Q. What is a password manager and how does it work?
A. Password managers are apps that use a master password to protect confidential information. They enable users to securely store more information than can be memorized.
The two common configurations of password managers are device-based and cloud-based. Device-based managers keep data on a single device, while cloud-based managers keep data on multiple devices and share the data among them.
Keeping passwords on a single device is simpler, but functionality is limited. Keeping passwords in the cloud is safer and more convenient.
Understanding how password managers work means understanding how encrypted files work. When data is placed in an encrypted file, effectively the information no longer exists. If someone steals an encrypted file and looks inside, everything in that file appears to be gibberish.
However, when the password manager is given the master password, it converts what looks like gibberish into the original information.
Encryption is what keeps in formation secure. Even the person who wrote your password manager cannot read your data. Only someone with the master password is able to read that file. Passwords are often thought of as keys that open locked doors, but encryption is not like a locked door. Encryption is more like a magician’s trick that makes information disappear and reappear on command.
But it is not trickery, it is math. And it works.
Q. Keeping passwords on the Web makes me very nervous. I hear frequent news reports of hacks where passwords are stolen. Is online storage a good idea?
A. As always, the devil is in the details. When implemented correctly, online storage is safe enough for millions of users, including me.
Hacking is a real problem, but I find news reports of hacks a double-edged sword. On the plus side, they make people aware of problems, which helps encourage everyone to follow best practices when it comes to keeping information safe.
Unfortunately, the downside is that often news reports focus on attention-grabbing numbers, yet lack perspective. The end result is a vague sense of unease.
I use a wide-range of online services. I keep all of my data backed up online. I also live a few miles from a nuclear reactor and several earthquake faults. There are risks associated with each of these choices, and I trust that best practices will keep me reasonably safe.
The best practices for passwords include using two-factor authentication when available, along with a long, unique password for each online account. To accomplish this, I use a cloudbased password manager (1Password) with a suitable master password known only to myself. I also use a family plan, which can allow family members to access one another’s information in an emergency.
All of my computing choices respect this principle: follow the crowds. I only depend on products that are used by thousands or millions of other people. I mostly use the software that comes with the device, or third-party apps that have been around for many years.
Overall, Apple does better with security and privacy, so I tend to use those devices in my personal life. Data security on the latest versions of Windows and Android is also solid, but they still suffer from more malware, which means more care when selecting third-party apps.
Lastly, I always install the latest versions of apps and operating system security updates.
Q. How can a password manager provide the appropriate password regardless of device and location?
A. Cloud-based password managers use a combination of file synching, custom apps, and Web access to organize your information. The main data storage is kept in the cloud, and each device mirrors the cloud locally. For example, if an item is added on your phone, the phone’s app will copy that item to the cloud, and the cloud will update each of your other devices.
In the event that none of your devices are handy, some cloud services also provide access to your data via a Web portal. I avoid using this method regularly, but it can be a lifesaver in a pinch.
This Wikipedia page lists the major password managers available, along with a summary of their prices and key features.
A tech enthusiast his entire life, Bob is currently developing an educational software project. When not writing, he is in the kitchen cooking up something unusual, or outside with a camera. He can be contacted at firstname.lastname@example.org.