What Is a Password Manager, and How Does it Work?

Written by

We all know that ‘Password1234’ is the worst possible password for any login. Still, when every website, app, game, social media requires a ‘unique and strong’ password – most of us still re-use the same insecure password across our accounts.

Password Managers were developed for this reason. Think of it as the more secure and convenient way of writing all your passwords down in a notebook.

Password managers create and store as many passwords as each program allows. ‘Password12345’ will be a thing of the past when using a password manager that can generate random and strong passwords for every login you have.

weak passwords

Password managers can also autofill login details saved to the program, so filling in each password for Facebook, work servers, and apps is no longer necessary. 

How Does Password Managers Work? 

What Is a Password Manager, and How Does it Work?

Password managers encrypt your data (passwords) and lock them behind a master password (master key) 

When data is encrypted, it is changed into a code so that only those with the right ‘key’ can decrypt and read it. This means that if someone ever tried to steal your passwords from your password manager, they would steal unreadable information. 

Encryption is one of the main safety features of password managers and is why they are so safe to use.

Keeping your passwords in a notebook was dangerous because anyone could read the information, but encrypting password managers have ensured that only you can read your passwords and logins. 

With one click, they autofill your login details.

New research estimates that every person has at least 70-80 passwords for all their work and personal activity.

The fact that password managers can autofill all these unique passwords is a game-changer! 

Now, throughout your day, you can log on much faster to Amazon, emails, work servers, and all the 70-80 accounts you access daily. 

You don’t realize how much time you spend filling in these passwords until you don’t have to anymore.

Password generation

We’ve all been there – looking at the screen of a new website, trying to create a password that we can remember that is also ‘strong’ and has eight characters and has a number and a symbol and a… 

strong passwords

It’s not easy! 

But with password managers that generate passwords designed to be incredibly strong and un-hack-able, we no longer have to spend hours creating passwords that we ultimately forget anyway. 

User-friendly interface – when applications are easy to use and pleasant to look at, we feel more secure and comfortable using them. 

The purpose of this application is to make your most intimate details secure – so you want the interface to make you feel safe too.

Password managers work in the background – this means they are always waiting to be used on whatever sites for which you’ll need passwords.

Then when you get to the login page of whatever site you’re on, the manager will pop up and offer to fill in your needed password. Logging in takes even less time because you do not have to manually open up the password manager application to access your passwords.

It stores all your passwords until you need them.

Giving an application every password can be scary. What if your password is stolen??

BUT the real risk is weak and overused passwords. That is the reason for most hacked and stolen information. 

Because once a hacker has your login ‘Password12345’ that opens your Facebook, they can try and open other sites where you’ve used this password. They could access every app, site, and server if you’ve overused this unsafe password.

Password Managers generate stronger and unique passwords, and then they help you autofill them into the many platforms you use daily. That makes your online information much more secure with much less remembering needed. 

Benefits of Password Managers

Okay, we know how password managers work, but how will they benefit you?

Stronger passwords

As we mentioned earlier, we’re all pretty terrible at making strong passwords because we’re also trying to make them memorable.

But a password manager doesn’t have that problem, so they make complex and Fort Knox-worthy passwords.

And as we mentioned earlier, you need around 70-80 passwords; having a password manager generate random passwords for all those accounts will save you so much brainpower and time. 

No longer having to remember passwords. 

You never realize how much of a burden it is to remember everything until you don’t have to!

Time saved! 

Auto Filling passwords and info in forms or logins can take a lot of time throughout the day. All of it compounds, and you could spend about 10 minutes every day just typing in passwords and details for every platform.

Now you can spend those 10 minutes doing something more fun or more productive!

Alert you to phishing sites and other safety risks

We’ve all been there. You receive a weird email that tells you to urgently check your account because something has been happening to other users. You click the email link, and damn it! It’s a bogus site.

Password managers link your passwords with the proper sites, so when a phishing site poses as the real site in an attempt to steal your credentials – password managers won’t autofill your details because they don’t link your real password to the fake site. 

Again, password managers help make your life safer and easier.

Digital inheritance 

After a death, password managers allow loved ones access to credentials and information saved in the application. 

While it’s a sorrowful thought, it is a helpful feature for family members. Giving loved ones this access enables people to close social media accounts and tend to other cyberspace matters of their deceased loved ones. 

Digital inheritance is vital to those with extensive online presence, especially with cryptocurrency and other online-based assets. 

Inheritance of passwords can be done without cutting any red tape or delay matters because of other companies’ policies. Family members can have immediate access to the passwords and accounts from the password managers.

This Forbes article gives more information on the importance of safeguarding and planning for your digital inheritors.

Syncing across different devices and operating systems

Password managers are compatible with multiple devices and operating systems = seamless activity on all platforms. 

You can go from working on your Ipad’s Adobe Procreate to your Windows laptop that needs to import and photoshop projects, with your password manager granting quick access to all the Adobe apps across devices.

This feature allows simultaneous access to all your information. Once again, this saves time and makes your life so much easier.

It protects your identity

As mentioned earlier, most successful hacks happen when the same password allows hackers into multiple sites and security breaches.

But password managers help generate multiple unique passwords that separate all your data, so one hacked account doesn’t mean the hacker can steal your entire digital identity. 

