Search

Password managers: using browsers and apps to safely store your passwords

Need help remembering all your passwords? Get a password manager, or save them to your browser.


We're often told that the passwords for our online accounts should be really strong, and to not use the same password anywhere else. Especially for those important accounts like email, banking, shopping and social media.


The trouble is, most of us have lots of online accounts, so creating different passwords for all of them (and remembering them) is hard.


This is where a password manager can help. A password manager (or a web browser) can store all your passwords securely, so you don’t have to worry about remembering them. This allows you to use unique, strong passwords for all your important accounts (rather than using the same password for all of them, which you should never do).


In addition, many password managers are helpful because they can:

  • synchronise your passwords across your different devices, making it easier to log on, wherever you are, and whatever you’re using

  • help spot fake websites, which will protect you from phishing attacks

  • let you know if you’re re-using the same password across different accounts

  • notify you if your password appears within a known data breach so you know if you need to change it

  • work across platforms, so you could (for example) use a single password manager that would work for your iPhone and your Windows desktop


Saving passwords in your browser


When you're logging into your online accounts, most web browsers (such as Chrome, Safari and Edge) will offer to save them for you. It's safe for you to do this on your own device.



Browsers such as Safari and Chrome will ask before saving your password.


Note: you should always make sure you are using the latest version of your browser (and operating system), and you should keep this up to date.


Saving passwords on shared computers


If you’re using a shared computer outside your home (for instance, at a college or library) you should never save your password in a browser.


If you're sharing a computer in your household, either with family or housemates, then you’ll have to think about who else could access the computer (and therefore to your saved passwords), and decide if you’re ok with this. The safest option is to:

  • make sure that everyone has their own account on the shared computer

  • make sure that everyone logs out when they’ve finished using it

For help on setting up and using accounts on the same computer, please refer to the following links:

Using password managers


A password manager is an app on your phone, tablet or computer that stores your passwords, so you don’t need to remember them. Once you’ve logged into the password manager using a ‘master' password, it will generate and remember your passwords for all your online accounts.


Many password managers can also enter your passwords into websites and apps automatically, so you don't even have to type them in every time you log in.


There are lots of different password managers, many of which you can use for free if you accept certain limitations. So it's worth searching for online reviews, and finding one that meets your requirements. The NCSC also provides some technical guidance about the security features you may want to consider when choosing one.


If you use MacOS, you can use Keychain which is a password manager system built into the operating system.


Protecting your password managers


It is important to take steps to protect your password manager account, for the following reasons:

  • if you forget the ‘master’ password for your password manager, you will not be able to get back into your accounts

  • if a cyber criminal accesses your password manager account, they will have access to all your accounts

With this is mind, we strongly recommends that you:

  • Turn on two-factor authentication on the password manager account. This means that even if a cyber criminal knows the ‘master’ password, they still won’t be able to access your password manager account.

  • Choose a strong ‘master’ password to control access to your password manager account (for example by using three random words). Note that you can’t store this password in the password manager itself, so if you can’t remember it, it's OK for you to write it down on paper, provided you keep it safe and out of sight.

  • Install updates for your password manager app as soon as you're prompted.

 

Reporting

Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).

 

The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.

 

EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.