This is Part 2 of our stronger password series. For the other parts, click below:
Part 1 (Two-factor Authentication)
Part 3 (Diceware)
In Part 1 of our Guide to Stronger Passwords, we explained two-factor authentication and how it can significantly increase the security of your accounts.
In Part 2, we’ll talk about password managers and how they can simplify online security for you and your whole family.
What is a password manager?
A password manager is an app that helps you generate, store, and keep track of multiple passwords.
Password managers are useful because creating and remembering many passwords by yourself is both extremely difficult and ill-advised. Why is that? Well….
In general, passwords should be long and random, or else they can be easily guessed. But they must also be unique, otherwise one hacked account can compromise many others.
It’s easy enough to create one password that is long, random, and unique (for example, through Diceware or ExpressVPN’s Random Password Generator). But if, like most people, you have dozens of online accounts, you’ll need some kind of a system.
Many people use “secret systems” to generate unique passwords quickly, perhaps by combining a generic string of characters with the name or URL of the service they are using (such as “g1 m2 a3 i4 l5” for their Gmail account).
The problem with this method is that if one password is compromised in a targeted attack, it would be very easy for the attacker to work out all of your other passwords. Don’t forget that passwords are sometimes visible in plaintext to site administrators. If you use this method to sign up for a service run by a dishonest admin, they could easily use your password to decode your passwords on other services.
Password managers, meanwhile, generate unguessable passwords that have no logical relationship to each other. Even if an attacker were to compromise one of the passwords, they would not be able to deduce any pattern that would reveal any other passwords.
A password manager also removes the mental burden of memorizing multiple passwords, as they are all stored together in a vault that requires only one primary password (sometimes called a master password) to access. After you log in to your password manager with your primary password, you can autofill your other passwords into their respective websites and apps. With any luck, you won’t ever need to memorize another password again.
How does a password manager work?
Because a password manager stores all of your passwords together, security is paramount. That’s why good password managers work by protecting your stored passwords with strong encryption.
The best password managers use your primary password to generate the encryption keys to your password database, usually using a trusted encryption standard like AES-256. Only you know your primary password, therefore only you are able to decrypt your database and view your stored passwords. Because the password manager service itself doesn’t have the knowledge to decrypt your database, this is often called zero-knowledge encryption.
For convenience, most password managers also sync your password database across a range of devices, so you can access your accounts on your laptop, phone, tablet, etc. This means your encrypted passwords must be sent securely to and from the password manager’s servers, which is why the best password managers use end-to-end encryption to ensure your passwords can’t be stolen in transit.
Finally, for a password manager to really work, you (yes, you!) must keep your primary password especially secure. Be careful not to leave it on a sticky note where someone might find it, and don’t type it into your email or notes app in case that account is ever compromised. Better to keep it stored only in your head, or in a very secure physical location like a safe or locked file cabinet.
Good password management makes you more secure
A good password manager can go a long way toward keeping your online information secure. When combined with two-factor authentication, it’s the best possible security upgrade for your digital accounts.
Next, check out the final installment of our password series to learn how to create a rock-solid primary password with Diceware.
Protect your online privacy and security
30-day money-back guarantee
Take the first step to protect yourself online. Try ExpressVPN risk-free.
What is a VPN?
Comments
How do I retrieve my password when I need it it’s locked in the manager?
Hi Dom, if you’re referring to ExpressVPN Keys, you can unlock your secure password vault using your primary password. Once it’s unlocked, you should be able to access all your saved passwords. Hope that helps! If you are still having problems, please contact support
I heard that some password manager keeps the user and password secrete but notes and other information may not be secure. Thus, if I put answers to the secure questions in notes, they are venerable to prying eyes. How safe is KeePass and KeePassX? what password managers are venerable to unsecure ‘notes’ etc.?
what if someone hack our password manager and get its password?
I mean, if you apply several passwords for your accounts by yourself, there will be less vulnerability. But if you have just one password which has access to all of your passwords, then you are vulnerable more.
+1 for BitWarden
There is Google password manager as well.
This really doesn’t help if someone is using TOR which is the recommended as best browser to use with ExpressVPN !
If you use TOR I’m not aware of any password manager that works with it.
And anything that is designed for Firefox would thwart the protections of TOR, thereby defeating the purpose.
This gap needs closure, either by ExpressVPN, TOR community or the Password Manager Vendors.
Thank you
Slaw
Pubg
I need help to change password
Hi Irene. Please contact our Support Team. They can help you.
I’ve always been leery of having all of my info stored in 1 place such as a password manager, or a Lifelock type of service.
How safe is it using a password manager?
Thank you!
Abonelik iptal edilmesin istiyorum yapmıyor lar
Too bad ExpressVPN don’t have an included password manager with their service.
It sure would help increase customer retention!
You realize LastPass suffered breaches that exposed many of their users data?
I use BitWarden. Open source and sync-able.
By the way, LastPass suffered a breach, in their browser extensions!
What about Bitwarden?
Thanks for the great article!
One thing I always wondered about password managers is: Isn’t it a main vulnerability, if your Laptop or your phone get hacked? I’m not a developer/coder/hacker, so I don’t know how difficult this may be. But if anyone hacks your PC and gets access to your browser where e.g. Last Pass is still running, because your computer was only in sleep mode, he has access to all your accounts, websites, social media, mail, bank.
Is that an unnecessary concern?
Hi Christoph,
Having your laptop hacked (e.g. someone obtaining full access to the machine) is one of the worst scenarios that can happen, and in this case it would be possible to install all sorts of keyloggers and spyware that snatch more than just passwords.
Password managers do come against protection against somebody getting temporary access to your screen, for example because the laptop is left unlocked in a coffee shop. There is usually a master password set that you have to enter to unlock the password manager. The password manager should then automatically lock after some time of inactivity, and it’s important to not leave it unlocked while leaving the computer unattended.
Lexie
vivov5
cara carding vpn paypal
Having problems with the payment? We can help you instantly via Live Chat here https://www.expressvpn.com/support