Guide to stronger passwords, Part 2 (password managers)

Tips & tricks
3 mins
Lock with gear symbols as password.

This is Part 2 of our stronger password series. For the other parts, click below:

Part 1 (Two-factor Authentication)
Part 3 (Diceware)

In Part 1 of our Guide to Stronger Passwords, we explained two-factor authentication and how it can significantly increase the security of your accounts.

In Part 2, we’ll talk about password managers and how they can simplify online security for you and your whole family.

What is a password manager?

A password manager is an app that helps you generate, store, and keep track of multiple passwords.

Password managers are useful because creating and remembering many passwords by yourself is both extremely difficult and ill-advised. Why is that? Well….

In general, passwords should be long and random, or else they can be easily guessed. But they must also be unique, otherwise one hacked account can compromise many others.

It’s easy enough to create one password that is long, random, and unique (for example, through Diceware or ExpressVPN’s Random Password Generator). But if, like most people, you have dozens of online accounts, you’ll need some kind of a system.

Many people use “secret systems” to generate unique passwords quickly, perhaps by combining a generic string of characters with the name or URL of the service they are using (such as “g1 m2 a3 i4 l5” for their Gmail account).

The problem with this method is that if one password is compromised in a targeted attack, it would be very easy for the attacker to work out all of your other passwords. Don’t forget that passwords are sometimes visible in plaintext to site administrators. If you use this method to sign up for a service run by a dishonest admin, they could easily use your password to decode your passwords on other services.

Password managers, meanwhile, generate unguessable passwords that have no logical relationship to each other. Even if an attacker were to compromise one of the passwords, they would not be able to deduce any pattern that would reveal any other passwords.

A password manager also removes the mental burden of memorizing multiple passwords, as they are all stored together in a vault that requires only one primary password (sometimes called a master password) to access. After you log in to your password manager with your primary password, you can autofill your other passwords into their respective websites and apps. With any luck, you won’t ever need to memorize another password again.

How does a password manager work?

Because a password manager stores all of your passwords together, security is paramount. That’s why good password managers work by protecting your stored passwords with strong encryption.

The best password managers use your primary password to generate the encryption keys to your password database, usually using a trusted encryption standard like AES-256. Only you know your primary password, therefore only you are able to decrypt your database and view your stored passwords. Because the password manager service itself doesn’t have the knowledge to decrypt your database, this is often called zero-knowledge encryption.

For convenience, most password managers also sync your password database across a range of devices, so you can access your accounts on your laptop, phone, tablet, etc. This means your encrypted passwords must be sent securely to and from the password manager’s servers, which is why the best password managers use end-to-end encryption to ensure your passwords can’t be stolen in transit.

Finally, for a password manager to really work, you (yes, you!) must keep your primary password especially secure. Be careful not to leave it on a sticky note where someone might find it, and don’t type it into your email or notes app in case that account is ever compromised. Better to keep it stored only in your head, or in a very secure physical location like a safe or locked file cabinet.

Good password management makes you more secure

A good password manager can go a long way toward keeping your online information secure. When combined with two-factor authentication, it’s the best possible security upgrade for your digital accounts.

Next, check out the final installment of our password series to learn how to create a rock-solid primary password with Diceware.

Phone protected by ExpressVPN.
Protect your online privacy and security

30-day money-back guarantee

Various devices protected.
Take the first step to protect yourself online. Try ExpressVPN risk-free.
What is a VPN?
Lexie is the blog's resident tech expert and gets excited about empowerment through technology, space travel, and pancakes with blueberries.