For the most part, password managers like Dashlane.com and StickyPassword.com are a very safe and practical solution when it comes to storing and organizing your passwords. They encrypt all passwords that you put inside of them, so if anyone tries to break into them, your passwords will appear as incorrect gibberish.
Also, many password managers allow you to automatically and securely complete forms of information that you're often asked for when you sign up for accounts or pay for things. This protects against certain hackers and forms of spyware that can track the actual keys that you press when you type in your information. Some can also check the credentials of websites when you auto-enter your information, and alert you if one is trying to pull a phishing scam on you.
There are, however, three key risks when using password managers:
Most password managers rely on a master password in order to access them and scramble the information within. If a hacker somehow breaks the master password on your password manager, they can get at all of your other passwords.
Password managers won't protect you against hackers or spyware programs that hijack your computer or web browser. These will simply wait until you enter your password, and then steal your information or use your account without your permission once you're already logged in.
If you use a cloud-based password manager (see our What is The Cloud article for more information about "the cloud" and how it works), such as one on a website or inside your web browser, you face the same dilemma as when using other cloud-based services. That is, you have to trust the company that supplies the password manager to hold onto your information for you.
The only major risk is the first one; the other two are risks that people more-or-less inevitably take on the Internet these days, whether or not they specifically use a password manager. And fortunately, there are steps you can take to keep yourself safe when using a password manager, too.
Tips for using password managers safely
1. If possible, use a web-based password manager.
We know that we just said that using cloud-based services can be risky, as it means putting your information into someone else's hands. However, it's generally safer to use a cloud-based password manager as opposed to one on your computer desktop.
The reason for this is that the companies that run cloud-based password managers have securely-designed server computers that are much better equipped to keep your information safe than your personal computer is. If you use a desktop password manager, a hacker who takes control of your computer may be able to find the file that contains your passwords and force their way into it or delete it.
2. Use a strong master password.
As we mentioned, most password managers use a master password as the key to accessing the program, and sometimes mixing up your passwords while they're stored so that cyber-burglars can't make sense of them. Therefore, it's a good idea to make your master password your strongest one. See our How to Make a Strong Password tutorial for tips on how to make a password as secure as can be.
Also, never store your master password (or clues relating to it) directly on your computer. Instead, if you need help remembering it, write it (or its clues) down on a physical piece of paper, and store it in a safe place where only you know how to get at it.
3. Take regular precautions for protecting yourself on the Internet.
The biggest threats to your safety when using password managers are from hackers and spyware, which are general dangers that people face on the Internet every day. Therefore, the easiest way to keep yourself safe when using a password manager is to follow the other general safety tips that we outlined in our Introduction to Internet Safety course. These include:
Select and use a strong antivirus program, and keep it updated.
Keep your operating system, browsers, and other programs updated.
Know how to identify and avoid suspicious emails or websites.
Never give out information about your passwords over social media, email, or chat services.
Log out of your password manager and website accounts when you're done using them.
Follow these recommendations, and it should be smooth (and safe) sailing for you and your use of password managers!