© 2022 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Are password managers safe to use in 2022?

39

Even though it’s not surprising to hear the question “are password managers safe to use?”, the vast majority of cyber-security specialists agree that password managers are indeed the most secure way to protect your passwords.

However, despite the reliability of the PMs, the industry as a whole always takes a hit after media covers the latest vulnerability or security breach. Therefore, we will look at password managers without fear-mongering and also without idolizing them.

We will address all the important questions. How do password managers secure your passwords? What are the risks of using a password manager? And finally, should you use a password manager at all? Read on to learn more.

  1. Keeper – Most feature-rich security tool
  2. NordPass – Super secure and easy to use
  3. RoboForm – Time-tested security features

📢 LIMITED OFFER: Get 40% OFF Keeper Unlimited and Family plans!

How do password managers secure your passwords?

There are multiple ways that password managers secure your passwords – starting all the way with secure encryption. AES 256-bit is the military-standard, and cracking passwords would take more than a lifetime.

The zero-knowledge architecture used by the top password managers encrypts passwords before they leave your device. When they’re on a server, even the provider has no way to decipher them. Some password managers will remind you to change passwords regularly and evaluate their strength. Others will scan the dark web to check if any of your logins appeared online.

The only password you’ll need to remember on your password manager is the master password – as long as it’s secure, there’s no way for anyone to access it. If you choose a memorable, yet completely unique password and combine it with two-factor authentication (2FA), you should be safe. Using biometric authentication, such as fingerprint or face scan, is also a good idea.

In our tests, one provider stood above the rest, offering all of these features in one simple package.

Most secure password manager
Keeper is a fantastic all-in-one solution with excellent security features. It offers a variety of authentication methods, generates reliable passwords and encrypts them with military-grade encryption.
cybernews® score
4.8 /5

What are the risks of using a password manager?

There's no way to stay 100% safe online. Even if you use a reliable password manager, there are certain risks that you should know about:

  1. All sensitive data in one place. You've probably heard about keeping your eggs in one basket. That's exactly what you'll be doing with a password manager. That basket will likely include credit card details and secure notes too. In case of a breach, blocking all payment options and changing passwords for all accounts might take enough time for the attacker to do damage.
  2. Backup is not always possible. If the server breaks down, your only hope is that your provider has made a backup copy. This risk increases multi-fold if you decide to keep your vault offline on one of your devices. Naturally, keeping your own backup on an unprotected disk drive or poorly protected cloud service won't help either.
  3. Not all devices are secure enough. Hackers exploit the same vulnerability to get all of your logins in one attack. Password managers can be hacked if your device is infected with malware. In this case, typing the master password will get it recorded, and cybercriminals will gain full access to the data stored. That’s why password manager users should invest in securing all of their devices first to reduce the risks.
  4. Not using biometric authentication. Biometric authentication is a great way to add another level of security. If you configure your password manager to request either a fingerprint or face scan, the chances of someone hacking into your vault become as slim as Shady. It's also much easier for you to touch the fingerprint scanner than to enter a master password.
  5. Bad password manager. If it has weaker encryption, offers few features, and has poor reviews, you shouldn’t use it. When it comes to securing your vault, saving a few bucks a month shouldn’t be your main priority.
  6. Forgetting your master password. Are you the only person who knew it, and your password manager doesn’t have a reset feature? In this case, you may already start recovering each login one-by-one. Alternatively, you may want to store your master password (or a hint) in some physically secure place, such as a safe.

As you can see, some of the risks stem from the password managers themselves, but others exist solely because of users' behavior. If we don't count the latter, we can see that there aren't that many risks of using a password manager.

forgetting your password

Can password managers be trusted?

Despite all the concerns listed above, good password managers are extremely difficult to compromise. The usage of AES-256 encryption, the “zero-knowledge” technique, and the possibility to use two-factor authentication make password managers a much safer and easier option than basically anything else available at the moment.

