BlogDefence6TH OCT 2023
AuthorSamir Yawar
6 min read
Defence

Password Managers Explained

Twitter
Facebook
WhatsApp
Email
LinkedIn
A feature image about a blog explaining password managers

We live in interesting times. Life in the knowledge economy means having a bazillion accounts for email, shopping, social media, banking, gaming, and numerous other apps. Wouldn't it be nice to have one magic word to access them all? Thankfully, this is very much possible with password managers.

Coming up with strong passwords and remembering them is quite a head-scratching task. Protecting them is an equally frightening prospect. A Google poll found that 13% of the respondents are guilty of using one password for all their accounts.

Then there’s the dreaded password loop, which goes something like:

An animation of how the password loop works

Our attention spans are not what they used to be, you know?

But enough with the gloom and doom.

Today we will explain how these managers work behind the scenes to become the keeper of your secrets. And how they make life easier for you.

What is the purpose of password managers?

A password manager works by storing all your passwords securely, saving you the trouble of remembering them.

These managers solve a lot of other password problems for you. You will no longer have to worry about:

  • Creating and recalling unique, strong passwords

  • Syncing them across multiple devices and platforms

  • Relying on repetitive passwords that are easy pickings for criminals

The idea is - let's not make it too easy for cybercriminals to turn your digital life upside down.

Why do I need a password manager?

Believe it or not, these password management solutions can do more.

They can also:

  • Alert you if you are reusing the same password across multiple accounts

  • Defend yourself against phishing attacks by spotting fake websites before you enter your credentials on them

  • Notify you in case your password is part of the latest data breach on the internet

The most important thing? All it asks in return from you is to remember one master password to unlock the password vault inside the password manager. Which is what you, your parents, grandparents, friends, and coworkers want right?

The Anakin and Padme meme takes on master passwords and password manager habits.

These password management apps even automatically fill your login information based on the website or service you use. This saves you the hassle of remembering every single credential.

How do password managers work?

When reading up about the various password managers in the market, you will come across something like this:

Now let's take a look at the various kinds of password managers for your online accounts.

Types of Password Managers

There are three main types of password managers out there. Some are like secret diaries, others are like magical treasure chests, and some are like special keychains for your secret doors!

Offline Password Managers

Also known as locally installed password managers, they work by keeping your passwords stored inside an encrypted file on your computer or smartphone. These files can only be accessed by a specific app with the correct master password. It works just like the lock on your secret diary.

Why opt for offline password managers? They feature military-grade encryption (which takes a lot of time to break through brute-force attacks). And since the passwords are stored offline, nobody can discover them unless the device is seized.

Where do offline password managers fall short? Using them on multiple devices is a challenge since the passwords are not synced. However, if the device with the password vault goes online, you can sync them across multiple devices. Again, this runs counter to the purpose of an offline password manager, but the feature is available for those who prefer convenience.

Web-based Password Management Services

The creme de la creme of password managers, web-based password-storing services are all the rage. For good reason. Think of it as a magical treasure chest, hidden from the naked eye.

These services store your credentials on the cloud (the internet), meaning you can access everything from any device connected online. You also get to choose from a couple of service providers to store your passwords online.

No extra apps are required. For added convenience, cloud-based password managers come with a browser extension or app.

However, web-based password managers can fall apart if you have keylogger malware on your device. It can also be compromised without the use of multi-factor authentication.

Token-based Password Managers

Also called stateless password managers, they make use of a hardware component (like a special keychain) to grant access. Think of it as a USB drive or smart card that grants you access to specific resources. And guess what, this system does not rely on stored passwords at all.

To reiterate, token-based management systems do not rely on password vaults. This is because every time you use it to log in, a new password is generated. And since there is no set password, there is no need to synchronize your credentials across multiple devices.

Conclusion

Wouldn’t it be nice if there was a way to marry security with convenience? Secure password managers demand that you remember one master password, note it down and put it in a safe place. And do you know what most people usually do instead? Use the same password for 51% of their accounts.

Folks find it difficult to create multiple passwords and would rather that this process is simple. In that case, a password manager generates random, strong passwords for each of your accounts, frustrating a lot of cybercriminals who could otherwise use dictionary attacks, credential stuffing and more to break through your logins.

As part of cybersecurity awareness month, adopt a password manager, import your credentials, and carry out an audit of your accounts. Even better, pair it with a multifactor authentication method and opt for a cloud storage password manager that syncs across devices. You wouldn't need to worry about your personal data falling into the wrong hands.

Note: This blog is part of Pureversity's Cybersecurity Awareness Month 2023 coverage, aiming to empower you, your home, and your workplace with an improved cybersecurity posture.

Samir Yawar
Samir Yawar / Content Lead
Samir wants a world where people can instinctively whack online scams and feel accomplished without the need for psychic powers. As an ISC2 member, he is doing his bit to turn cybersecurity awareness training into a fun concept with simple, approachable and accessible content. Reach out to him at X @yawarsamir
FAQsFrequently Asked Questions
Using a password manager is pretty simple. First, you need to choose and install one on your device, like a computer or phone. Then, create a strong master password, like your superhero code. This master password is the only one you need to remember. When you visit a website or app, the password manager will fill in your username and password for you automatically, just like magic. It keeps all your other passwords safe and secure in a locked vault.
Yes, your passwords are very safe in a password manager. They use something called encryption, which is like a secret code that only you and the password manager can understand. It makes your passwords look like a jumble of letters and numbers to keep them hidden from bad guys. Plus, the encryption is super strong, often 256-bit, which means it's incredibly tough to crack.
Remembering your master password is crucial because it's the key to your password manager's vault. If you forget it, there's usually no way to recover your stored passwords. So, make sure you choose a master password that's both strong and memorable. Some people write it down and keep it in a very safe place, like a physical locked box, just in case. But be careful not to lose it, as it's the one key you can't replace!