Contact us
Within the U.S.
1-855-756-4738
Outside the U.S.
1-303-737-7249
TDD/TTY
1-800-766-4952
Do I really need a password manager?
It may make sense for you to use a password manager. Password reuse is one of the easiest ways for a criminal to access your accounts. Giant breaches at PayPal, T-Mobile, Mailchimp, and Twitter have already happened in 2023.
These breaches are prime examples of why you should not reuse passwords.
If you use the same password across multiple websites, an attacker that steals your password in one data breach (or finds it on the dark web) can then use it across any account that uses the same login credentials.
Many of these breaches are reported to be credential-stuffing attacks, in which the attacker leverages passwords and other data exposed in prior incidents involving other services. Once your password is part of a breach, hackers try it on different sites and services to try to unlock more accounts using a credential-stuffing attack.
So, one way to not reuse passwords is by using a password manager. Password managers store your login information for all the websites you use and help you log in to sites automatically. They encrypt your password database with a master password, which is the only password you have to remember. Some password managers add an extra layer of protection by adding a secret key, which is a 128-bit, machine-generated code that is mathematically infeasible to crack. Check out popular password managers like Bitwarden, 1Password, or KeePass. (We do not recommend browser-based password managers like those included in Chrome, Firefox, or Safari, since your passwords may not be encrypted.)
Good password habits are like any good habit; easier said than done. More apps, more accounts, and more passwords create more opportunities for theft. Meanwhile, human nature stays the same: “123456” is the most-used password in the world. Password fatigue is real, but don't let it stop you from making some small changes to protect your accounts, your wallet, and your identity.
Once you've got your passwords loaded into your password manager, you're good to go. As long as you're logged in to your password manager, it will offer to fill in your login information as you visit the websites and services you use online. It will also offer to save new, secure login credentials on new accounts you create ― ultimately saving you from putting your online security in peril.
FAQs:
How much do password mangers cost? Some are free, and others have personal, family, team, and business plans starting at $3 a month. That's some inexpensive peace of mind versus the amount of time it takes to try to fix identity theft.
How do password mangers work? A password manager is an app on your phone, tablet, and/or computer that stores your passwords so you don't need to remember them. Once you've logged in to the password manager using a “master” password, it will generate and remember your passwords for all your online accounts.
Are password managers easily hacked? Not all password managers are created equal. Look for a password manger that, in addition to your main password, uses a secret key, which is never stored on their servers, only on your device. Password managers have been hacked, as in the recent case involving LastPass.
What are the best password managers? Empower does not endorse any password manager specifically, but CNET.com does a great job of writing up their favorites on an annual basis.
Will passwords managers work across all my devices, operating systems, and browsers? It's good to check! Both Bitwarden and 1Password have native cross-platform compatibility.
Here are six easy things to do today:
- Stop reusing passwords − Reusing passwords across accounts makes all of them less safe. For instance, if you use the same password for your video streaming service and your bank, a data breach at your streaming service could put your bank account at risk.
- Make your passwords difficult to guess − Passwords shouldn't draw on details from your life. You may think that no one could guess your child's or pet's name, when all it might take is a quick visit to a social media platform to figure it out.
- Check if any of your passwords have been exposed − An experienced security threat researcher Troy Hunt hosts a website called HaveIBeenPWNED.com to find out if your email or phone number has been affected by a data breach.
- Use a password manager − Password managers save the passwords you use to log in, generating hard-to-guess passwords when you sign up for new sites and automatically inserting your passwords into login forms.
- If you must store passwords somewhere else, know the risk − If you opt to store your passwords yourself rather than using a manager, here are some things to keep in mind. You can avoid digital theft by writing passwords in an analog notebook or slip of paper, but then that list can get lost, stolen, or even eaten by that pet who's name you think no one can guess.
- Set up two-factor (same as multifactor) authentication − Two-factor authentication requires a person to authenticate their identity in two different ways before gaining access to an account. By enabling this, you prevent hackers from breaking into an account if they've only gotten their hands on your username and password.