When it comes to safety, the most important thing from your side is the master password, as you have to create one in order to access all the other passwords.

So, make sure it is a strong one. It has to be at least 12 characters long, contain various symbols, and be impossible to guess. For more tips, check out our guide on how to create a strong password.

Which password manager type is the most secure?

Those familiar with password managers probably know about the three types. Each comes with its set of pros and cons, including nuances in security. Let's discuss all types one by one and find which is the most secure.

View the best password managers

Browser-based password managers

SecuritySafe
ExamplesBuilt-in browser password managers (Chrome, Firefox, Safari)

If we boil down safety to encryption and two-factor authentication, browser-based password managers are pretty safe. However, the more closely you look, the less secure browser password managers appear.

For starters, browser-based password managers work on one particular browser. If you decide to move from Safari to Chrome or Firefox, you might have trouble with export and import. Furthermore, there's no way you could synchronize your vault on different browsers. All this often leads to storing your passwords in an insecure location.

Secondly, not all browser-based password managers have a password generator. Without one, you will have to create them manually.

Lastly, browser password managers can't detect weak or reused passwords. Want to know if your logins aren't available on the dark web? You will have to check that manually on a separate tool.

Pro tip

Browser password managers can't detect weak or reused passwords. Want to know if your logins aren't available on the dark web? You will have to check that manually on a separate tool.

Try Keeper

Cloud-based password managers

SecurityHigh
ExamplesZoho Vault, LastPass

When compared to the browser-based ones, cloud-based password managers are safer, as they have more features that enhance security.

To begin with, most cloud-based password managers provide a backup for your vault. In case something happens to the server, you can recover a recent version of your database.

Furthermore, cloud-based password managers allow you to store not only passwords but also secure notes and credit card details. This way you can protect all sensitive information.

Additionally, cloud-based password managers detect reused and weak passwords, generate strong ones, and check if your accounts haven't leaked. They also let you share your vault entries easily, even with those who don't use the same service.

Finally, cloud-based password managers will work on multiple browsers and operating systems. It means that you won't have to think about how to copy and paste something from your database securely.

Desktop-based password managers

SecurityHighest
ExamplesBitwarden, KeePass, 1Password, Dashlane

You may have noticed an asterisk beside the security score. That's because desktop-based password managers can be the safest, but that depends solely on the user.

These password managers store your data locally, on one of your devices. That device doesn't have to be connected to the internet, so there might be nearly zero chances of hacking into it. The most likely (and still highly unlikely) scenario is you inadvertently installing a keylogger and typing in your master password. However, this can be avoided by using biometric authentication.

Obviously, such a setup has its cons, which stem from the desktop-based password manager's very nature. For starters, you'll have to take care of regular backups. If your device breaks down irreparably, you can kiss your vault goodbye. What's more, you won't be able to access your passwords from other devices, and sharing them won't be easy either.

What if your password manager gets hacked?

In most cases, getting hacked won't result in all your passwords falling into the wrong hands. However, even the most secure password manager may have a serious vulnerability that everyone overlooked.

Let's start with the fact that your passwords are encrypted locally. Password managers have no way to decipher your data because they implement a zero-knowledge policy. So if a hacker breaks into your vault, he will see only encrypted information.

password cracking screenshot

There's a slim chance that the attacker could break into your physical device by stealing it, using malware, or logging keystrokes. Even then, he or she will need your master password. If you use biometric data, such as fingerprint or face ID, the chance of a successful attack becomes infinitesimally low.

If the attacker installs malware on your device, your best move is to reinstall the OS and change all passwords in your vault. Make sure to also turn on 2FA wherever you can. This way, you will notice when an unusual request comes to the authenticator app.

Password manager hacks

The list of notable password manager hacks is quite short. Otherwise, they wouldn't have the reputation they have today. That's why I'll be also adding reported vulnerabilities that might not have resulted in any damage.

