It is essential to have a secure password for every online account. But many people find it difficult to remember long, complex passwords in everyday life. That's why '123456', 'hello' and 'password' are still the most frequently used combinations. A password manager is a helpful tool for managing different, complex passwords.

How does a password manager work?

Some people have a strategy of remembering one very complex password for all their accounts. But all it takes is for this password to be cracked one time and cyber criminals then have access to all that person's sensitive data. The most secure method is therefore to have a separate, complex password for each account — although this means there will be several dozen sets of access data to manage. A password manager is helpful here for anyone who may find it difficult to keep track of all these different details.

Password managers are programs that manage user names and passwords. They store passwords securely using encryption and one complex master password. Password managers work a little like a notebook that is kept in a locked drawer, whose contents can only be seen by the owner. The advantage is obvious: instead of lots of different passwords, you only have to remember one.

Advantages of a password manager:

• Stores passwords and user names by means of encryption.
• Helps with allocating passwords, e.g. by generating strong combinations and flagging up weak passwords or ones that are already in use.
• Provides warnings about risky websites and potential phishing attacks, e.g. if the URL of the website that has been opened is different to the one that is saved.
• Synchronisation possible: If the user would like to make the most of online services across multiple devices such as computers and smartphones that run on different operating systems, they can use a program that synchronises them.

Storing passwords with a password manager

Depending on which program is chosen, the passwords are either stored locally on the device or within the provider's infrastructure (which is often cloud-based) in order to synchronise them across different systems.

Independent password manager program
After independent programs have been activated and set up one time, a pop-up window appears whenever a user name and password need to be entered to use an online service. The user than has to enter a master password that is stored at a central location and protects all access data.

Password manager built into the browser
Many web browsers offer a built-in password manager that is ready to use without much effort. Once it has been set up, the program runs autonomously, becoming active if a website that requires access data is opened. However, because browsers are complex programs that do not have this issue as their top priority, malware can extract the access data relatively easily and make it available for an attacker to misuse.

Although using a master password does provide a minimum level of protection, users should always still install the latest updates whenever they become available. They should also protect their computer, tablet or smartphone by setting up a PIN or password, which must be entered in order to gain access to the device.

Disadvantages of a password manager:

• If a user forgets their master password then, in the worst-case scenario, all their data is lost. This often equates to a great deal of work, as access to each individual account must be restored separately.
• All of a user's passwords could be stolen at once if a successful cyber attack is perpetrated on a password manager.
• With cloud-based services, you are usually entrusting a company with access to all your sensitive data. It is worth taking a look at the terms and conditions and privacy policies of the manufacturer in question. Information about where the cloud service provider and the servers are located will tell you which data protection law your data is subject to.

Is a password manager worth it?

Yes, as a rule it is worth using a password manager. It is certainly better than using the same common passwords over and over. The specific decision on which program to use will have to be weighed up on a case-by-case basis. The associated risk will have to be assessed too.

Storing passwords with a second factor

It is best if you set up advanced protection in the password manager for your highly sensitive data; this can take the form of a second factor for your important accounts. A verification code is then sent to a different device (like your smartphone), for example, so you can definitively authenticate the transaction. Your e-mail accounts are one example of an important account. After all, if a third party gains access to your e-mails, they could cause enormous damage. Firstly, they could access information contained in your e-mails, as well as send messages in your name. But cyber criminals with access to your e-mail account could also take over other online services by changing those passwords. More on two-factor authentication.

Checklist:

• E-mail to social media accounts: which accounts do you need a password manager for?
• Browser-based or independent: which program fits your online habits best?
• Cloud or hard disk: where will your data be stored?
• Sensitive data: do you need a second factor for authentication?

• Complex combinations: do you have a secure master password?