We may earn affiliate commissions for the recommended products. Learn more.

How do password managers work?


Most people hate registering accounts, much less creating passwords. That might be the reason why they reuse them several times when creating logins. Although it solves the problem of easy registration, it leaves a gap in your security, which could one day blow up in your face.

However, it’s 2024, and there are solutions to this issue. One of them is employing password managers, which you can use to create complex passwords and store them without the fear of forgetting anything. The best part is there’s no risk in testing a reliable password manager if it offers a free trial.

Our top recommendation is 1Password because it’s easy to use, has all the essential features, and comes with a generous 14-day free trial.

How to create a strong password?

generate-a-strong-password-2

Here’s how the password managers work and how you can use them to make yourself safer on the web.

What is a password manager?

A password manager is a program that allows you to generate and store all your passwords in a safe location. Most of them let you keep credit card information as well as secure notes. For even more security and convenience password managers also support using biometric data (fingerprint or face) instead of your master password for even more security and convenience. You can also share selected information with your family and friends without copy-pasting it into an email or instant message.

👉 Check out the Best password managers in 2024 👈

And so, instead of memorizing all the login information you use for each site, you only have to remember one master password when using a password manager. And thanks to the autosave and autofill features, you’ll be able to connect to all your accounts in just a few clicks.

Try TOP password manager free for 14 days
Forget about using one easy-to-remember password for all accounts or noting down your logins on a sticky note! With 1Password, you can make sure that every password is unique and reliably protected against data breaches and sneaky spies.
cybernews® score
4.8 /5

How do password managers secure your passwords?

There are multiple ways to categorize password managers. However, this time we want to present three technologies and explain how they work. We must also point out that some providers offer multiple methods to save your data. Most of them will require you to use a master password to protect your vault.

Here are the three types of password managers:

  • Locally installed or offline password managers
  • Web-based or online password managers
  • Stateless or token-based password managers

Let's explore each of them more thoroughly.

Locally installed or offline password managers

keepass database

As the name implies, locally installed password managers, also known as offline password managers, store your data on your device. It can be your computer or a smartphone, depending on your preference. You will find your passwords in an encrypted file, separately from the password manager itself. Some managers also allow storing each password in a separate file, greatly increasing overall security.

As always, you need a master password to access your offline vault. If it’s a strong one, there’s minimal chance that either the government or some hackers will break into your local database. That’s because brute-forcing military-grade encryption requires a significant amount of time. What’s more, if you keep that device with all passwords offline, there’s no way to access it without seizing it.

offline password manager

Naturally, offline password managers have some inherent flaws. For starters, using them on multiple devices might prove challenging. There’s only one location, and other devices somehow have to sync with the one that has the vault. It usually means having your device with the locally installed password manager online, which means it can become accessible to third parties. Finally, if the device with your offline password manager breaks down and you have no backup, be ready for some tedious manual labor.

If you have an offline or locally installed password manager, then your passwords are stored locally! To be more precise, it’s the device that you’ve chosen for your vault. However, there’s a possibility to synchronize the passwords between multiple devices, which means all of them must be online. If you want even more security, you can save your passwords on different files, requiring a unique key for each.

Web-based or online password manager services

lastpass online password manager

By far, the most popular type, web-based password managers, store your passwords on a cloud, which is usually the provider’s server. Such setup means that you can access your passwords from everywhere anytime, without the need to install the online password manager software. If accessing your vault via a web application is not possible, you would only need a browser extension or a mobile app.

But how can one know if their passwords are not accessible to the provider? Well, all reputable online password managers use zero-knowledge technology. It means that they encrypt your data on your device before sending it to the server. It also means that your vault is available for access attempts to third-parties 24/7. What’s more, all security measures mean nothing if there’s keylogger malware on your device, and you’re not using two-factor authentication.

online password manager

Finally, you should expect to pay for a web-based password manager. There are great free versions to choose from, but some features like device limit or dark web scanning will always be premium. That said, most paid online password managers will not break your bank, especially if you commit long-term.

Try 1Password for FREE

Try out 1Password commitment-free using a 14-day free trial. Enjoy low prices starting at just $2.99/month after that!