  • In 2015, LastPass detected an intrusion to its servers. Hackers took users' email addresses and password reminders, among other info. This resulted in no known damages because even if you used a weak master password and the attackers cracked it, they would still need to verify the access by email.
  • In 2016, plenty of security vulnerabilities were reported by white-hat hackers and security experts. Among the affected password managers were LastPass, Dashlane, 1Password, and Keeper. In most cases, the attacker would still have to use phishing to trick the user into revealing some data.
  • In 2017, LastPass reported a serious vulnerability in its browser add-ons and asked subscribers to refrain from using it. It was fixed in less than 24 hours. Keeper and OneLogin also had issues that didn't result in casualties.
  • In 2019, serious vulnerabilities were found in the code of Dashlane, LastPass, 1Password, and KeePass. This applied to Windows 10 users and only if the right malware was installed. Once again, the users didn't suffer any reported casualties.

As you can see, none of these password manager hacks were that serious. Sure, vulnerabilities were exposed, but they were also fixed in a timely manner. And in most cases, the attacker would have to either get some more data from the user or overtake their device completely before accessing the vault. As a result, none of the issues mentioned above hurt the reputation of password managers.

Are premium password managers safe?

Most premium password managers are way safer than the majority of the free ones. The latter ones are often buggy, developed by shady companies, and sometimes even include malware. Despite that, there are quality free password managers that are as safe as the paid services. In fact, the former often include a free version. Therefore, it's a good idea to compare them and see what's lacking.

Usually, both free and premium password managers use military-grade encryption and zero-knowledge architecture. This means that there's no way to decipher your database even if someone breaks into it. The provider also doesn't have a key to unlock your data. That's why it all comes down to using a proper master password, 2FA, and keeping your devices malware-free.

Are password managers safe to use for business?

Yes, password managers are definitely safe to use for business. In fact, they aren’t only safe to use, but rather essential. The majority of data breaches inside of companies happen due to weak and re-used passwords.

The best password manager for business not only generates strong passwords but also detects data breaches, and allows sharing of encrypted passwords between employees. Moreover, our top business password manager NordPass offers company-wide settings. These allow the admin to set the boundaries on whether encrypted passwords can be shared outside of the company or not.

Having all that in mind, password managers help organisations to avoid huge leaks of data and loss of finances.

Are free password managers safe?

The added security of a premium password manager comes in the form of additional features. Free versions are usually stripped-down and lack options, some of which might be safety-related.

For example, some free password managers don't support biometric data, such as fingerprint or face ID. This means that you will have to enter your master password all the time.

Additionally, other free services don't have the option to audit your passwords. In case your vault dates back more than a few years, chances are those passwords aren't strong enough.

What's more, one would be hard-pressed to find a free password manager that integrates a dark web scanner. On the contrary, a premium password manager constantly checks the dark web to see if any of your accounts have leaked.

Should you use a password manager?

Yes, you should use a password manager. It will allow you to keep track of your passwords without having to memorize them. Some password vaults can also generate and change passwords for you in one click, as well as securely store other types of data like credit card information. A password manager also makes sharing your data with family and friends safer. It's a much better way than writing down your login details in an email or some unencrypted messenger.

Of course, you have to put trust in the company behind your password manager. However, most of them have a flawless reputation. Also, they are way less risky than some dubious app or browser add-on that people install without much thinking.

Yes, they have their flaws and vulnerabilities. But in the end, it's not only the password manager that protects your most valuable information. You should also use a reliable antivirus to prevent malware from infecting your device. Keeping your software updated is no less important, just like double-checking the apps and extensions you're about to install.

