Password usage for personal purposes has grown nearly 70% in the last three years, and a survey conducted by NordPass in 2024 shows that the average person has 168 passwords^[1]. With that many passwords to manage, individuals often reuse them—or they choose weak and easy-to-guess passwords, which can compromise their online security.

Password managers have emerged as a popular solution that helps people and organizations create, manage, and store their passwords in one secure location. But how secure are password managers themselves? 

In this article, we'll explore how password managers secure passwords and what you can do to ensure maximum protection of your login credentials. We'll also explain a method to help safeguard bank details when transacting online.

What Are Password Managers?

Password managers are software applications that allow you to create passwords, store them safely, and autofill them when needed. They help you practice good password habits and offer benefits such as:

• Strong and unique passwords—Password managers generate complex and unique passwords for each account, reducing the risk of hacking.
• One master password—You only have to remember the password that grants you access to the password manager.
• Protection against keyloggers—Keyloggers are malicious programs that capture keystrokes, including passwords. With autofill, you don't have to manually type in your passwords, reducing the risk of keylogging attacks.
• Protection against phishing—Some password managers offer anti-phishing features, which can detect and prevent you from entering credentials on fraudulent websites.

Some password managers also allow you to store other sensitive information, such as shipping addresses, payment card numbers, and secure notes, centralizing all your personal information in one secure location.

Types of Password Managers

Password managers fall into four categories depending on how they store user passwords or how they're implemented: 

1. Offline password managers—These store passwords locally, either on a computer or on a mobile device. Bitwarden is an open-source password manager that supports offline setup.
2. Dedicated password managers—These store passwords in the cloud and are accessible from any device with an internet connection. They include 1Password, Proton Pass, Norton Password Manager, and NordPass.
3. Browser-based password managers—These are integrated into your web browser, such as Opera GX, Google Chrome, Firefox, and Microsoft Edge. 
4. Device-based password managers—These are built into a user device's operating system or are part of a larger product ecosystem. Examples include iCloud Keychain for Apple devices, Windows Credential Manager for Windows devices, and Samsung Pass for Samsung devices.

How Password Managers Secure Passwords?

When you create a password manager account, you are prompted to create a master password. A master password is a single strong and unique password used to access all the passwords stored in the password manager.

When you save a password in a password manager, it is encrypted and stored in a secure vault that contains all the sensitive information. Encryption converts plain text passwords into strings of characters that are unreadable without the encryption key, making them virtually impossible for potential hackers to decipher.

Many password managers use zero-knowledge architecture, which means the service provider has no knowledge or access to your master password. As the encryption and decryption processes occur on your device, the service provider never sees your passwords in the unencrypted form and has no way of decrypting them.

Password managers can also offer two-factor authentication (2FA) to enhance security further. 2FA requires a secondary form of authentication, such as a code sent to your phone or biometric verification, before granting access to the account. This prevents unauthorized access to the password manager account even if someone manages to obtain the master password.

Are Password Managers Safe To Use?

Password managers are generally safe to use. They use robust security measures to protect your passwords, such as breach monitoring, which constantly scans the dark web for compromised passwords and alerts you to change them if any are found. 

Even so, password managers can have vulnerabilities that potential hackers could exploit:

• Lack of security measures—Not all password managers follow the best security practices. Some might store passwords in the unencrypted form, or they may implement encryption in a way that compromises the security of stored data.
• Master passwords—A weak, easy-to-guess master password can put your entire password vault at risk if a potential hacker obtains it. 
• Security breaches—Due to the sensitive information they store, password manager providers are often targets for cybercriminals. In case of a security breach, hackers could potentially access your vault. 
• Software bugs—Just like any other software, password management software could have bugs. If the bugs aren't addressed quickly enough, they could leave room for hackers to exploit them.

Best Practices for Using Password Managers Securely

The first step to using a password manager security is choosing a secure password manager that fits your needs. Research password managers, their encryption standards, support for different systems, and additional features such as phishing protection and breach monitoring. 

Narrow down the list, and compare the top contenders, such as Keeper vs. LastPass, 1Password vs. Bitwarden, or Bitwarden vs. LastPass. Once you choose a password manager, make sure you:

1. Use a strong master password—Avoid using easily guessable information such as your name, birth date, or pet's name.
2. Enable 2FA—Choose a password manager that supports 2FA, and enable it.
3. Keep your devices and software up-to-date—Don't forget to regularly update your devices' operating system, web browser, and password manager to the latest version. 
4. Use different passwords for each account—If you use different password managers for personal and work accounts, use different master passwords for each to ensure that a compromise in one doesn't lead to a breach in the other.  

An Additional Measure To Enhance Security Online

While password managers are effective tools to securely store passwords and important information such as payment card numbers, their protection only extends to data while it's stored in them. 

Once you use your payment card to transact online and your financial details are stored on the merchant's servers, password managers can no longer protect them. If hackers manage to breach the merchant's servers, your financial information could be at risk.

However, there is a complementary solution to secure your financial data when shopping online—virtual cards. Virtual cards come with randomly generated card numbers you can use at checkout, shielding your actual financial details from hackers. 

While major financial institutions like American Express^® and Capital One^® offer virtual card services, choosing a dedicated provider like Privacy gives you the benefits of robust customization features on top of enhanced security.

Privacy Virtual Cards Bolster Online Security

Linking your bank account or debit card to Privacy enables you to generate multiple virtual cards to use for online transactions instead of your actual payment card. 

As a PCI-DSS-compliant service provider, Privacy employs stringent security standards used by banks and financial institutions. Privacy uses AES-256 encryption to secure your data in transit and at rest and conducts regular third-party audits to ensure compliance with industry standards.

Other ways Privacy enhances your financial security include:

• Two-factor authentication—Privacy allows you to enable 2FA for your account, such as a code sent to your phone, reducing the risk of unauthorized access to your financial information.
• Real-time transaction alerts—Get notified when your virtual card is used or declined so you can spot unusual activity promptly and take action.

Privacy Virtual Card Types

Privacy lets you generate three types of cards:

Privacy allows you to set spending limits and pause or close your virtual card anytime without impacting the linked funding source. Privacy will decline all transactions that exceed your set limit and block charge attempts on a paused or closed card, protecting you from unexpected charges by sneaky merchants. 

Convenience Features

To provide a streamlined online shopping experience and simplify virtual card management, Privacy offers the following features:

• 1Password integration—Manage your passwords and Privacy Virtual Cards directly within 1Password's browser extension.
• Privacy App—Use the mobile app, available for iOS and Android, to generate and manage cards and monitor your card activity on the go.
• Privacy Browser Extension—Install the browser extension for Microsoft Edge, Google Chrome, Firefox, Safari, and Safari for iOS to autofill your virtual card details at checkout and facilitate faster transactions.

How To Get Privacy Cards

To join Privacy, complete these four steps:

1. Register
2. Complete the identity verification process
3. Connect a funding source to your Privacy account
4. Request and generate your first Privacy Card
   ‍

Privacy offers four monthly plans:

References

^[1] NordPass. https://nordpass.com/blog/how-many-passwords-does-average-person-have/, sourced September 15, 2024

‍