Visit 1Password

Chances are you went for the online (or web-based) password manager. In this case, your passwords are stored online! Your vault is on the provider’s server, available 24/7 to you from anywhere as long as you have the master password. You don’t even need to install the password manager client – most of the time, a browser extension will suffice. Sometimes you can access the vault via a web application available on the provider’s website.

Stateless or token-based password managers

onlykey stateless password manager

Last on the list are token-based or stateless password managers. In this scenario, a local piece of hardware, such as a flash USB device, contains a key to unlock your particular account. There’s also no such thing as a password vault because the password manager generates them anew every time you log in. For additional safety, we recommend using not only the token but your master password too. This way, you’ll be implementing two-factor authentication.

Stateless password managers don’t require synchronization between your devices because there’s no database in the first place. In a way, that’s also safer because there’s no place where a hacker can find all your passwords. Although, one can hack token-based passwords if she or he knows the master password and one account.

Contrary to online password managers, these are usually free and open-source. That’s why they are not particularly recommended for amateur users because all the support they get will be forums and knowledge bases. On top of that, you will need a smart card reader or a USB stick to generate tokens.

And if you find yourself with a token-based password manager (also known as a stateless password manager), that means your passwords are stored nowhere! How can it be so? Well, as the name implies, there’s no password vault, only token generation whenever you access a specific account. One can generate a token on an external device, such as a USB stick.

How to manage passwords with a password manager: video review

Want to know more about password managers? Watch this comprehensive video explanation about password managers and how they work.

How do password managers encrypt passwords?

256-bit AES encryption is a military-grade level cipher used to encrypt and decrypt data so only authorized parties can access it. The NSA and major corporations adopted it in 2005, and it soon became a standard for Virtual Private Networks, firewalls, and password managers.

While AES is the encryption, 256-bit is the key. Encryption keys are random strings of zeroes and ones. In this case, it means there are 2^256 combinations available. The more combinations, the harder it is to brute-force the right one.

AES 256-bit is a so-called symmetric or private key encryption algorithm. The key is used both for encrypting and decrypting data, so both parties must know it. In contrast, asymmetric or public-key encryption uses a public key for encryption and a private key for decryption. As a result, the private key doesn’t have to leave your device, increasing security.

symmetric encryption

Not all password managers use AES-256 encryption. Some use the less secure (although still extremely hard to brute-force) AES 128-bit standard. Usually, these are free and open-source password managers that get less-frequent updates.

However, there's already better encryption than AES 256-bit that goes by the name of XChaCha2. So far, only NordPass has implemented this next-gen cipher among all premium password managers. It comes with Argon2 for key derivation while XChaCha2 encrypts your password vault.

Why use a password manager?

  1. Password generators. You don’t need to spend 15 minutes pondering on the things that you like to come up with a password. Several password managers will allow you to generate a safe password with varying complexity. Not only this saves your time, but it also comes up with better passwords.
  2. It makes the process easier. Password managers are not only one of the safest ways to store passwords. A reliable password manager tool will allow you to administrate all your logins from one application. A lifesaver for those using a multitude of websites and platforms
  3. No more typing. Most password managers have a built-in feature that allows you to auto-fill passwords and other recurring information. It extends to your payment information or addresses. It saves you the hassle of needing to remember every single one of your passwords
  4. Secure password sharing. Many people are sharing accounts with their friends and family. Netflix even allows different users who log in with the same password. However, the best way to share them isn’t to paste them into the chat. That’s the definition of asking for trouble. The password manager then allows users to securely share passwords with other users.
  5. Cross-platform support. As applications, password managers are not at all complicated and do not require a lot of resources. It means that it’s much easier to develop them for a variety of platforms like web browsers or smartphone apps. For the end-user, this means an ability to get the same password vault no matter what’s your preferred method of connection.
  6. Multi-factor authentication. Even if a hacker would install a keylogger and get your master password, this wouldn’t mean the end of the world if you have two-factor authentication enabled. The password would be useless without it, so you would still be safe, and the vault would stay locked.
Try 1Password for free

Your passwords are keys to your entire online identity. Making sure they're secure will offer you full peace of mind. Don't let data breaches scare you – use a password manager and stay protected.

