All web browsers give you the option to save passwords, and it is enabled by default. Though this feature is really convenient, it also poses some security risks.
Here I go over some of these risks and advantages of using a dedicated password manager. I'll discuss different password management features as well as the pros and cons of each type to help you decide which password manager to use!
About Password Managers
Password managers are one of the most convenient ways to remember all of your different passwords because they save your login credentials, automating the sign-in process for you.
With the help of this tool, you won't have to use a single password for all online accounts, which is a risky practice that compromises user security.
Think of it this way…
Instead of trying so hard to remember your password for multiple accounts or even jot them down in your private notebook, a password manager stores the passwords for you. When you log in, your username and password credentials are all inputted with the simple click of a button.
Now, You Might Be Wondering
Is it safe to use a password manager?
Because password managers use advanced encryption methods to store your passwords, no one—not even the owners of the website—can view your password.
This is great because even if hackers somehow get access to your data, they won't be able to decipher your encrypted passwords.
However, you should know there are two types of password managers you can use: Browser password managers and stand-alone password managers.
What's a Browser-Based Password Manager?
If you use popular web browsers like Chrome, Safari, Firefox, and Opera, you've probably encountered browser password managers—maybe without even realizing it!
Many people depend on these tools because they're highly convenient and easy to use.
Here's how it works:
- Every time you visit a new website that requires log-in details, your browser will automatically ask you if you'd like to save your password.
- The next time you visit these pages, the browser autofill feature will complete the web forms for you, so you won't need to do a thing!
If you often switch between the web browser on your computer and on your mobile device, don't worry – your passwords will still be saved on each one.
However, these password managers also come with their cons. Compared to stand-alone password managers, these have limited features, and they're also less secure. Check out the specifics below:
- Very convenient and user-friendly. Web browsers literally do all the work for you. Once you turn on this feature, your browser will automatically store and fill in your accounts' username and password the next time you visit these websites.
- Useful password generator feature. Some browsers can generate a string of random characters and store this as your password. If you struggle to create strong passwords, you'll find this feature very helpful.
- Passwords are synchronized across all devices. Do you regularly switch between your laptop, phone, tablet, and other smart devices? As long as you use the same browser on each one, your accounts' details will automatically be synced for you.
- No payment required. Best of all, this service is completely free of charge! Think of it as a useful add-on provided by Chrome, Opera, Firefox, Safari, and other popular browsers.
- Only relatively safe. Browsers claim that all users' passwords are encrypted, but they don't really have additional security features. Remember, browsers' primary purpose is to help you find information online—not protect your personal data.
- No cross-browser syncing of passwords. Unfortunately, if you use more than one browser, you'll have to store your passwords separately on each one. Although some allow you to import your data from another browser, I still find this to be a HUGE inconvenience, considering I have a ton of different accounts.
- Limited security features and functionality. Browsers can encrypt your passwords, but they can't determine if your password needs strengthening. These password managers can't detect reused passwords or check if your data has been leaked on the dark web as well.
- Comes with a lot of risk. With browser-based password managers, there's no option to add a master password for an added level of security. If you use Chrome and your Google account is successfully attacked by hackers, for example, all of your data may be readily available to them.
What's a Standalone Password Manager?
Stand-alone password managers' primary purpose is to keep all your passwords safely stored in one place.
Because these tools are actually products that third-party companies sell, they're a lot more functional and innovative compared to browser-based password managers.
Now, you might've heard of cloud-based and desktop-based password managers, which are two types of stand-alone password managers.
A cloud-based password manager protects your username, password, and other confidential details (like your credit card information) using cloud storage.
It automatically backs up to a third-party server whenever your data changes as well.
Although it works a bit like a browser-based password manager, the great thing about a cloud-based one is you can use it across multiple devices AND operating systems for a more hassle-free log-in process.
Meanwhile, a desktop-based password manager stores your passwords and data on a local device.
This means you can access it anytime, even without WiFi connectivity. And, because it doesn't utilize a server that hackers can access, it offers very high-level security.
However, a desktop-based password manager requires regular back-ups, and it doesn't offer seamless syncing between multiple mobile devices.
- Multi-purpose use. A stand-alone password manager doesn't just safely store your data; it doubles as a password generator too! It can create dozens of strong and unique passwords for you to improve the security level of your online accounts.
- Great security features. Besides data encryption, stand-alone types also rely on a master password (and oftentimes, even two-factor authentication!) to safeguard your account details. This makes it much harder for other users to access your data.
- High functionality. Stand-alone goes BEYOND password storing. A typical stand-alone password manager will also feature dark web monitoring, regular strength tests for your passwords, and other useful tools to help you amp up user security.
- Lots of helpful add-ons. Different companies create many useful add-ons for their password manager tool. One example is a built-in VPN service for users' online browsing security.
