Having strong and unique passwords for your online accounts makes you significantly safer online as opposed to weak passwords. But admittedly, remembering all those passwords gets tough! That’s where some people opt to use a password manager. This is a service that takes care of all your passwords for you, only requiring you to remember a single login to the manager itself.
There's many on the market—the Google password manager (or more specifically, the Chrome password manager) is probably most well-known. But knowing how password managers work and why they're useful will help you break it down to figure out the right choice for you.
How Password Managers Work
When most people make up a password, even if it’s incredibly unique, they tie it to something that they can remember. Makes sense, right? However, it also makes it a little easier for someone to hack the account. The most secure passwords are completely random and nearly impossible to guess—and impossible to remember.
Password managers help with that. They work as a sort of vault to keep all your login information secure for pre-existing accounts; most websites you visit will be autofilled with pre-saved login information to make this as user friendly as possible. You won’t have to try to track down your account information for each site.
Password managers can also generate passwords that are impossible to guess, and they’ll save them to the manager automatically, so you’ll never have to even attempt to remember them. They use strong encryption to make sure your data is safe. Think of it like a digital address book for your passwords.
Why You Should (And Shouldn’t) Use A Password Manager
Overall, password managers are a great choice for keeping your login information safe without having to remember twenty different passwords. Here are the top three reasons to invest in a password manager—and one reason to consider sticking to the traditional route.
1. You only have to remember one password. This reason might be the most obvious, and perhaps the most attractive. All Internet users know the frustration of writing down different account logins only to forget and have to go through the process of resetting your information.
Password managers have you remember one password: the one for the manager. That’s it.
2. The password manager secures and encrypts your data. If you’re like me, you keep a document on your laptop or phone of your passwords for easy access. Admittedly, this idea isn’t smart.
Why? It makes my information vulnerable to hackers because I’m only relying on my device’s encryption and protection software. A password manager keeps your data encrypted one step above your computer to securely store the information.
3. Autofill and auto-generated passwords makes the process simple. You won’t have to keep entering your basic contact information on every website form. Most password managers, including the Google password manager, have a feature that works to autofill.
Similarly, many serve as a password generator. They come up with unique and complicated passwords automatically and save them to the manager, which means you don’t have to spend time thinking of new passwords for new accounts. You'll no longer have to share passwords across multiple accounts to ensure you can remember them. It also heightens your password security.
And the downside:
1. All your passwords are tied to a single account. If you forget that password, it’s not so simple as resetting via email. Most don’t have a way to reset your master password at all, since that would defeat the purpose of a safe and secure “password vault” through the manager.
It’s absolutely critical that you don’t forget the master password. Write it down in more than one place, and memorize it!
Google Password Manager
Even you’ve never used an official password manager before, you’ve likely used Google’s. The Google password manager (or more specifically, the Chrome password manager) works differently from traditional password managers. It’s free, automatically available to anyone who creates a Google account, and convenient to use. However, it’s also riskier; there are fewer security measures in place with the Chrome password manager.
You may not even realize that you’ve used the Google password manager before because it doesn’t require you to go out of your way. If you’ve ever entered account information to any third-party site on Chrome, you’ve probably seen a pop-up in the corner that asks if you’d like to save your information. This is Chrome’s password manager in action.
Hitting “Save” will mark it on your account so that on future visits to the site, your username and password can easily be entered. As the pop-up explains, the passwords are saved to your account so that you can use them on any device.
It’s also great for auto-filling forms. As you put in more information on various websites through Chrome, your Google account will be able to suggest things like your name, address, and phone number for future forms. It automatically fills the fields, saving you time and mental energy.
To edit your saved information or remove accounts, visit the Passwords Manager page and log into your Google account. You can also add new accounts for sites you haven’t visited on Chrome yet on this page.
So what’s wrong with Google’s password manager?
Google’s password manager isn’t inherently dangerous–meaning the only risk you’re taking outright is that you’re giving Google more of your personal information. However, as mentioned above, Google’s manager operates differently than other services. For starters, it doesn’t encrypt your accounts like a traditional password manager. It just saves them to your account, relying on your computer’s encryption system for protection.
It also has no authentication process. Anyone who can log into your Google account or get to a device where it’s already logged on has access to all of your usernames and passwords. That’s a pretty big risk.
In short, Google Chrome's password manager works perfectly for low-risk accounts: accounts without credit cards or sensitive information saved to them, for example. But keep your usernames and passwords for important accounts–like your banks, PayPal, and email–off of Google’s manager. You’re better off remembering those on your own or investing in a higher-quality, safer password manager.
Free Password Managers
Not everyone can afford to pay for a password manager. But some of the best password managers are actually free—or they at least offer free versions. Instead of resorting to Google, here are three free services that come highly rated for users in terms of security and usability.
While Roboform offers three plans, two of which are paid, their free plan still makes it worth your while. Roboform captures and saves your passwords as you go, making it easy for you to use in the future, and allows users the option to log in to sites with autofill.
All major browsers are supported, although browser extensions are necessary for platforms like Firefox. You can access it even offline with mobile apps across multiple devices. All data is encrypted using AES256 bit encryption and it’s been highly rated since 2000.
LastPass’s free version allows users to store an unlimited number of passwords in an encrypted vault, keeping your information secure. It also features autofill and an automatic sync across devices. LastPass works on Chrome, Firefox, Edge, Internet Explorer, Safari, and Opera. For users who only need to use a password manager on one device, LastPass is great—more than one does require an upgrade to their Premium plan to gain access to the extra features.
Bitwarden’s free plan has fairly extensive benefits. Through their services, you get end-to-end encryption and secure storage for your passwords and data. They are also remarkably accessible, able to be used on almost any browser plus on mobile devices, like your smartphone. Bitwarden doesn’t have the simplest user interface, but it works well, and it’s fantastic for businesses and companies looking for a password manager.
Regardless of how you manage your passwords, you should strongly consider enabling Two-Factor or Multi Factor Authentication. Strong passwords plus 2FA are two of our top recommendations for protecting your online accounts.