Get 1Password

Password manager setup

The answer depends on what type of password manager you are planning to use. If it’s token-based, first you need to decide what kind of device you want to use for key generation. In case you’ve decided on an offline password manager, you should also choose the primary device that will store your database. And if you’re leaning towards an online service, narrowing down your selection to a free or paid option should save plenty of time.

7-step password manager setup

Since the web-based password managers are the most user-friendly, we'll be using them as an example. Below are the key steps in setting up a password manager:

  1. Decide which devices you want to use your password manager on. Is it going to be your phone? If so, does anybody else know your access code? What about shared home devices, such as tablets and smart TVs? Will you use your password manager on the work computer? These are some of the most important questions to ask yourself before setting up your vault.
  2. Install your chosen password manager. There are plenty of free and paid versions to choose from, but we recommend using only the best password managers. You should check what features are available on the free version (if any) and whether the added perks justify the price. Afterward, make sure it supports your OS and browser. If you're planning to import your current vault, check if it's possible first. Finally, paying a bit more for 24/7 customer support often pays off.
  3. Create a secure master password. Even if your selected password manager allows master password recovery, you should still choose one that's memorable but hard to guess. To fulfill the last requirement, it may be a good idea to use a passphrase containing 4-5 randomly chosen words. Lastly, while this may sound weird, consider sharing your master password with the person you trust the most so he or she could access your vault should something happen to you.
  4. Enable two-factor authentication (2FA). Adding 2FA to the mix will greatly improve your password security. While the second factor can be "something that you have," which will probably be your smartphone, we recommend choosing "something that you are" and using biometrics. Depending on your device, it can be either a fingerprint or also a face scan. What's more, you can use 2FA instead of a master password, which significantly improves usability on touchscreen devices.
  5. Start entering passwords. Before you get used to your new password manager, and while you still cannot remember your master password that well, you may want to enter less important passwords first. A good idea is to generate a strong password for the email that you use for recovering the master password. Otherwise, a hacker can easily get a hold of your database after breaking into your mailbox.
  6. Consider adding other data. The majority of password managers let you save not only logins but also credit card details and secure notes. If you're doing a lot of online shopping, having the payment info in autofill can save quite some time. And there's probably no better place to keep the secrets that you may want to share only with the most trusted friends.
  7. Share your logins. Sooner or later, somebody will ask you for your Netflix account. Copy-pasting the username and password is not the best idea, so that's why your password manager allows you to share logins with others (or at least some do). Some services even allow you to create folders where you store the least-sensitive and often-shared passwords.

Can password managers work on multiple devices and phone apps?

multiple devices

Not all password managers can work on multiple devices, including smartphones. A stateless password manager is based on the idea that only one device can generate passwords for your accounts. What's more, there's no such thing as a password vault that you could check.

Locally installed password managers are also not suited for use on a bunch of devices. That's because you are saving your database on one computer or smartphone and syncing between all devices is possible, but not convenient. Of course, if you decide to use multi-factor authentication, you will probably need two compatible devices.

Web-based password managers do work on multiple devices, mobile apps, and even browser extensions. Some also offer web applications accessible from the provider's website. Your vault is stored in the cloud, meaning that the password manager is as device-agnostic as it can be to guarantee maximum usability. The actual scope will entirely depend on the particular service that you’re using.

Such industry-standard password managers as NordPass, RoboForm, and 1Password all enable you to protect your passwords on an unlimited number of devices at once. They synchronize data to keep everything up-to-date, too.

