Tech.co logo

Are Password Managers Safe?

August 6, 2019

11:00 am

Are password managers safe, or should you think twice before using a password app? Given that even industry-leader LastPass was once the victim of the hack, it's understandable that concerns remain. Even so, we'd strongly recommend using a password manager.

Let’s be honest – passwords are a pain. Having to juggle multiple logins across multiple sites can be taxing, not to mention trying to remember which password is for which – especially with each password needing to be unique. Your passwords are unique, right? According to research, over half of us have up to 25 password protected accounts online. That’s a lot. The solution to your password woes is a password manager. These handy apps automatically store all your logins, meaning that you’ll never have to remember one ever again. Not only that, but they can generate secure passwords for you, and some will even alert you should your details be compromised.

Sounds great, but you’re probably wondering about the wisdom of storing all your passwords in one place. It’s a legitimate concern to have, but research has shown that using a password manager is far more secure than not using one. With cases of these services being hacked being extremely rare, there’s little reason not to use one.

On this page:

Is it Safe to Use a Password Manager?

Yes – a good quality password manager is a safe, trustworthy and highly recommended security tool. Top password managers, such as 1Password, Dashlane or LastPass, can be trusted to protect your account logins thanks to secure encryption that keeps your passwords secret.

Here's how it works in practice. You create an account with a password manager, then create a single “master password” to log into it. To keep your password manager safe to use, it's essential that your master password isn't anything obvious. So that's no thank you to “12345”, “qwerty” or “passwd”. Instead, pick a longer phrase or mix and match cases and special characters – just ensure it's unique and memorable.

How Secure Is My Password?Then, the password manager can get to work automatically generating complex, unique passwords for every service you log into online – one for your Amazon account, email account, Facebook account and so on. You won't need to memorize these – whenever you login in, the password manager will automatically apply the password (and you enable the password manager via that single master password).

This entire process is far more secure than re-using the same password over and over on multiple sites – the single biggest risk you can take with your online security. It's also far easier than attempting to remember multiple unique passwords.

So, if it's all win, why are there any questions around password manager safety? Largely, these come down to an understandable concern over the security of handing over your logins to a third-party service. That's why we'd recommend only using a trustworthy, well-rated password manager. Which ones would we recommend? Read on…

Most Secure Password Manager

If you want a secure password manager, you should opt for a paid one. Free password managers tend to be restricted in some way, and are usually supported with adverts.

In our testing, we found 1Password to be the most secure password manager. For a few dollars a month, it could save you a lot of headaches, as well as time spent waiting for password reminder emails to drop into your inbox.

Scroll horizontally to view full table on mobile devices

1PasswordDashlaneLastPassSticky Password
1Password logoDashlane logoSticky Password logo
Overall Score★★★★★★★★★★★★★★☆★★★★☆
Local Storage Optionx
Two-Factor Authentication
Failsafe Functionx
Password Generator Function
Help Instructions
Email Support
Live Chat Supportxxx
Phone Supportxxxx
Ease of Setup★★★★★★★★★★★★★★★★★★★★
Features★★★★★★★★★★★★★★☆★★★★☆
Overall Performance★★★★★★★★★★★★★★☆★★★★★
Help & Support★★★☆☆★★★★☆★★★☆☆★★★☆☆
Value for Money★★★★★★★★★☆★★★★☆★★★★☆
Cost per year$36$60$24$30
Discounts AvailableSee DealsSee DealsSee DealsSee Deals

 

Want to know more? Check out our dedicated Password Managers guide.

Do Password Managers Get Hacked?

No online system is infallible. Password managers – just like any other online service you use, such as Amazon, Twitter or Facebook – run the risk of being hacked. In fact, some have been.

The best password managers, however, will take your security very seriously – after all, you’re paying for the service. If you lose trust in them, they lose your patronage, and with it, your payment.

When LastPass was hacked in 2015, users were right to be concerned – after all, if a hacker could get into the system, they could, in theory, have access to every password that LastPass users had stored there. However, even though its security was breached, hackers were unable to steal any information – all of the passwords were protected by the users’ Master Password, which is not stored on the LastPass servers. This meant that the encryption on the passwords stored by LastPass was unable to be cracked. And that is why you should pay for a password manager.

