Password managers: how they help you secure passwords

Need help remembering all your online passwords? Get a password manager.

Whether it’s our email, social networks, telephone or electricity bills, online auction sites or online banking, we’re all being asked to keep track of an increasing number of passwords and pin-codes to secure our access to services online.

According to research, on average we each have 26 online logins, with 25-34-year-olds managing 40 online logins each. Those figures were from 2012 - they’re likely to have risen further since then.

So how can we remember all these passwords? For most, it's incredibly difficult and so a password manager makes sense.

What is a password manager?

A password manager is an app on your phone, tablet or computer that stores your passwords securely, so you don’t need to remember them all. Some password managers can synchronise your passwords across your different devices, making it easier to log on, wherever you are. Some can also create random, unique passwords for you, when you need to create a new password (or change an existing one).

Why would I want a password manager?

Reusing the same password across different accounts can be dangerous. A cyber criminal might steal one of your passwords, and then use it to try and access other accounts. This means they could quickly break into several of your accounts despite only knowing one password.

We know that we're supposed to create a unique, hard-to-guess password for all of our online accounts, to prevent such a scenario happening. However, this is virtually impossible to do without help. Password managers provide that help. They're designed to make using and generating passwords easier and more secure. Many can also automatically enter the appropriate password into websites and apps on your behalf, so you don't even have to type them in every time you log in.

What types of password manager are available?

You may be already using a password manager without knowing it. Many are built into your internet browser (such as Google Chrome, Microsoft Edge or Firefox), or are part of the operating system on your smartphone or tablet. You may have noticed when you sign into an account, a box appears asking you if you want the browser (or device) to remember your password. If you are not sharing the device with anyone else, then it is safe to tick the box. If it doesn't offer to save your password, you may need to turn this option on in your device settings. 

Standalone password manager apps are also available to download, many of which can be installed on different types of device, and with extra features like the ability to create good passwords for you. It's worth finding online reviews of the password managers you're considering, and deciding on the features you need (and the support the vendor provides) before choosing one that's right for you. 

How do I protect my password manager?

Whether you're using a standalone password manager or a built-in one, it is important to keep the password manager account secure because if a criminal accesses this, they'll potentially have access to all your passwords and associated accounts. You also need to take steps to make sure you can always get in yourself, so you don't lose access to all your passwords. The National Cyber Security Centre (NCSC) strongly recommend that you:

  • Set up two factor authentication on the password manager account. If you have the option, set up more than one type of second factor so you have a backup plan to get into your password manager account. 

  • Install updates for your password manager app as soon as you're prompted to update. If you're using your browser, always make sure you are using the latest version and you keep this up to date.

  • Choose a strong password for the password manager account (for example using three random words). You can’t store this in the password manager itself, so you may want to write this one down and store it somewhere safe - away from your device - so you don't forget it.

Note that if you're using a built-in password manager through your browser or device, they may be protected by one of your existing accounts. For example, passwords saved in Apple's Keychain are protected by your AppleID, and passwords saved in Google's Chrome browser will be protected by your Google (or Gmail) account, if you have logged in. Again, make sure that you are using a strong password of these accounts.

Here at the EMCRC, we are proud to offer FREE core membership to help businesses of all sizes access affordable support for their cyber resilience. Click here for full details.

The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.