FAQ

Comments

Tony
prefix 5 months ago
If you have been using one password manager for a while but then decide to change to another password manager what happens to all of the passwords you have been using., Do they transfer over to the other manager?
Cybernews Team
prefix 5 months ago
Hi, Tony. Thanks for your question.
When you want to migrate to a different password manager, you can manually transfer passwords by exporting them from the old manager and importing them into the new one. How you export and import generally depends on the password managers involved, but in general, it's a quick and intuitive process. Hope this helps!
John
prefix 8 months ago
My passwords are saved in my Notes app on my devices. That means I can't simply create a CVS file to export into a PM like NordPass. I'm assuming I have to enter each of those passwords into a PM to get the ball rolling?
Cybernews Team
prefix 8 months ago
Hi there! Thanks for your question! Actually, you can easily move your passwords to NordPass by exporting them to a CSV file. Just follow these steps: open your NordPass app and go to Settings; look for the Import and Export section; click on Import items; choose how you want to import your passwords, either from another app or using a CSV file. Hope this helps!
Terry
prefix 8 months ago
I want to get an individual plan through Nordpass. I have six different email accounts, five through gmail and one through outlook. These act as my user names on various log in sites, with different passwords for each site. Can I add all of these under an individual plan or do I have to have a family plan?
Cybernews Team
prefix 8 months ago
Hi, thanks for reaching out. Yes, you can save all different email credentials in the NordPass password manager and use them to log in separately. You can use only one email address to create a NordPass account, but the manager itself can have an unlimited number of login details. Check more information in our detail NordPass review: https://cybernews.com/best-password-managers/nordpass-review/ Hope this helps!
Kenneth Trahan
prefix 11 months ago
If i have a PM, i can still go directly to an account - say a bank web site, and log on verses opening the vault and accessing that way?
My assumption is when i open a vault, i see all the web sites (banks, insurance companies, e-mails, medical providers) I've provided sign-on data for and i just click the one I want, the PM launched the web address and auto fills in the user name and password? If so - do i need to keep a record of all my passcodes? Also - how does it handle the requirement to change passwords every 90 days like some sites do?
Cybernews Team
prefix 11 months ago
Hi, thanks for your question! Logging in will depend on your password manager. Some have a feature where you go to the vault, click on a button near login details and it takes you to the site. Then if autofilling is on, it will automatically log you in. However, not all password managers have this feature and even when they do, you can still opt for a normal login – go to the website yourself, autofill the details and get logged in. Regarding the 90 days – it depends on the password manager. Most likely they will not prompt you to change the password, however, some password managers have a password checker. This feature will show you older passwords (usually passwords that are older than 90 days), then you can change the password when you see it appear in old passwords section. Hope this helps!
Susan
prefix 1 year ago
I have a hacker/stakes who is easily amused because he changes my passwords all the time. I have Norton 360 who claims there is no malware or key stroke loggers on my device, yet this continually happens. Can a password manager help with this, and if so, how? My main concern is now with one password he will have all my passwords, but it seems he does anyways.
Cybernews Team
prefix 11 months ago
Hi, thanks for your question. If Norton doesn't detect malware, it still doesn't mean that there's no malware. A threat actor with email access might change other account passwords. You should change your email password and consider resetting your device if undetected malware is suspected. Prioritize removing the threat actor, then use a password manager for strong passwords. Avoid sharing the master password with anyone due to potential keyloggers. With a password manager, autofill can mitigate keylogger risks. Hope this helps!
Sam Karver
prefix 1 year ago
Do any of the Password Managers have a live person you can call as part of the subscription during business hours?
Cybernews Team
prefix 1 year ago
Hello, Sam! Thanks for your question. Yes, many password managers have phone customer support during business hours. NordPass offers 24/7 live chat support in English, German, French, Spanish, Portuguese, Russian, and Polish. Phone support (during business hours) is available in English, German, and French. Other password managers like Keeper and RoboForm also offer similar phone support options. Hope this helps!
John Smith
prefix 1 year ago
Hello, I have over 50 password controlled accounts / documents. With a password manager can I select which accounts / documents I want to include in the manager and which I want to exclude?
Cybernews Team
prefix 1 year ago
Hi! You can manually add any number of passwords and other sensitive information into a password manager. Hope this helps.
Charles
prefix 1 year ago
How do you get started? Does this require you to go to every password based account and start changing passwords to an online generated password?
What if your master gets stolen? Where do you store that? How does it get generated?
Thanks
Cybernews Team
prefix 1 year ago
Hi! If you wish to change every password before importing them in the password manager, then yes, you will need to go through this process of changing all passwords manually. On the other hand, if you have saved passwords in the browser, you can download them in the .csv file form and import it into the password manager. Then if the password manager has a feature that shows weak passwords, you will be able to check what to change and which passwords are strong enough.
Your master password should not be stored anywhere but your head. To remember it, you should make the password something that you'd remember, something that means something to you. So, use a string of words and complicate it with dots, question marks, and any other symbols.
Brian
prefix 1 year ago
Great article.