Comments

rampr2
rampr2
prefix 4 months ago
Some Zero Knowledge cloud password managers offer sharing password with others such as team or family members. How does it work? If the master password is the key to open the vault to unlock all my passwords and the provider does not have any knowledge of them, how can others (to whom I've shared the credential) even access it without accessing my vault? Can someone explain that architecture to me?
Paulius Masiliauskas
Paulius Masiliauskas
prefix 4 months ago
Hello – I'll try to explain it. Essentially, password managers use pre-shared secrets, meaning that either side has both a public and private key. The public key is used to establish connections between accounts (sharing), to create a hash that can then be decrypted by a different user. So, the process is as follows:

1. You decrypt your vault using a master password to share an item (which is essentially plain text, as all passwords are in the end)
2. The person you share the password with uses their private key to verify that the message is meant for them.
3. You then verify the specific item you want to share, not just the person.
4. A public key is used to encrypt the item.
5. An encrypted item is sent out to the recipient.
6. Additional proprietary syncing allows for up-to-date information (like changes)
C J
C J
prefix 8 months ago
"Most premium password managers are way safer than the majority of the free ones"

False. That's what the companys that build the software say you can never know whether the company has access to your password. But that's not the case for open source PMs like keypass.

The right thing to say is that "The free software is harder to use than than the premium counter part" but saying they are buggy and less secure is wrong and misleading.
Lion Valley
Lion Valley
prefix 10 months ago
I have a Password Manager that came with TrendMicro security software and which I do not use. I felt that I would be giving away my passwords to another source. How would I know that they are encripted on leaving my device and that TrendMicro does not store them in the original form? Or if they are stored by TrendMicro in my device?
Mindaugas Jancis
Mindaugas Jancis
prefix 10 months ago
Hi, Lion Valley. I believe this is still a matter of trust. That’s why we recommend only well-known and reputable password managers. Of course, some of them have undergone security audits by third parties, but once again, that doesn’t give you a 100% guarantee they haven’t changed their ways after the audit.
Zamboanga
Zamboanga
prefix 11 months ago
How safe is it to have company log-on (e.g. log on to O365, which has multi-factor authentication), so that the password manager is immediately enabled (logged onto) by virtue of having logged into O365?
Mindaugas Jancis
Mindaugas Jancis
prefix 11 months ago
Hello, Zamboanga. What kind of password manager are you talking about? Is it a built-in O365 manager or a separate product? The former option is good if O365 is safe enough. However, for the best result, I recommend using a third-party password manager that requires a separate master password.
Ben
Ben
prefix 11 months ago
I think this article leaves out the best password manager out there, PasswordSafe (pwdsafe.org)
Ty Burn
Ty Burn
prefix 11 months ago
What happened if I what to change password manager company? will my access to my account will be lock?
Mindaugas Jancis
Mindaugas Jancis
prefix 11 months ago
Hello, Ty Burn. I shouldn’t worry too much. Most password managers have an export/import function that lets you quickly move to another provider. However, not all formats are supported by every password manager, so you should look at what options are available in your ex and your future provider.
Peter Gervai
Peter Gervai
prefix 1 year ago
“Most premium password managers are way safer than the majority of the free ones. The latter are often buggy, developed by shady companies, and sometimes even include malware.”

This is a pretty curious way to say that you prefer sponsored content, but as a statement is is highly misleading, borderline of false.

First, quality often does not correlate price as there were numerous highly dubious quality expensive code around while the most prominent free code is often more secure due to public scrutiny of their open source than the closed-source paid ones.

Then it’s misleading to suggest that “free” means “buggy” in contrast to the implied “paid” means “bug-free”: this is clearly false. In fact some free code is praised for security of their disk format (like passwordsafe), or their architecture (like bitwarden or keepass-xc).

For security reviewing it is not great to skip tech details; only nordpass has encryption method mentioned (xchacha20), nowhere are KDF, transport methods, client and server security or assurance mentioned. It is true that your article is not alone: I found almost no review which seemed to be knowledgeable enough to be trusted.

Sad.
Steve Garrett
Steve Garrett
prefix 1 year ago
Excellent article Mindaugas! There is one scenario that I am confused/concerned about, however…
Say, I install a desk top based password manager on my Macbook along with a Yubikey for 2FA and my computer either crashes beyond repair or is held hostage by a ransomware attack, what are the consequences with respect to my passwords? What remedy would I have? Thank you.