- Payment is usually required. Unlike a browser-based manager, a stand-alone usually has to be purchased. This is because it comes with a lot of additional services and features to improve user security. You have the option to download a free version, but these are not as reliable as the paid option.
- Some options aren't as convenient as browser-based password managers. Depending on the brand of your password manager, you may have to manually copy and paste your account details and passwords from the app to the website. For some users, this can be incredibly time-consuming.
- Risk of creating a single point of failure. While using a password manager is safe, you do still run the risk of having all your user data stolen. Because your master password allows access to all of your other passwords, you have to make sure this is strong, unique, and known only to you. For added security, you should enable two-factor authentication.
Examples of Browser Password Managers
Because the features of different browser-based password managers differ, let's go into each one in-depth to determine the best option for you.
Google Chrome is one of the most widely-used browsers across all operating systems and devices—Apple, Android, and Windows ones included.
How Secure Is It?
Besides being a dependable web browsing tool, it also has a handy password manager feature that can generate and store passwords for its users.
What's cool about Chrome is it can generate a unique password for each account that you own. However, this password may not be the strongest option, as you can't personalize it by requesting a certain number of characters or a specific set of characters.
Overall, although this browser-based password manager is pretty safe and dependable for normal, everyday accounts, it might not be the best option for storing sensitive personal information.
The good thing about this password manager is all your data is stored via the iCloud keychain created by Apple. This means you can access your passwords from any device linked to your Apple account.
How Secure Is It?
Like Google Chrome, it can create a unique password for you to improve account security. However, it's also quite lacking in terms of additional safety features, since password storage and authentication isn't its primary purpose.
My tip? Use two-factor authentication like biometric scanning or Face ID for extra security.
One last thing you should note is that while your passwords will be synced across all your Apple products, they won't automatically transfer to devices running on other operating systems such as an Android phone.
Firefox is a little different from the browser-based password managers above because it includes an additional safety feature for your Apple, Android, Windows, or Linux device: A master password.
Even if you've entered your account details before and enabled the browser to remember them, only the master password/key will grant you full access to your vault of passwords.
How Secure Is It?
Its encryption tool is widely regarded as a safe and reliable one.
What I appreciate most about this password manager, though, is it's open-source—this means that the information on how they use and store users' data is freely available online. (FYI, Chrome is open-source, but Safari and Internet Explorer are NOT open-source.)
How's that for extra security? Here's a video detailing the differences between open source and closed source.
Like Firefox, Opera requires a master key each time you want to unlock your vault of stored passwords.
Although this is an extra step compared to other operating systems' autofill functions, it's a lot better for your security overall.
How Secure Is It?
What's unique about Opera is it has a VPN option.
When using a Virtual Private Network, sensitive details like your location, browsing history, and any other user activity are hidden, so even people with more technical know-how won't be able to access this information.
This password manager is also compatible with most operating systems—iOS, Windows, and Android included—so you won't have trouble synchronizing your password and log-in credentials.
The only con? This password manager isn't the most advanced, so it's still prone to suffering from some security vulnerabilities.
Examples of Standalone Password Managers
What about the different options for stand-alone password managers?
The good thing about 1Password is you truly pay for great security.
How Secure Is It?
Besides having advanced encryption technology, 1Password offers multi-factor authentication (compatible with Windows Hello!), ‘Travel Mode' to hide your data while you're abroad, and dark web monitoring for password leaks.
For bigger households, 1Password even has a family account option, which can accommodate up to five users (but an unlimited number of devices!) and includes a parental control feature to prevent your kids from accidentally changing important passwords (or even your master password).
Dashlane offers a free version and a paid version of its app, but the free subscription can only store up to 50 passwords in its vault—that's not a lot if you have many accounts.
How Secure Is It?
I recommend the premium version so you can enjoy all of its features:
- Strength tests and generation tools for your passwords
- Dark web monitoring
- 1 GB of secure vault storage
- Military-grade encryption
- The option of universal two-factor authentication, which uses a USB as its key
However, note that while this option works with Windows, iOS, and Android, it is not compatible with the Linux operating system.
If you're looking for a free version of a password manager that still has adequate functionality, then LastPass is your best bet.
How Secure Is It?
You can safely store unlimited passwords, connect an unlimited number of devices, and even add one extra user without paying a cent to LastPass!
However, the premium version of LastPass is still much better (and safer!) because you'll be able to access biometric authentication, secure storage, and 24/7 tech support. LastPass also allows multiple users to use the account.
Unfortunately, LastPass is not compatible with the Linux operating system. If you're a Windows, iOS, or Android user, though, then you can definitely still use LastPass!
Need more space? Keeper offers up to 10GB of secure vault storage for all your personal information, files, and other confidential data.
How Secure Is It?