Password managers are also a common target for ‘ethical hackers’, those who like to test the security of online systems to flex their coding muscles. Password managers are their white whale – crack one of these open, and they’ll win the acclaim of the industry. This isn’t as scary as it sounds – in fact, ethical hackers are offering a great service, finding exploits in online systems before more nefarious people do. Once they’ve found a vulnerability, these hacklers will make contact with the service and let them know, allowing the provider to then fix the issue.

Password Manager Safety FAQs

Even if you opt to use a password manager, it doesn’t mean that you’re free to take your eye off the ball. There is still best practice to follow, such as ensuring that you don’t share your master password with anyone, not leaving your computer open in public, and enabling two-factor authentication when possible.

Then of course, there’s choosing which service to go for. We found that 1Password was the best rated in our testing, but there are plenty to choose from, most of which will offer you peace of mind and a less stressful online experience. But – and we can’t stress this enough – you get what you pay for.

Is LastPass Safe?

As we mentioned earlier, LastPass was hacked in 2015. The hackers weren’t able to get any of the secure password data, but they did have access to email addresses and password reminders. LastPass was quick to act, and resolved the issue swiftly.

With LastPass, to de-encrypt passwords that are saved server-side, one would need the Master Key. But this is held locally on your machine. This means that even in a worst case scenario, hackers can only access heavily encrypted data, with no way to unpick it all. It’s like being given all the materials to paint the Mona Lisa, without ever having seen what it looks like.

Is 1Password Safe?

Good news: 1Password has never been hacked. It’s something the company boasts about openly on its site – which seems like a challenge to hackers out there – meaning that its clearly very confident in its security measures.

As is the case with LastPass, 1Password requires a Master Key to unlock your passwords, which is stored locally on your machine. This means that unless a hacker has direct access to your laptop, tablet or mobile, your details are safe.

Check our full 1Password Review to learn why it's our top-rated app.

Is iCloud KeyChain Safe?

iCloud KeyChain is Apple’s baked-in password manager, which syncs across iPhone, iPad, and Macs. As well as storing your passwords, it can also generate them for you, as well as alerting you to weak passwords.

While it gets the job done, it’s rather basic, and it can’t compete with the rich feature-set of a dedicated password manager. But is it safe? Although flaws have been found by ethical hackers (and since fixed), there have been no large scale breaches of the system.

Is Chrome Password Manager Safe?

If you’re a Chrome user, you already have a password manager at your disposal, thanks to the browser’s built-in feature. It’s nowhere near as advanced as a paid-for manager, though, and you’re missing out on a lot of features.

Is it safe? Well, that depends. It’s as safe as your Google account is, which means that if anyone gets hold of your login details, they could also in theory log into any of the sites and services that you have used in Chrome. However, Google does make this slightly harder by alerting its users when the details are used to sign into a new device.

Verdict – Should You Use a Password Manager?

We can't state this clearly enough – a password manager is a safe, recommended way to secure your online logins. The alternatives are far, far riskier – in particular, that old habit of re-using the same old password again and again across multiple websites (please, just don't).

No system is guaranteed bullet-proof, and as the LastPass hack showed, even password managers can be vulnerable. However, as that very incident showed, there are serious protections in place, and these prevented the LastPass hack from being a disaster for any customers.

We'd strongly recommend getting up and running with a password manager for proper online peace of mind.

About our links

Some of the links on our page will take you directly to a provider or retail website, where you may find deals and discounts. If you make a purchase at this stage, we may receive a payment. This has no additional cost to you, and never affects the editorial independence of our reviews.

Did you like this article?

Get more delivered to your inbox just like it!

Sorry about that. Try these articles instead!

Jack is the Content Manager for Tech.co. He has been writing about a broad variety of technology subjects for over a decade, both in print and online, including laptops and tablets, gaming, and tech scams. As well as years of experience reviewing the latest tech devices, Jack has also conducted investigative research into a number of tech-related issues, including privacy and fraud.