Keeping your data separate is a great added layer of security and peace of mind and ensures protection against identity theft

Types of Password Managers 

Now that we know what a password manager does, let’s see which types there are

Desktop-based

  • All your passwords are stored on a single device. 
  • You cannot access the passwords from any other device – what passwords are on your laptop cannot be accessed on your cell phone. 
  • If the device is stolen or broken, then you lose all your passwords.
  • This is great for people who don’t want all their information stored on a cloud or network that someone else might access.
  • This type of password manager also weighs convenience and security for some users – because there’s only a single vault on a device.
  • Theoretically, you could have multiple vaults on different devices and spread your information across the appropriate devices that would need those passwords. 

E.g., your tablet could have your Kindle, Procreate, and online shopping passwords, but your laptop has your work logins and banking details.

  • Examples of Desktop Based managers – Free versions of Keeper and RoboForm

Cloud-Based

  • These password managers store your passwords on the network of your service provider. 
  • This means your service provider is responsible for the safety of all your information.
  • You can access any of your passwords on any device as long as you have an internet connection.
  • These password managers come in different forms – browser extensions, desktop app, or mobile apps.

Single Sign-On (SSO)

  • Unlike other password managers, SSO’s allow you to have ONE password for every application or account.
  • This password becomes your digital ‘passport’ – in the same way, countries vouch for citizens to travel with ease and authority, SSO’s have security and authority across digital borders.
  • These password managers are common in the workplace because they minimize employees’ time taken to log in to different accounts and platforms.
  • An SSO password also reduces the IT department’s time spent troubleshooting technology and resetting forgotten passwords of each employee.
  • Examples of SSO password managers – Keeper

Password Managers Pros and Cons

It is possible to obtain passwords despite encryption and firewalls.

This happens for several reasons, but mostly password managers use a master password or passphrase that creates the key to create the user’s encryption.

If a hacker decodes this key phrase, they could decrypt all the user’s vault passwords. 

Master keys or master passwords also pose a risk to hacking from key-loggers.

 If a keylogging malware is watching a user’s keystrokes and they track the master key for the password manager, all the passwords in the vault are at risk. 

But most password managers have two-factor authentication (OTP and email verifications on separate devices), which lowers the risk.

Generated passwords can be predictable.

This happens when a password manager has a generator that creates weaker passwords through a random number generation

Hackers have ways of predicting number-generated passwords, so it’s best if password managers use cryptographically generated passwords instead of numbers. This makes it harder to ‘guess’ your passwords.

Browser-based risks 

Some browser-based password managers can allow users to share their credentials with others over the internet, which poses a significant security risk.

Because the internet is never a safe location to share private information, this is a feature that password managers have been criticized over.

In hindsight, it’s convenient to share logins for some work accounts and platforms like Netflix – because everyone needs/wants to use these accounts. But this is a danger to consider. 

Now you know everything about password managers, let’s explore what more advanced features password managers can provide:

  • Account recovery – Should you be on another device or somehow be locked out of your account, password managers can recover your details and log in
  • Two-factor authentication – Most managers require two-factor authentication when logging in details, this means you’ll use your email and OTP sent to another device to login
  • Password auditing – Password managers check through your passwords for weaknesses and vulnerabilities, making each login you have more secure from hackers
  • Biometric logins – More advanced password managers will use your devices fingerprint or FaceID technology to further protect your accounts and passwords
  • Syncing across multiple devices – This feature allows you to save password to the manager’s vault and access all your login information on all your devices. Going from online banking on your laptop to shopping on your phone to gaming on your PC – you can always be connected to your passwords and autofilling functions
  • Compatible software with IOS, Android, Windows, MacOS – Because password managers often sync across devices they need to be compatible with different operating systems to ensure you have constant and consistent access to all your information
  • Unlimited VPN – A great added bonus to password managers, VPN’s help disguise and protect your online presence, which means further protection of all your accounts and credentials
  • Autofill passwords – As we’ve already discussed, a manger’s crowning glory is the autofilling function that will save you so much time
  • Protected password sharing – For coworkers and families that share the same account for business applications or recreational profiles like Netflix. Password sharing is now for more secure using a password manager that encrypts you information while sharing it
  • Encrypted file storage – For many, their work is confidential and needs to be stored as such. Password managers have the ability to encrypt all your work so only you are able to read it if it’s ever opened by someone else.
  • Dark web monitoring – Password managers search the dark web for your information and make sure it’s not being traded or decrypted by hackers and bad actors. Norton explains this function well click here to learn more
  • ‘Travel mode’ allows access on other devices – Some password managers are installed locally onto only one or two devices, but ‘travel mode’ allows access to an authorized device you have access to on travels
  • Secure shared team folders and storage – Similar to sharing login details with a trusted few, file sharing with a password manager protects your work while sharing it.
  • Data sync with cloud storage accounts and on multiple devices – Just like syncing your Google docs or Apple storage, password managers use cloud storage to make your logins and information more accessible to you from multiple devices
  • Scans for data leaks – Similar to Dark Web monitoring, password managers are constantly searching for leaks in their security. Should your data ever leak onto the web, it will be encrypted and your password managers can alert you to the leak.

Password managers charge varying subscription fees, for as little as $1 a month or as much as $35 a month. Most managers have yearly subscription fees, however, so you’ll need to pay upfront for a year’s service. 

What are some of the best password managers? My recommendations include LastPass1PasswordDashlane, and Bitwarden. Most major web browsers like Google also have built-in password managers (but I don't recommend them).

Reference links

https://www.malwarebytes.com/what-is-password-manager

https://en.wikipedia.org/wiki/Password_manager

https://www.wired.com/story/best-password-managers/

https://authy.com/what-is-2fa/

Join our newsletter

Subscribe to our weekly roundup newsletter and get the latest industry news & trends

By clicking 'subscribe" you agree to our terms of use and privacy policy.