many of the most popular ones use "zero knowledge" encryption, which prevents the provider of the password manager from being able to access your data despite it being stored in the password manager itself.

To ensure the greatest level of security, password managers use military-grade AES 256-bit encryption. Many also offer two-factor authentication as an added layer of security in case someone ever happened to discover your master password.

In order for a hacker to get into your password manager account, they would have to break through all three layers of security: the encrypted data, the master password and the security key. It would be extremely difficult, if not near impossible, for even the most skilled hacker to be able to crack all three.

Lastly, password managers help you generate strong passwords using varied combinations of uppercase and lowercase letters, numbers and characters. This ensures all of your passwords are unique and very difficult to guess.

Is It Worth Paying for a Password Manager?

Although both free and paid password managers use military-grade and zero knowledge encryption, the free ones typically lack certain features which bring added functionality and security—such as fingerprint or facial recognition to sign in. While those might sound like bells and whistles, the easier a password manager is to use, the more likely you'll use it.

Some paid password managers offer free options that are essentially limited versions of the paid versions. Many of them also offer free trials of the paid version so you can see exactly how the paid version differs from the free one.

So, is it worth paying for a premium password manager? That depends on who you ask, and what you want to get out of it. A free password manager could be all you need if you're just looking for a safe place to store your passwords, however it could be worth the upgrade if you want to take advantage of more advanced features and options.

FAQ
  • What are the best password managers?

    Some popular choices include LastPass, 1Password, Dashlane, and Keeper. Most major web browsers also include built-in password managers. Check out Lifewire's guides to using password managers in Microsoft Edge, Chrome, Firefox, and Ubuntu.

  • Are password managers bad?

    Generally, no. Password managers are a secure and convenient way to keep track of all of your logins. The biggest risk with using one is forgetting your master password. There's also the chance a hacker could get hold of your master password via a keylogger virus on your phone or computer. Many password managers have extra layers of security to combat this, though. Finally, there's the slim chance a cloud-based password manager's servers will crash, leaving you without your logins for some time.

Was this page helpful?