Do password managers only work with web-based applications? What about desktop applications that perform authentication? I'm finding more and more of them.
Cybernews Team
prefix 1 year ago
Hi. If you're inquiring about the auto-fill feature on apps, then this feature on mobile phone apps is more popular and widely supported by many of our top password managers. For example, with NordPass, you can enable auto-fill in the menu ➝ settings, and enabling auto-fill in settings. It will save passwords in the apps, and you'll be able to autofill info when logging into them. Hope this helps!
Rob
prefix 2 years ago
I travel a lot. Can I use Nordpass where ever I am? Is simple to add or delete a device in the future? Can I easily change the main/host device?
Many thanks
Cybernews Team
prefix 2 years ago
Hi,

You can use NordPass wherever you are, on as many devices as you want - there is no one "main" device you have to use it on.

You can find more information about NordPass here: https://cybernews.com/best-password-managers/nordpass-review/
Anorld
prefix 2 years ago
Hi
Can different users use same vault or PM and have separate accounts they can access individually without anyone accessing their data amongst themselves, even though they all have access to the same master password? Will they need a second password besides the master password, to access their individual profiles within the vault?
Cybernews Team
prefix 2 years ago
Hi!

It depends on the password manager.

For example, NordPass offers a family plan with 6 unique accounts. These accounts will be separate, so the users will have their own master passwords and won't be able to see passwords of others. The users also won't be able to have a shared vault, but there is a possibility to safely share passwords anyway.

As another example, LastPass' family plan gives access to one account for up to 6 individuals. There will be a Password Family Manager who'll be able to add or remove members or create and control access to a shared family vault. The persons invited to join the plan will have their own account with their own master password and private vaults, as well as access to the shared vault.

So to answer your question - in both cases, you will have your own account and master password for your private use. The access to a shared vault will be controlled by the account manager. You won't need a second password besides the master password to access the shared vault.

We hope this helps.
Charles Consumes
prefix 2 years ago
If you are sending your password to the vendor to authenticate for access to your online password vault? How are you assured that the vendor wouldn't have access to your passphrase? I'm assuming that your credentials are hashed prior to being sent? Is that correct?
Mindaugas Jancis
prefix 2 years ago
Hello, Charles Consumes!
You're right. Most password managers use the "zero-knowledge" approach where even the service provider doesn't know your password. All information is encrypted, and only you have the master password to unlock the vault. Furthermore, there's the security key for encrypting and decrypting data. If a hacker doesn't get hold of all three parts, he won't be able to steal your passwords.
David
prefix 3 years ago
Is there a password manager that can be used on multiple devices and be available when offline to access password protected files etc.?
Perhaps by syncing the passwords before going offline?
Mindaugas Jancis
prefix 2 years ago
Hi, David. Offline password managers can work on multiple devices. Of course, that means synchronization can't do the job 100% unless all devices are online. I'd advise trying Enpass offline password manager. It eases the pains of synchronization by adding a cloud hosting company to the mix. On the other hand, such a feature increases the overall risk.
Donald
prefix 3 years ago
Will an online password manager program work if I have two email
addresses? One is personal use the other is a do all.
Thank you
Mindaugas Jancis
prefix 3 years ago
Hello Donald. It sure will!
Ray Thombs
prefix 3 years ago
Good information
Could you tell me if there are multiple users, kids, wife etc., on one device (our Mac desktop), do they all need to use the password manager, or can they just use their old self created passwords
Thanks
Nicolas
prefix 3 years ago
You can log in to an online service the old way without using a password manager, even if there is one installed.
you can most likely also create an account in the password manager for each family member.
Leave a Reply

Your email address will not be published. Required fields are markedmarked