A Skeptic’s Guide to Password Managers and Security

You’ve probably seen a free password manager app advertised on tech blogs and magazines, security forums, digital ads, etc. and immediately thought:

“That’s a goldmine for hackers!”

“Is this thing really safe and secure?”

“Why would I put all my passwords in a third-party app?”

I hear you! You have every right to learn exactly why you can trust any app that asks to store your passwords and private personal information. Let’s take some time to address your concerns about password managers.

For those who have absolutely no idea what a password manager is, how it works, or worry that the government is looking for a way to spy on you, I wrote this blog post just for you!

Let’s get right to it!

“I’m worried about what happens to my saved passwords.”

A password manager app is intrinsically designed to help you store, organize, and encrypt passwords for online accounts on several devices. It’s a better and safer alternative to reusing the same two or three passwords.

Generally, most password managers work the same way. During setup, you’ll be required to generate a strong master password, and then add your credentials to the password manager, either manually or through the password manager’s automatic tool that can find and upload credentials for you.

However, all password managers secure your passwords somewhat differently. A web-based password manager keeps your passwords encrypted in secure databases in the cloud. Some are built into your favorite web browsers, like Safari, Chrome, and Firefox. Others may store your passwords locally in an encrypted file on your computer, tablet, or phone. In order for anyone–including the government or a malicious hacker–to access your account, they’ll need to possess your strong Master Password in order to decrypt the password manager’s database.

While there are pros and cons to each method, it is important to note that the security of your password also heavily relies on using a strong Master Password and protecting them from being stolen.

“If I store all of my passwords in the same place, I’m just asking to be hacked!”

Many of us were taught at a young age to never put all your eggs in one basket. It’s great advice, but as our CEO, Emmanuel Schalit, put it: “Sometimes, it’s better to put all your eggs in the same basket if that basket is more secure than the one you would be able to build on your own.”

Password managers are very similar to a bank. You trust your bank to store, manage, and protect your hard-earned money, instead of carrying thousands of dollars in a gym bag everywhere you go. Instead of writing your passwords on sticky notes or reusing the same password for all of your accounts, password managers provide a safe place for you to store, manage, and protect your passwords and other private information.

If you’re still not convinced, you can also decide where you would like your data to be stored. If you’re unsure about the security of ” the Cloud”, most password managers have the option of storing your encrypted data locally on your phone, tablet, or computer.

Although I cannot speak for every password manager’s security architecture, at Dashlane, we added an extra security feature that ensures that your Master Password isn’t stored anywhere on our servers, meaning that the bad guys won’t be able to access the information encrypted and stored in your password database.

You can read more about how Dashlane’s U.S. patented security architecture protects your passwords and data.

“My computer/phone has encryption anyway.”

One argument made by several Internet users is that there’s no need to purchase a third-party password manager when they have Safari iCloud Keychain, Google Chrome Smart Lock, or device encryption.

However, third-party password managers have some very distinct advantages.

1. They’re cross-platform, which means that you can sync your passwords and other saved data on Android, Apple, and Windows devices. Third-party password managers also have the ability to integrate with various mobile apps and log you in with the credentials saved in your password manager.  

2. Third-party password managers usually work with the most popular browsers, including Firefox, Safari, Chrome, and Internet Explorer.

3. Want to add an additional layer of security over your passwords and data? The most advanced password manager apps allow you to enable two-factor authentication.

4. Password managers can store all kinds of data, including IDs, credit cards, financial documents, software licenses, Wi-Fi passwords, more. Some even allow you to securely add and sync documents and pictures.  

When it comes to flexibility and convenience across multiple devices, third-party password managers are your best bet.

“It’s too expensive for me.”

Pricing definitely plays a part in deciding if a password manager is a worthy investment, but you shouldn’t let a price tag get in the way of your security. First of all, there are inherent costs to creating the most user-friendly, secure password manager in the industry: costs for development, marketing, maintenance, customer support, testing, etc. At Dashlane, we do our best to offset these costs to bring you better, improved versions of our password manager.

Secondly, a monthly or annual fee is a small price to pay in protecting your digital identity. In 2014, the United States Department of Justice’s Bureau of Justice Statistics (BJS) announced that an estimated 17.6 million people over the age of 16 had their private information stolen at least once. The BJS also found that identity theft cost Americans $24.7 billion in 2012. That same year, the people who reported a direct financial loss as a victim who experienced the misuse of their personal information reported an average loss of $9,650. That’s the equivalent of paying for over 240 years of Dashlane Premium!

Finally, password managers often have really robust free versions so that everyone, regardless of their financial constraints, can take control over their digital identity.

“It’s way too complicated.”

If you’re not the most tech savvy, that’s completely okay! A few password managers, including Dashlane, were designed to be secure and very user-friendly.

If you ever need help setting up your password manager, many password managers have a dedicated, responsible Support team and Help Center there to answer your questions, even the most technical ones.

“How do I know that I’ll have complete control over my passwords?”

Let me reassure you: you have complete control over your data and passwords in a password manager. Everything stored within your password manager is completely encrypted in an indecipherable string of random letters, numbers, and symbols.

More specifically, most password managers don’t store or have any access to your Master Password or any of the contents of your password database. You can export your data at any time, for any reason. They’ll also never deny you access to your passwords unless you lock yourself out by forgetting your Master Password. They mainly provide you with a safe place to put them until you need them.

“I don’t trust the Cloud with my security.”

The “Cloud”—a network of servers that allow you to store and access data—can seem scary, but several password managers host on secure servers where your information remains encrypted at all times. At Dashlane, we proudly host on Amazon Web Services, the most respected and secure server in the industry, that also has its own 24/7/365 security monitoring service. But again, if the Cloud is not your thing, you can choose to keep your data encrypted locally on your device.

Also, specifically with Dashlane, any hash or derivative of your Master Password is never, ever stored anywhere on our servers!

“What’ll happen if a website gets hacked?”

Let’s say you’ve made an account on an e-commerce website, and that site’s database was compromised. Password managers have unique tools that can help before and after your information is compromised. Some offer a built-in Password Generator feature that will allow you to create strong, randomized passwords for each of your accounts. Others also have password auditing software that can determine if a password is weak, overused, old, or vulnerable. Have several unsafe passwords that need to be changed? Dashlane has both, plus an exclusive Password Changer feature, which allows users to change a compromised password with a single click!

By using a password manager, you’ll be more equipped to prevent a hacker from misusing your password and private information.

I’ve hit on a lot of frequently asked questions and concerns about password managers, and hopefully, you’ll be a little less skeptical about trying one for yourself. If you have any more questions, comments, and concerns about using password managers, and I’ll be more than happy to try my best to answer them in the comments section below!