Are password managers safe to use in 2024? Security is a concern whenever you’re dealing with sensitive data, especially when all of that data is going to one place, with one company. Sure, you could go crazy and split your passwords among different password manager apps or just write them all down by hand…but there is a better way. You can have confidence that password managers are safe, and this is how.
- No single piece of security software is completely foolproof, including password managers, but they’re still better than not using one.
- Password managers force you to create stronger, unique passwords and use 2-factor authentication, improving your overall security.
- A few password managers, like LastPass and OneLogin, have been hacked before, exposing user data.
- With proper precautions like 2FA, a strong master password, and the double-blind method, password managers are generally secure for most people.
As we become more digitally engaged, we all have a ton of passwords to remember.
And since it’s almost impossible to follow all the best practices for passwords, people have started utilizing good password manager apps to secure themselves.
Many password managers act as your digital gatekeepers. They are convenient little apps that help you get rid of weak passwords and then securely store them in an encrypted vault for you to use.
But isn’t that just putting all your eggs in one basket?
If one app stores all your important passwords, what if that app gets hacked? How can you trust the company?
These are valid concerns. So how can we confidently answer the question: Are password managers secure?
Let’s take a look.
Note: Some of the links in this article are affiliate links, which means that at no extra cost to you, I may be compensated if you choose to use one of the services listed.
Fact: No Security Measure is Foolproof
Let me be blunt: if you’re relying on a single piece of software or a single strategy to secure yourself online, you’re setting yourself up to be disappointed and possibly hacked.
No single security software is foolproof…and that includes safe password managers.
No single security software is foolproof.
But as security researcher Troy Hunt has noted, “Password managers don’t have to be perfect, they just have to be better than not having one“.
If you visit a construction site, you’re advised to wear a safety helmet. It won’t protect you from ALL accidents but it is still better than not wearing a safety helmet at all.
There are still hundreds of thousands of people online who secure their accounts with the word “password” as their password. Having a strong password, even if you’re using software that could potentially be exploited, is still better than nothing.
Password Managers Can and Have Been Hacked
A couple of years back, a security report by independent consulting firm ISE disclosed flaws in the security of a password manager app.
All the password manager apps studied by the researchers have the same basic functionality. They are meant to:
- Create strong passwords using the inbuilt password generator;
- Store all your passwords (often in the cloud in the case of cloud based password managers);
- Lock the passwords behind a vault that can only be opened by a master password; and
- Auto-complete online forms.
The report evaluated the working of Dashlane, 1Password, LastPass, and KeePass on Windows 10. The findings suggest that some passwords were left exposed even when the password manager safe vault was in locked mode.
In some cases, even the master password stayed in the computer’s memory – and that too in plaintext format.
The master password is the key to the password vault, which means if it’s hacked, all passwords are stolen.
Unfortunately, these haven’t been isolated incidents. Consider the following:
- In 2015, LastPass faced an attack that exposed email addresses and security information of users.
- In 2017, OneLogin was attacked and customer data was leaked. The user data stored in their US data centers was affected.
- That same year, a vulnerability in the Keeper browser plugin was exposed. This vulnerability allowed hackers to steal any password from the vault. Keeper sued the reporter for publishing the report. While they fixed the bug later before it affected any customer, the move of suing the reporter did not do good to their reputation.
- In 2022, LastPass was hacked (again) and had a lot of unencrypted meta data on their customers as well as stolen vaults.
I’m not going to sugarcoat it…
…this looks bad.
And it looks bad because when it comes to the question of “Are password managers safe”…it is bad.
But as I’ve mentioned earlier, the fact that password managers aren’t perfect is not a reason to stop using them altogether.
You Should Still Use a Manager App…Here’s Why
Even though time has exposed security flaws in some password managers, using them is often better than not using them. The same goes for most security technologies.
It’s good to ask are password managers safe, but it’s also good to understand their advantages.
Password Managers do several things to improve your secure password etiquette. For example, they:
- Force you to create new passwords: Instead of reusing all your old passwords, you have to create new ones. All good password manager users get alerts when they’ve used the same password too many times.
- Force you to create stronger passwords: This means long passwords (12+ characters) that include letters, numbers, symbols, etc. Usually, we don’t do this on our own and you can check your current passwords to see how strong they are.
- Remind you to use 2-factor authentication: Good password manager apps can tell you which online logins offer 2-factor authentication (2FA) and give gentle reminders to make use of the 2FA feature.
These reasons alone are often worth the price of a secure password manager (even though you can do them all for free). Plus, such software also allows you to take advantage of these advanced password manager tips
However, there is one method I use that allows me to use a password manager app with complete confidence. It’s one of my favorite security hacks that I’d like to share with you.
Still Having Trust Issues? Try This Hack
What I’m about to share with you is a hack known as the double-blind password method. You’ll find more details in that link, but I’ll quickly walk through it here.
Trust me – it’s worth sticking around and reading this, especially if you’re still uneasy about putting all of your passwords in a password manager app.
But first, as with any life hack, it only works if you’re already covered in the basics. What I mean is this:
- You’re already using a password manager: I use and have already published a review of 1Password, which has been my favorite among many browser based password managers. They offer a 14-day free trial, so you can try them risk-free yourself avoiding the uncertainty associated with unreliable free password managers.
- You already use 2-factor authentication: This is a no-brainer, but it bears repeating. If your password manager offers 2FA, use it. If any important online login (i.e. bank, social media, online accounts, etc.) offers 2FA, use it.
- You already have a strong master password: Please don’t negate the power of a password manager by securing it with a dumb master password. If you need help, take a cue from my strategies for creating a super-secure password.
Ok, with that out of the way, here’s an explanation of the double-blind password strategy:
I’m going to use my bank as an example. When I set up the password for my online banking, I asked my password manager to create a complex password that was 12 digits long.
I copied that into the password creation box but I didn’t stop there. I added 4 more characters (my “unique key”) that only I know to the end of the password, making it a total of 16 digits long.
Password Manager (12 characters) + Personal Touch (4 characters) = True Password (16 characters)
Hopefully, I haven’t lost you here.
What I’m doing is adding a personal password that only I know to the end of the password my manager app gave me.
In the end, when I log in to my account I ask my password manager to auto-fill the stored password and then I add my 4 characters to the end.
Here’s why this strategy works:
In the end, I get the benefits of a password manager app as well as the confidence that I’m really secure. It doesn’t matter if you’re using Dashlane or 1Password or any other password manager, it works either way.
This takes a little time to implement, but if you’re truly worried about the security of your password manager, this hack is the way to go.
Be sure to subscribe to the All Things Secured YouTube channel!
Final Thoughts | Are Password Managers Safe?
Overall, I recommend using a password manager such as 1Password, even if you question are password managers safe.
For most people, it’s a huge improvement over their current password strategy and forces them to think harder about how they secure themselves online.
Are password manager providers hack-proof?
Are most password managers safe in 2024?
The answer is invariably YES.
Better yet, if you use 2-factor Authentication on top of the double-blind password strategy I shared with you above, you’ll set yourself up to be more secure than probably 95% of the online population right now.
Trust me – hackers would rather grab the low-hanging fruit than to deal with someone like you.