Are Password Managers Safe? | U.S. News


Popular Password Managers

In the simplest sense, password managers are apps that securely store your login details for all sorts of websites and online services. Most password managers don’t just keep track of your various usernames and passwords; they also create unique, strong passwords for your various logins.

Some major companies like Google and Microsoft offer their own password managers, as do numerous independent companies. Password managers typically use multiple layers of encryption and other protections to keep your data safe. This guide will spell out the security features and safeguards that different password managers use, helping you to decide which service is best for your needs.

Keeper »

4.2 out of 5

Two-Factor Authentication
Biometric
TOTP (Time-Based One Time Password)
Security Monitoring Features
View Plans »
Bitwarden »

4.1 out of 5

Two-Factor Authentication
Biometric
TOTP (Time-Based One Time Password)
Security Monitoring Features
See Review »
Dashlane »

4.0 out of 5

Two-Factor Authentication
Biometric
TOTP (Time-Based One Time Password)
Security Monitoring Features
View Plans »
LastPass »

4.0 out of 5

Two-Factor Authentication
Biometric
TOTP (Time-Based One Time Password)
Security Monitoring Features
View Plans »
1Password »

3.8 out of 5

Two-Factor Authentication
Biometric
TOTP (Time-Based One Time Password)
Security Monitoring Features
View Plans »
Keeper »

4.2 out of 5

Company

Two-Factor Authentication
Biometric
TOTP (Time-Based One Time Password)
Security Monitoring Features
View Plans »
Learn More
Bitwarden »

4.1 out of 5

Company

Two-Factor Authentication
Biometric
TOTP (Time-Based One Time Password)
Security Monitoring Features
See Review »
Learn More
Dashlane »

4.0 out of 5

Company

Two-Factor Authentication
Biometric
TOTP (Time-Based One Time Password)
Security Monitoring Features
View Plans »
Learn More
LastPass »

4.0 out of 5

Company

Two-Factor Authentication
Biometric
TOTP (Time-Based One Time Password)
Security Monitoring Features
View Plans »
Learn More
1Password »

3.8 out of 5

Company

Two-Factor Authentication
Biometric
TOTP (Time-Based One Time Password)
Security Monitoring Features
View Plans »
Learn More
Sticky Password »

3.8 out of 5

Company

Two-Factor Authentication
Biometric
TOTP (Time-Based One Time Password)
Security Monitoring Features
See Review »
Learn More
Enpass »

3.7 out of 5

Company

Two-Factor Authentication
Biometric
TOTP (Time-Based One Time Password)
Security Monitoring Features
See Review »
Learn More
RoboForm »

3.5 out of 5

Company

Two-Factor Authentication
Biometric
TOTP (Time-Based One Time Password)
Security Monitoring Features
See Review »
Learn More
Zoho Vault »

3.4 out of 5

Company

Two-Factor Authentication
Biometric
TOTP (Time-Based One Time Password)
Security Monitoring Features
See Review »
Learn More
McAfee True Key »

3.3 out of 5

Company

Two-Factor Authentication
Biometric
TOTP (Time-Based One Time Password)
Security Monitoring Features
See Review »
Learn More

Password managers act like a secure storage locker for all of your login information for online services, gathering your usernames and passwords in one convenient location. To access your logins, all you have to do is set (and remember) one secure master password. Password managers are both a storage solution and a digital security system, and reputable password manager apps use multiple layers of protection. Password managers can be desktop apps, meaning your data is stored on your device, or cloud-based, meaning the data is stored online. Both desktop apps and cloud-based password managers have security pros and cons.

A good password manager has multiple layers of security and protection to prevent breaches and protect your passwords from being revealed in the unlikely event of a breach. There are also security features on the user’s side, such as biometric authentication (meaning a user may need to provide a fingerprint to gain access to their passwords), to ensure that only authorized users are logging into your account. Security is of paramount importance for most password management services, so many of them offer additional features such as password generators, giving you unique, ultra-secure passwords to further protect your data online, or reminders to regularly change passwords. These generators alone are arguably a good reason to sign up for a password manager; a 2019 Google survey of Americans aged 16 and up found that 52 percent of people repeated the same password across multiple online services, and 13{8a924211cc822977802140fcd9ee67aa8e3c0868cac8d22acbf0be98ed6534bd} said they use the same password for everything. Cybersecurity experts widely advise against reusing passwords because it makes life much easier for hackers.

The most obvious risk from using a password manager is that it keeps all of your sensitive login information in one place, so one breach could be catastrophic. That said, many password managers use numerous layers of security that greatly reduce the chance of your passwords being hacked and shared. Most major password managers have never had a substantial security breach, and while some services have been revealed to have vulnerabilities, these have typically been resolved without incident. It’s arguably more likely that somebody could manually access your account, for example, if a snooping houseguest found your master password written alongside your computer. However, common features like multifactor authentication should protect against such a scenario.

Another risk that’s arguably more likely than a hacking incident is the possibility of being completely locked out of the password manager by losing or forgetting your master password. Some password managers have a contingency plan in case of this, such as recovery codes that you can enter, although for the sake of users’ own security, there is usually only a rather limited selection of options for this kind of emergency access.