If you're worried about safety, know that it requires two-factor authentication, just like 1Password, Dashlane, and LastPass.
Besides entering your master password, you'll need to complete another type of authentication, such as Windows Hello.
The unique thing about Keeper, though, is it has encrypted chat functionality as well, so you can freely share confidential files, photos, and messages with your contacts using this service.
NordPass' VPN sister company is known for its great service, so it's no surprise that this password manager is also preferred by many users.
How Secure Is It?
Although this app is relatively new, it still boasts advanced technology, such as a zero-knowledge set-up, which ensures all personal data is encrypted before being uploaded to company servers.
Like LastPass and the other options above, it also supports multi-factor authentication to supplement the security of your master password, and it even offers a high-tech password generator that can personalize passwords according to webpages' requirements for the number/type of characters.
Password Security Tips
#1 – Use a Reputable and Trustworthy Password Manager
If you plan to use a password manager, make sure it's safe, secure, and reputable.
Browser-based and stand-alone password managers definitely have their own advantages and disadvantages, but I'd still recommend the latter if you're dealing with a lot of highly sensitive data.
Since commercial counterparts are solely focused on developing highly secure password management tools, they're more capable of dealing with cybercriminals, security vulnerabilities, and other threats that could expose your personal information.
Just make sure you choose a trustworthy brand that offers the features you need. Know these companies aren't immune to failure too, so always be cautious!
#2 – Choose and Store Your Master Password Carefully
Although a master password definitely adds a lot of security to your account, it can also become a single point of failure if, for some reason, it gets exposed.
Remember, the master password is the key to all of your other passwords and other highly confidential information.
Some password managers don't store your master password AT ALL to prevent this from happening, but this makes password recovery impossible if you forget it.
If this is a problem for you, consider companies like LastPass, which provide password reminder/reset tools in these situations.
When creating your master password, make sure it's a complex mix of characters, CAPS LOCK, symbols, and numbers.
The problem with using personal info as passwords is most hackers will instinctively use this when trying to hack your account.
Birthdays may be easy to remember, but it's also most likely the first thought that comes to mind, especially for veteran hackers.
#3 – Enable Two-Factor Authentication
To further amp up the security of your account, always enable two-factor authentication.
Most password managers provide this tool, but depending on the company, it could only work with biometric scanning, face recognition, or even just a simple passcode.
Ultimately, though, this feature is one of the best ways to ensure your personal information stays protected from cybercriminals and accidental leaks.
It might feel like a hassle at first, but trust me, it's worth it!
#4 – Be Wary of a Free Version of a Password Manager
There are tons of free password managers out there, but don't just download the first one you see!
Advanced technology takes time, effort, and money to develop, so most of the best (and most secure!) options typically require payment of some sort.
You can definitely try out free trials before committing (like what NordPass offers), but if you plan to use a password manager in the long term, then it's definitely a good idea to purchase the paid version. This is typically the safest and most convenient choice!
#5 – Find Out the Strength and Status of Your Existing Passwords
You should know by now that using the same password for multiple sites isn't a good idea. This also applies to weak passwords containing common words and no special characters.
With password managers, you can easily check the strength AND status of your existing passwords.
This means that they can browse through the dark web and find out if any of your personal information has been compromised.
Meanwhile, its generator tool will help you create strong and unique passwords for added security.
Frequently Asked Questions (FAQ)
Are Generated Passwords Better Than My Own Passwords?
Generally, generated passwords are safer because they're composed of random, complicated strings of letters and characters that are impossible to guess. Compare this to your own passwords, which are usually simple and memorable.
However, you should know that it's still possible for commercial software to get hacked.
Can My Password Manager Get Hacked?
Although there is a small chance of this occurring, it has happened before.
Companies like LastPass, Keeper, and Dashlane have discovered some security vulnerabilities in the past, but because all of the users' details were encrypted, there weren't any significant damages.
The probability that a hacker will gain access to your passwords is also very low if you've enabled multi-factor authentication like biometrics or Face ID.
What Happens If I Forget My Master Password?
If there's no reminder or reset function on the app, then it's impossible to recover it. That's why you should always make sure this is something you won't ever forget!
Is a Browser-Based Password Manager Better Than a Stand-Alone Password Manager?
Stand-alone types have more security features and functional add-ons for optimal protection, but browser-based ones can be more convenient for day-to-day browsing.
With that said, the best tool is the one that suits your needs the most.
In my opinion, though, if you're working with a lot of sensitive and confidential information, it's better to ditch the browser-based manager and invest in a quality stand-alone manager.
Now that you know the advantages and disadvantages of both password manager types, you can determine which is best for you in terms of its features, cost, convenience, and security.
Trust me, if you apply what you've learned in this guide, you'll become much better protected against cybercriminals. Ultimately, I hope that my tips above help you feel safer when browsing and sharing information online.