Yes, You Need a Password Manager. Your Online Security Depends on It
A password manager is one of the best ways to boost your online security. Here's how to set one up.
Attila is a Staff Writer for CNET, covering software, apps and services with a focus on virtual private networks. He is an advocate for digital privacy and has been quoted in online publications like Computer Weekly, The Guardian, BBC News, HuffPost, Wired and TechRepublic. When not tapping away on his laptop, Attila enjoys spending time with his family, reading and collecting guitars.
ExpertiseAttila has nearly a decade's worth of experience with VPNs and has been covering them for CNET since 2021. As CNET's VPN expert, Attila rigorously tests VPNs and offers readers advice on how they can use the technology to protect their privacy online and
Creating a strong, unique password for each of your online accounts is one of the best ways to stay secure online and protect your personal information. Ideally, each individual password you create should be at least eight characters in length and consist of upper- and lowercase letters as well as numbers and symbols. (Sorry, using "password123" simply isn't going to cut it.) It may be tempting, but reusing one easy-to-remember password for all your accounts can seriously jeopardize your online security -- you don't want to make yourself an easy target for cybercriminals. In fact, recent research by cybersecurity firm Hive Systems has suggested that a weak password can be cracked instantly by a hacker.
What is a password manager, and why do I need one?
A password manager is an online service that stores your passwords as well as other data like credit card numbers, bank account information and identification documents in a secure, encrypted environment. It takes one of the biggest potential vulnerabilities -- weak or recycled passwords -- and does the hard work for you.
Bad password habits are dangerous for your digital security. Using weak passwords makes your accounts easy to crack, and reusing passwords leaves you open to credential stuffing attacks that can compromise accounts that share the same password.
But with a password manager, you only have to remember one single master password, and the password manager takes care of the rest -- allowing you to create strong, unique passwords for each of your online accounts. If you're not sure how to create a strong password, or if you don't want to come up with one on your own, your password manager can create one for you. Many password managers also include a feature that analyzes your current passwords and lets you know which ones are weak or reused and need to be changed.
You can also securely share passwords and sensitive documents with family and friends if you need to. And if you're shopping online, you can easily fill in your credit card information to make purchases without needing to have your physical credit card on hand.
Your password manager can also help you fight against phishing scams. Even if a phishing attempt tricks you into clicking on a malicious link, it won't trick the password manager. Your password manager will detect that the URL is different than the site you usually log into -- regardless of how similar it may look to the naked eye.
If you're worried about storing all sorts of sensitive information in one place, you don't need to be. The top password managers use a zero-knowledge approach to securing your passwords and other information you store with them -- meaning that even the password manager itself can't access your passwords or other data, because everything is encrypted before it leaves your device. And if your password manager can't access your data, then neither can anyone else.
The first thing you'll need to do is choose a password manager and set up an account (CNET's list of top password managers is a great place to start). Some password managers have a free tier that usually includes all the basic features you'd need, but you can expect to pay anywhere from $35 to $60 per year for a premium plan that includes things like access across multiple devices, expanded file storage and family sharing.
As you set up your account, you'll be asked to create a master password. This is the one password that you have to remember -- make sure it's something you can recall, yet complex enough to make it difficult for others to guess. Also, make sure your master password isn't one of your existing passwords you're already using on other sites. Some password managers, like 1Password, offer a printable "emergency kit" that includes information like your username and digital key and where you can write down your master password. Yes, you can write down your password, just make sure to keep the piece of paper locked in a secure location.
We really can't stress this part enough: Don't forget or lose your master password or your emergency kit because, as a security precaution, password managers don't typically offer a way to recover it. If you're locked out, there's no way back in.
Once you're all set up with your account and master password, you can download the software to your devices. Typically, you'll be prompted to download the app that corresponds to the operating system you're using when you set up your account (iOS, Android, Windows or MacOS). You can also find download links on your password manager's website for any other devices you may want to use your password manager on. If your password manager offers a browser extension, go ahead and install it -- it will make autofilling your passwords on sites much easier.
After that, you'll need to add your passwords to the password manager. Most password managers offer easy ways to import your passwords from various locations, whether that's your browser, a spreadsheet or another password manager. You can also input your passwords manually.
Once you've got your passwords loaded into your password manager, you're good to go. As long as you're logged into your password manager, it will offer to fill in your login information as you visit the sites and services you use online. It will also offer to save new, secure login credentials on new accounts you create -- ultimately saving you from putting your online security in peril.