What is a password manager? How it works, and other FAQs

Contents

Password managers

• What is a password manager?
• Are password managers safe?
• Can password managers be hacked?
• How much does a password manager cost?
• Is it worth paying for a password manager?
• Can password managers work on multiple devices?
• Should I use a browser password manager?

Passwords

• How often should I change my passwords?
• Are passwords going away?
• Are generated passwords safe?
• How do I create a strong password?
• Why should I use a different password for every account?
• Is it ever okay to share passwords?
• How do I check which passwords are compromised?
• What do I do if my password is compromised?

Password security

• What is two-factor authentication?
• What is biometric authentication?
• What is a one-time password (OTP) or time-based one-time password (TOTP)?
• Are security questions secure?

Business security

• What is a company culture of security?
• What are password policies?
• What is access management?

1Password

• How secure is 1Password? Can I trust 1Password?
• How does 1Password work?
• Can I use 1Password on my mobile or tablet?
• Can I use 1Password in my browser?
• How much does 1Password cost?

Password managers 🔒

What is a password manager?

Password managers are apps that generate and store all the passwords you want to save. The passwords are stored securely and are automatically entered on websites and apps when you need to log in. It creates and remembers the strong, unique passwords that keep you safe online and fills them in so you don’t have to.

Many password managers offer options to store more than just passwords, like credit cards, sensitive documents, secure notes, and more.

Are password managers safe?

Yes, password managers are safe, especially compared to the alternative of not using one. Not only do password managers offer the convenience of generating and storing strong, unique passwords, they make staying safe online easy while promoting good security habits.

Can password managers be hacked?

Yes, but most password managers employ several layers of security against breaches. A hack doesn’t necessarily mean that your data can be accessed. While there is no way to completely avoid a hack in any scenario, reputable password managers will transparently explain what process they have in place to keep your data secure in the event of a breach.

How much does a password manager cost?

Password managers vary in price. They can generally range from free to $60 USD per year for an individual. The price increases if you want to add more users or use a password manager for business.

Is it worth paying for a password manager?

Yes. While a free password manager may cover the basics of generating and storing passwords, you will miss out on features like syncing passwords across devices, breach detection, dark web monitoring, two-factor authentication, enhanced encryption, and more.

Can password managers work on multiple devices?

Yes, most paid password managers work on multiple devices by syncing your passwords to various devices through the cloud.

Should I use a browser password manager?

Using a dedicated password manager is the safest and most convenient option. Browser password managers are still very limited in their benefits and may be less secure than a dedicated password manager. That said, using a built-in browser password manager is better than nothing, but:

• Built-in browser password managers are limited to that specific browser, meaning you can’t use a different browser or sync your passwords on your phone, at work, or on any other device.
• Many browser password managers only store passwords, meaning you can’t store other items like secure notes, sensitive documents, credit cards, and more.
• You can’t safely and conveniently share passwords with your family or colleagues
• If you lose access to your passwords you might not be able to recover them on another device, or recover your account via a family or team member.

Passwords 🔑

How often should I change my passwords?

There is no need to change your passwords regularly. Apart from being inconvenient, changing your passwords regularly makes you more vulnerable to data breaches and hackers than choosing a strong, complex password when you create your account and only changing it if it’s compromised in a breach.

Humans aren’t good at random – we tend to fall into a predictable pattern for creating new passwords. The passwords are simplistic, incredibly easy to remember, and often go up in sequential order, because we only change the number or special character that’s tacked on the end. These simple and predictable password patterns are easy to hack.

Are passwords going away?

No, passwords are not going away any time soon. Passwords are simple for developers to implement and have been ubiquitous for a long time, and passwordless options still have a long way to go. For example, eliminating passwords doesn’t mean you’re eliminating all forms of authentication.

Using biometrics, like facial recognition or a fingerprint scan, has become a more common way to avoid passwords – but while you can change a compromised password at any time, you can’t change your biometrics. Issues like these are still in need of solutions, are we’re not there yet.

If the idea of a passwordless future is preventing you from investing in a password manager app, when choosing a password manager, look into whether or not the app is agile enough to adapt to going passwordless as solutions evolve.

For the time being, strong, unique passwords, two-factor authentication, and a password manager are your best options for staying secure online. While the way we use passwords will continue to evolve, passwords are still more relevant than ever, so it’s best to focus on improving your existing password management for the foreseeable future.

Are generated passwords safe?

Yes. It’s safer to use randomly generated passwords than it is to create your own. However, not all password generators are built equal. It’s important to make sure that the password generator you’re using has security certifications, doesn’t store logs, and is transparent about how it works and what protocols are in place.

How do I create a strong password?

To create a strong password, follow these best practices:

• Make passwords at least 16 characters in length. The longer, the better.
• Randomness is a critical factor in password strength, and the best way to generate a truly random password is with a password generator.
• Never include personally identifiable information in your passwords – or any fields related to your login credentials.

Why should I use a different password for every account?

If you use the same password for both your email and your bank account login, an attacker only needs to steal one password to get access to both accounts, doubling your exposure. If you’ve used that same password for 14 different accounts, you’re making the attacker’s job very, very easy. You can protect yourself by using a password generator to create unique passwords that are easy to remember.

Is it ever okay to share passwords?