-Steve
Varek
Varek
prefix 1 year ago
A quick comment about using biometric security.

Biometric passwords come with two risks that others don’t: You can’t change them and you have a finite supply – for example, we only have so many fingers. Once breached or hacked, you cannot easily change your fingerprints or any other biometric element one might use. There is no mitigation for a breach.

Biometrics are harder to break but, like everything else, that will get easier over time. That’s not to say they shouldn’t be used, but the risks should be understood.

Thanks,
fommio
fommio
prefix 1 year ago
It is interesting to look at the technical details. Windows Hello does NOT use the raw biometric data, but an encrypted form and only stores it locally on the respective device.

##################

“The biometric data used to support Windows Hello is stored on the local device only. It doesn’t roam and is never sent to external devices or servers. This separation helps to stop potential attackers by providing no single collection point that an attacker could potentially compromise to steal biometric data. Additionally, even if an attacker was actually able to get the biometric data from a device, it cannot be converted back into a raw biometric sample that could be recognized by the biometric sensor.

Each sensor on a device will have its own biometric database file where template data is stored. Each database has a unique, randomly generated key that is encrypted to the system. The template data for the sensor will be encrypted with this per-database key using AES with CBC chaining mode. The hash is SHA256. Some fingerprint sensors have the capability to complete matching on the fingerprint sensor module instead of in the OS. These sensors will store biometric data on the fingerprint module instead of in the database file.”

##################

https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise
Jonathan
Jonathan
prefix 1 year ago
I use a password manager with U2F authentication and if it’s hacked on Oct 1, will I be safe if I change my master password on Oct 2?

