Are password managers safe to use in 2020? Security is a concern whenever you’re dealing with sensitive data, especially when all of that data is going to one place, with one company. Sure, you could go crazy and split your passwords among different password manager apps or just write them all down by hand…but there is a better way. You can have confidence that password managers are safe, and this is how.
As we become more digitally engaged, we all have a ton of passwords to remember.
And since it’s almost impossible to follow all the best practices for passwords, people have started utilizing good password managers apps to secure themselves..
Password managers are your digital gatekeepers. They are convenient little apps that help you create stronger passwords and then securely store them for you to use.
But isn’t that just putting all your eggs in one basket?
If one app stores all your important passwords, what if that app gets hacked? How can you trust the company?
These are valid concerns. So how can we confidently answer the question Are password managers safe?
Let’s take a look.
Note: Some of the links in this article are affiliate links, which means that at no extra cost to you, I may be compensated if you choose to use one of the services listed.
Fact: No Security Measure is Foolproof
Let me be blunt: if you’re relying on a single piece of software or a single strategy to secure yourself online, you’re setting yourself up to be disappointed and possibly hacked.
No single security software is foolproof…and that includes safe password managers.
No single security software is foolproof.
But as security researcher Troy Hunt has noted, “Password managers don’t have to be perfect, they just have to be better than not having one“.
If you visit a construction site, you’re advised to wear a safety helmet. It won’t protect you from ALL accidents but it is still better than not wearing a safety helmet at all.
There are still hundreds of thousands of people online who secure their accounts with the word “password” as their password. Having a strong password, even if you’re using software that could potentially be exploited, is still better than nothing.
Password Managers Can and Have Been Hacked
In February of last year, a security report by independent consulting firm ISE disclosed flaws in the security of a password manager app.
All the password manager apps studied by the researchers have the same basic functionality. They are meant to:
- Help create strong passwords;
- Store those passwords (often in the cloud on their servers);
- Lock the passwords behind a vault that can only be opened by a master password; and
- Auto-complete online forms.
The report evaluated the working of Dashlane, 1Password, LastPass, and KeePass on Windows 10. The findings suggest that some passwords were left exposed even when the password manager safe vault was in the locked mode.
In some cases, even the master password stayed in the computer’s memory – and that too in plaintext format.
The master password is the key to the password vault, which means if it’s hacked, all passwords are stolen.
Unfortunately, these haven’t been isolated incidents. Consider the following:
- In 2015, LastPass faced an attack that exposed email addresses and security information of users.
- In 2017, OneLogin was attacked and customer data was leaked. The user data stored in their US data centers was affected.
- That same year, a vulnerability in the Keeper browser plugin was exposed. This vulnerability allowed hackers to steal any password from the vault. Keeper sued the reporter for publishing the report. While they fixed the bug later before it affected any customer, the move of suing the reporter did not do good to their reputation.
I’m not going to sugarcoat it…
…this looks bad.
And it looks bad because when it comes to the question of “are password managers safe”…it is bad.
But as I’ve mentioned earlier, the fact that password managers aren’t perfect is not a reason to stop using them altogether.
You Should Still Use a Manager App…Here’s Why
Even though time has exposed security flaws in some password managers, using them is often better than not using them. The same goes for most security technologies.
It’s good to ask are password managers safe, but it’s also good to understand their advantages.
Password Managers do a number of things to improve your secure password etiquette. For example, they:
- Force you to create new passwords: Instead of reusing all your old passwords, you have to create new ones. Any good password manager app will alert you if you’ve used the same password too many times.
- Force you to create stronger passwords: This means long passwords (12+ characters) that includes letters, numbers, symbols, etc. Usually, we don’t do this on our own and you can check your current passwords to see how strong they really are.
- Remind you to use 2-factor authentication: Good password manager apps can tell you which online logins offer 2-factor authentication (2FA) and give gentle reminders to make use of the 2FA feature.
These reasons alone are often worth the price of a password manager (even though you can do them all for free).
However, there is one method I use that allows me to use my password manager app with complete confidence. It’s one of my favorite security hacks that I’d like to share with you.
Ultimate Password Manager Hack: Double Blind Passwords
What I’m about to share with you is a hack known as the double-blind password hack. You’ll find more detail in that link, but I’ll quickly walk through it here.
Trust me – it’s worth sticking around and reading this, especially if you’ve been asking yourself, Are password managers safe?
But first, as with any life hack, it only works if you’re already covered on the basics. What I mean is this:
- You’re already using a good password manager: I use and have already published a review of 1Password, which has been my favorite among many. They offer a 30-day money back guarantee, so you can try them risk-free yourself.
- You already use 2-factor authentication: This is a no-brainer, but it bears repeating. If your password manager offers 2FA, use it. If any important online login (i.e. bank, social media, investment accounts, etc.) offers 2FA, use it.
- You already have a strong master password: Please don’t negate the power of a password manager by securing it with a dumb master password. If you need help, take a cue from my strategies for creating a super-secure password.
Ok, with that out of the way, here’s an explanation of the double-blind password strategy:
I’m going to use my bank as an example. When I set up the password for my online banking, I asked my password manager to create a complex password that was 12 digits long.
I copied that into the password creation box but I didn’t stop there. I added 4 more characters (my “unique key”) that only I know to the end of the password, making it a total of 16 digits long.
Password Manager (12 characters) + Personal Touch (4 characters) = True Password (16 characters)
Hopefully I haven’t lost you here.
Basically, what I’m doing is adding a personal password that only I know to the end of the password my manager app gave me.
In the end, when I log in to my account I ask my password manager to auto-fill the stored password and then I add my 4 characters to the end.
Here’s why this strategy works:
In the end, I get the benefits of a password manager app as well as the confidence that I’m really secure. It doesn’t matter if you’re using Dashlane or 1Password or any other password manager, it works either way.
This takes a little time to implement, but if you’re truly worried about the security of your password manager, this hack is the way to go.
Be sure to subscribe to the All Things Secured YouTube channel!
Final Thoughts | Are Password Managers Safe?
Overall, I recommend using a password manager such as 1Password, even if you question are password managers safe.
For most people, it’s a huge improvement over their current password strategy and forces them to think harder about how they secure themselves online.
Are password managers hack-proof?
Are password managers safe?
The answer is invariably yes.
Better yet, if you use 2-Factor Authentication on top of the double blind password strategy I shared with you above, you’ll set yourself up to be more secure than probably 95% of the online population right now.
Trust me – hackers would rather grab the low-hanging fruit than to deal with someone like you.
What do you think? Are password managers safe to use? Would you still use a password manager after hearing about the potential security flaws?