Some password management services offer both free and paid plans. Generally speaking, free plans still offer an appropriate level of security. For example, Lastpass’s free plan still encrypts your information and offers multifactor authentication to protect it. However, its paid plans provide extra security like dark web monitoring, which scans the dark web to detect if any of your personal information or passwords have been leaked. A free plan that doesn’t offer the full range of security features may still be useful for storing less-important passwords, but those who are serious about security may want to go for a paid option. These start at around $30 to $40 annually for most reputable services.

Free plans also usually restrict other features. For example, they may only work on a single device, support a limited number of passwords, or provide limited customer service.

While they’re not perfect, password managers are a useful tool for anyone who uses the internet, even occasionally. Cybersecurity experts generally regard password managers as secure. While the idea of having all your passwords in one place could be scary, the use of zero-knowledge systems on most password managers — meaning that the password management company never stores your master password — makes it extremely unlikely that your master password could ever be stolen. It’s more likely that any password leak would come from a different source, like an email provider or a customer database from an online shopping service.

While it may be easy to forgo a password manager and use the same two or three passwords across numerous websites, it’s generally accepted that this is risky and could cause major problems if one of your frequently-used passwords is leaked. This is another key reason to use these programs: any well-designed password manager should be able to generate strong, unique passwords that will protect you better than a password based on the name of a pet or family member.

If your passwords are hacked or otherwise exposed somewhere online, the most important step is to immediately change all of the affected passwords. Due to their high level of security, it’s highly unlikely for password managers to suffer this kind of breach; most attacks tend to happen from the business where the account is held (for example, your bank or an online store). An IBM report on cybersecurity breaches in 2020 lists the finance and insurance sector as the most-attacked industry, comprising 23{8a924211cc822977802140fcd9ee67aa8e3c0868cac8d22acbf0be98ed6534bd} of all attacks, followed by manufacturing, energy, and retail. Although not all of these attacks aim to steal user’s passwords or similar data, it seems clear that cyber attacks go after the (often less secure) companies that run your accounts, rather than an ultra-secure repository like a password manager.

If your password manager credentials are stolen, you need to change most or all of your passwords and consider switching to another password manager. If a leaked password is one that you use across multiple accounts or websites, you should change all of those passwords, even if the breach only affected one account directly, as hackers could still attempt to use a leaked password to access other accounts.

The new passwords should be strong, with a mix of upper- and lower-case letters, numbers, and special characters. Stay away from common words that might make the password easier to guess. Longer passwords are better. Most password managers can generate strong random passwords, so make use of this feature for extra security.

If you have lost or forgotten your master password, you may need to delete your account and start over from scratch, as most companies do not allow you to reset it easily. But, depending on the company, there are a few steps that you can take to try to save your data or regain access.

  • Use recovery codes: some services will give you a list of recovery codes, usually when you sign up. These should be written down or saved somewhere secure. If you have these on hand, you can use them to regain access.
  • If your service uses biometric security (fingerprints or face scans), you may be able to use these to reset your master password, usually on a smartphone.
  • If you set up an emergency contact (not all managers allow this), they may be able to reset your master password.
  • Check if your password manager is still logged in on another device. If so, you may be able to back up your passwords before deleting or resetting your account.
  • If these options don’t work or aren’t available, you’ll most likely have to fully reset your account, which means you will lose all your saved passwords.

Although the exact security features vary across different password managers, these are some of the most common:

  • Encryption: Simply speaking, this means that your data is translated into codes to make it harder for a bad actor to crack them. Password managers often use military-grade AES-256 encryption, considered to be extraordinarily difficult and time-consuming to crack, and some use several layers of encryption.
  • Zero-knowledge architecture: Many password managers are designed so that the system will never actually “know” your master password to access your account. This means your master password (the key to all your other passwords) can never be leaked by the service.
  • Biometric login: Just like on an iPhone, many password managers allow users to log in with fingerprints or face scans.
  • Multifactor authentication: This requires users to have access to multiple devices in order to log in. For example, if you’re logging in on a laptop, you may need to confirm the login on your cell phone.
  • Dark web monitoring: Some password managers continuously scan the dark web (where stolen information is sometimes sold or published) for any breaches of your personal data

For more information about password managers, see our other guides:

Password Managers

Other Ratings From 360 Reviews

Why You Can Trust Us: 18 Password Managers Researched

At U.S. News & World Report, we rank the Best Hospitals, Best Colleges, and Best Cars to guide readers through some of life’s most complicated decisions. Our 360 Reviews team draws on this same unbiased approach to rate the products that you use every day. To build our ratings, we researched more than 18 password managers and analyzed 16 reviews. Our 360 Reviews team does not take samples, gifts, or loans of products or services we review. All sample products provided for review are donated after review. In addition, we maintain a separate business team that has no influence over our methodology or recommendations.

U.S. News 360 Reviews takes an unbiased approach to our recommendations. When you use our links to buy products, we may earn a commission but that in no way affects our editorial independence.



Source link

Previous post Coinbase warns of upcoming slowdown even as profit jumps | Business and Economy News
Next post New business boom continues | The Week