It seems the hacker has a copy of my vault prior to Oct 2 since it’s encrypted with the old password. In that case, I must change my master password and the passwords to all my sensitive sites.
Mindaugas Jancis
Mindaugas Jancis
prefix 1 year ago
Hello Jonathan. That’s a good question. Technically, using U2F should prevent you from losing your data to the hacker. The only thing would be to change the master password. Of course, changing all the passwords would be a good idea, too, especially when there would be not much info about the hack itself.
Ace Treacy
Ace Treacy
prefix 1 year ago
Hello there. Are all password managers that sync to cloud safe? Because I somehow doubt that alll of them have a clear record. I’m not very good at investigating these things, but maybe you’ve found some services that have been faulty and not worth using? I like all the reviews that you write, but I would especially appreciate some insights into some apps that should be avoided at all costs.
Mindaugas Jancis
Mindaugas Jancis
prefix 1 year ago
Good day, Ace! In general, no password manager is 100% safe, including the cloud-based ones. I would recommend avoiding free password managers unless that’s a free version of a reputable premium service.
Elroy Stanton
Elroy Stanton
prefix 1 year ago
I’m not really a pc user so I’m wondering are phone password managers safe? I’m using Android OS most of the time. Perhaps there are other apps that could improve my security in conjunction with a password manager?
Mindaugas Jancis
Mindaugas Jancis
prefix 1 year ago
Hello! If you choose a good password manager, it should be enough to secure your Android device. Of course, you can always start using file encryption, a VPN, or an antivirus. Such internet security suites will only get more popular in the future.
ChicBriefing
ChicBriefing
prefix 1 year ago
I never thought about using one but are browser password managers safe? So far I can’t really think of some possible vulnerabilities or faults, but that could depend. For example if it’s some free extension then it could be riddled with some malicious code, but if it’s integrated into the browser out of the box then it could be more reliable.
Mindaugas Jancis
Mindaugas Jancis
prefix 1 year ago
Hi, ChicBriefing. While browser password managers are safe, they aren’t convenient. To start with, they don’t work on other browsers. Also, it might be difficult to share such passwords securely. Finally, you would probably need another tool to check whether your logins aren’t for sale on the dark web.
Pat B
Pat B
prefix 1 year ago
Why not keep all your passwords organized in a password-protected file on an encrypted thumb drive using AES-256 or higher?
Mindaugas Jancis
Mindaugas Jancis
prefix 1 year ago
Hey, Pat B. It’s one of the options, but the password manager is usually safer and more convenient. Imagine yourself scrolling a document with your passwords in a public place and opening it every time you have to log in somewhere. You should also have a backup in case you lose the USB drive. And if you have that password-protected file on your desktop, imagine a scenario where your computer is locked in by ransomware. Finally, this method fails to implement 2FA, which is a huge part of any type of security.
Alwin Kästner
Alwin Kästner
prefix 1 year ago
Since offline or local password managers exist I was wondering are cloud based password managers safe. I mean they are saved somewhere on a remote data center so potentially someone could gain access to them. Of course it all depends on the provider. But then how am I, as a regular customer, supposed to verify their security? Seems like I have to place a lot of trust into these tech companies.
Mindaugas Jancis
Mindaugas Jancis
prefix 1 year ago
Hi Alwin. Yes, trust is the key word here. I would probably even call it a “keyword.” When choosing between local and cloud storage, you have to decide who you trust more – the password manager company or yourself?
Bigginno
Bigginno
prefix 1 year ago
Why should I trust some companies with my personal passwords? How safe are online password managers anyway? They can brainwash us all they want with their fake policies and marketing jargon, but at the end of the day no company can be trusted without being verified by a third party. Or even better – they should go open source. With more eyes on the code it will be safer.
Mindaugas Jancis
Mindaugas Jancis
prefix 1 year ago
Dear Bigginno,
I can agree with you to some extent. No password manager is 100% safe, but the same can be said about cars or other things that we use. Going open-source would also solve the problem only partially. In your case, I think that a self-hosted password manager should do the trick. Stay safe!
McKenna Hampson
McKenna Hampson
prefix 1 year ago
Do you think password managers are really necessary? Cuz I don’t think that every user needs one. In your opinion what is the best app to save passwords? I’ve been using some encrypted text files to keep my most important notes and it’s good enough for me. I log in once to a service and it doesn’t ask for my passwords anymore. And I don’t need to share my passwords with anyone so the file is safely tucked away in a secret place.
Mindaugas Jancis
Mindaugas Jancis
prefix 1 year ago
Dear McKenna,
Yes, I do believe that. Using the same password for all accounts is extremely not safe. I don’t know about your encryption strength, but if it’s lower than the military-grade AES 256-bit, I’d suggest using a password manager instead.
Anon
Anon
prefix 8 months ago
It sounds like you are allowing your accounts to install persistent cookies on your computer so that you only need to log-in one time and whenever you visit that website you are already logged-in.

While this is admittedly very convenient, it is a serious security risk. For example, if your computer is stolen, the thief will have access to all of those saved log-ins. You are the most vulnerable if you have auto-log-in for your user account enabled i.e. you don't need to log-in to your computer every time you boot your computer. Or if your computer is stolen when you are already logged-in to your user account and you don't have some form of auto log-out enabled. And even if you are logged-out, gaining access to user accounts can be relatively easy or basically impossible but the level of security depends on the strength of your user account password and how you have your access preferences configured.

At the very least, you should not have persistent log-ins for your financial accounts and other sensitive high-value accounts. Since we humans are creatures of habit, it's a better idea to have things set up so you must log-in whenever you visit a website where you have an account. Especially if you have personal and financial information saved on retail websites and others for the convenience it offers.

Personally, I only save credit card info at Amazon and only for credit cards. I do not save such information at any other website. I never use debit cards for any financial transactions online or in-person because the user protections are nothing like what credit cards provide and it is possible to be liable for a large amount of money should your financial account be compromised.