Yes. Password sharing isn’t inherently dangerous. You just need to know how to do it safely. The safest way to share passwords is with a password manager with end-to-end encryption so your data is always protected, even in transit. Smart password habits protect you against identity theft, financial loss, and getting locked out of your accounts.

How do I check which passwords are compromised?

A good password manager app will do the work for you, alerting you to security problems with the websites you use so you can keep all your accounts safe. You can also use Have I Been Pwned, which allows you to search across multiple data breaches to see if your email address or phone number has been compromised.

What do I do if my password is compromised?

In event of a data breach, follow these steps:

1. Change your password immediately.
2. Turn on two-factor authentication.
3. Keep an eye on your accounts and check your credit reports.

Being proactive will also help you avoid being exposed in the future with these best practices:

• Create strong, unique passwords. Always use a password generator, and never reuse passwords.
• Protect your credit card numbers. Whenever possible, use Apple Pay or Google Pay. Or try Privacy Cards to keep your card number confidential.
• Delete old accounts you no longer use. Abandoned accounts are still full of personal and private information that leaves you vulnerable to hackers, and fewer accounts means a smaller chance that you’ll be involved in a data breach.

Password security 🚨

What is two-factor authentication?

Two-factor authentication, or 2FA, is a system that adds an extra layer of security to your logins by requiring you to enter a code or confirm your identity in some other way after successfully entering your username and password.

Two-factor authentication is sometimes known as multi-factor authentication, or MFA, because users have more than one option for verifying their identity when they log in to an online service. Even with the best security precautions, passwords are sometimes leaked, stolen, or accidentally shared. That’s where two-factor authentication comes in.

What is biometric authentication?

Biometric authentication is a way to verify a user’s identity through unique biometric characteristics. This includes fingerprint scans, facial recognition, retina scans, iris recognition, and voice ID. Like two-factor authentication, biometric authentication provides an extra layer of security to your accounts.

What is a one-time password (OTP) or time-based one-time password (TOTP)?

A one-time password or a time-based one-time password is a generated disposable password that can be used to verify your identity. It’s a form of two-step verification that is used in tandem with a traditional password to grant access to your account. They can also be required when you perform sensitive actions, like sending a payment or changing your password for an account.

Are security questions secure?

No. The point of security questions is that they are something that the user can remember because they are true things that the user knows – unfortunately this also makes them easy to guess. Security questions can add some additional protection if you treat them as an option for a second strong, unique password. For example, instead of answering the security question with the real name of your first pet, you can generate a random password as the answer and store it in a password manager app.

Business security 🗃

What is a company culture of security?

A company culture of security is an environment where employees understand the importance of and take part in cybersecurity, from password policies to secrets management. Security should be a team effort with every single employee involved.

By nurturing this mindset, not only will you protect the business and its customers, you’ll also increase overall productivity by letting employees work the way they need to work – while staying secure in the process.

Building a culture of security will take time, training, and ongoing reinforcement, but over time, a company culture of security will:

• Enable your employees to be productive and secure.
• Lighten the load on IT.
• Streamline DevOps processes and streamline development workflows.
• Provide oversight on all the tools your team is using.
• Keep employees secure at work and at home.

What are password policies?

Password policies are written rules for how passwords are treated in your organization and what employees in various roles are responsible for when it comes to security. This includes enforcing password requirements like complexity, length, special characters, numerical digits, and case sensitivity.

What is access management?

Businesses of all sizes need to monitor and control what everyone has access to. That includes passwords, corporate card numbers, software license keys, and developer secrets. 1Password Teams and 1Password Business come with administrator tools that let you organize your company’s credentials and set appropriate levels of access for new, longtime, and former team members.

1Password 🔐

How secure is 1Password? Can I trust 1Password?

Every design decision in 1Password begins with the safety and privacy of your data in mind. The information you store in 1Password is encrypted to keep it safe at rest and in transit, and only you hold the keys to decrypt it. We can’t see your 1Password data, so we can’t use it, share it, or sell it. For an in depth look, the 1Password Security Design White Paper explains exactly how your secrets are kept safe with 1Password.

• 1Password uses AES 256-bit encryption.
• 1Password is SOC 2 type 2 certified.
• Only you know your Master Password: it’s never stored alongside your data or sent over the network.
• Your Secret Key is created locally on your device. It’s combined with your Master Password to authenticate you with our server and encrypt your 1Password data.

Your 1Password account uses Secure Remote Password (SRP) to authenticate your credentials without sending them over the Internet. It also encrypts all traffic sent to our server.

How does 1Password work?

With 1Password, you only ever need to memorize one password. All your other passwords and important information are protected by your Master Password, which only you know. Available for all devices, browsers, and operating systems, 1Password syncs your data seamlessly between devices so you always have your passwords with you.

Can I use 1Password on my mobile or tablet?

Yes. 1Password is available for iOS, iPadOS, Chrome OS, and Android.

Can I use 1Password in my browser?

Yes. 1Password is available on Chrome, Firefox, Safari, Microsoft Edge, and Brave.

How much does 1Password cost?

Individuals, families, and businesses can try 1Password free for 14 days. 1Password pricing varies depending on your needs and which plan you choose.

Plans are $USD per user per month when billed annually.

Emily Chioconi

Content Marketing Manager