Ideally, such financial accounts should not allow long-in credentials to be saved via cookies or will have some type of 2 factor-authentication required. Unfortunately, in the U.S the vast majority of financial websites use SMS texts to send a simple numerical code to users. If the device you use to receive SMS texts is your computer, the thief may be able to respond to the texts and gain access. Or if your smartphone is also stolen or compromised by a SIM swap, the person who has possession will have access to your accounts.

It's important to remember that your email accounts are another potential gateway to your accounts. If someone can access your email because they have your computer or they know your email account username/password, they will also have the ability to gain control over your accounts. The password for your email accounts should be very strong and guarded as closely as financial accounts and 2FA authentication should be used when available.

Many of us use password managers because they make it very convenient to create extremely strong passwords and avoid the trap of reusing passwords for multiple accounts, which is a common practice and a very dangerous one at that. The best password managers have very strong encryption and various options for locking the password manager when it is not in use.
ComicExpert19
ComicExpert19
prefix 1 year ago
are password managers safe from hacking if my device gets attacked? for example if I get hit with a ransomware attack can I be sure that my passwords will stay secure. I don’t really understand how these things work but it seems like a bad idea to keep everything in one place. Do I need more than one password manager then? Seems awfully expensive.
Mindaugas Jancis
Mindaugas Jancis
prefix 1 year ago
Hey, ComicExpert19! Thanks for the comment. If you use a cloud-based password manager, you’ll be able to access your passwords even if one of your devices gets locked during a ransomware attack. And without your master password, it’s contents won’t fall into the wrong hands.
Johnny J.
Johnny J.
prefix 1 year ago
I want to use my mobile phone as a notebook for all of my passwords but I’m not sure is it safe to keep passwords on your phone. Because at least I can be sure they won’t be leaked because of cloud storage failures or something like that. But on the other hand if my lose my phone I’m fucked. Can I save my passwords somewhere else in a non-readable format?
Mindaugas Jancis
Mindaugas Jancis
prefix 1 year ago
Hello, Johnny. Losing your phone with all your passwords is a big issue, but storing them in one place unencrypted is even bigger. The non-readable format you’re talking about is what all modern password managers offer. Without your master password, there’s virtually no way even for the password manager company to see them because of the zero-knowledge architecture.
Michael Burton
Michael Burton
prefix 1 year ago
Hey, great article, but there’s still one thing I don’t quite understand. Are open source password managers safe? I mean if anyone can take a look at the source code of the app doesn’t it make it less secure? Hackers could have a look at the vulnerabilities that the community is trying to fix and they could exploit it or even inject their own code into the program. Why would anyone trust their data to an open source app?
Mindaugas Jancis
Mindaugas Jancis
prefix 1 year ago
Hi, thanks! I can understand that trusting an open-source password manager might be difficult. To start with, hackers also check the closed-source apps and are pretty good at finding vulnerabilities without the source code – just take a look and Windows. Also, more people are working on open-source projects, so they can often fix the issues faster. But in the end, I can’t say that any open-source app is automatically more secure than a closed-one and vice versa.
Peter Mazur
Peter Mazur
prefix 1 year ago
Thanks for this summary!
I had been keeping all my passwords in a file for probably 15 years. It’s amazing how many logins you accumulate with random purchases, etc. and how easy it use to use the same password/login combo. It was getting lengthy (close to 300, but many were old) and I was using one main (very difficult) password for a lot of sites, then started adding characters when I was forced to reset a password, so even remembering some was becoming a chore.

I started with a password manager about a year ago, but got lazy and didn’t take it too far. It’s surprising how many strange problems arose when simply changing a password! Then, a few weeks ago, that one password I used most of the time was breached, so I took the time and updated all sites with 16 to 24 character passwords. It took several hours a day for a few days, but it’s worth the peace of mind I have now and it’s a lot easier to log in! Also, I’m glad the one I chose was recommended as a good one.

-pm
Ricardo T.
Ricardo T.
prefix 1 year ago
Give it a try to Passcal
Leave a Reply

Your email address will not be published. Required fields are marked