Are password managers safe? Here’s how to use them

Password stars on a computer screen

If you’re a small business owner, you’ve no doubt heard reports that introducing a password manager across your organisation could be one of the most effective steps you can take to safeguard your data—and that of your customers.

But you may understandably have concerns when it comes to handing over this level of control to a piece of software. Are password managers safe? What levels of security do these companies offer? What would happen if your provider were to be hacked?

Fortunately, the best password managers have robust security features to protect your data, and, if used correctly, such software is typically far safer than the alternative—relying on your employees to create (and remember) strong and unique passwords for every online account they access.

Are password managers safe? Prepare yourself first

Before you implement a password manager for business, the most worthwhile preparation you can undertake is to fully understand how these apps work and the potential benefits they can provide for your organisation.

Put simply, a password manager is an app on your phone, tablet, or computer that can reduce your risk of falling victim to fraud by organising all of your account login details in a secure digital vault, generating new passwords, and synchronising these across all your devices. Your employees will need to remember just one secure master password to gain access to their online credentials.

Once you’re armed with this knowledge, the next effective precaution you can take is to install reliable anti-virus software, which can protect all your systems against malicious attacks. For example, a number of the most competitive threat-protection providers, such as Avast, offer tools to prevent concealed keystroke-logging malware from hijacking your passwords and other account details.

We’ve rounded up eight steps business owners can take to ensure maximum possible protection for their sensitive information when implementing a password manager.

Step 1: Do your research

A student working at a computer

A number of providers offer software specifically designed for small businesses (Image credit: Shutterstock)

As with any major tech purchasing decision, the first step in deploying safe and secure password management is to thoroughly research potential providers, and draw up a shortlist of apps that best suit your organisation's needs.

As obvious as it sounds, you should focus your research on companies that provide a business-specific solution, with features specially designed for a commercial environment, such as reports on password hygiene.

It would be a mistake to simply stick to the password manager you use across your home accounts, as personal and professional needs are often worlds apart.

Step 2: Choose a zero-knowledge password manager

With security being a prerequisite when it comes to password management, you may want to opt for a provider that operates on a zero-knowledge basis.

Under this system, the provider will never have access to your master password, as all this information is encrypted on your device before being transmitted to your provider’s servers. Even if its servers were breached, the hacker would only see the encrypted (and therefore meaningless) version of your password.

While the most well-respected password managers adopt the zero-knowledge approach, this isn’t true of all providers, which means it’s prudent to check for this feature before making your decision.

Step 3: Consider an open-source password manager

Open source cloud with endpoints underneath

Open-source software must be vetted by third parties (Image credit: Shutterstock)

For many security and tech experts, being open source is one of the most attractive features a password manager can have.

Under this arrangement, a software provider must make its coding available for third-party audits, which can be massively reassuring in a field in which consumer confidence is key.

It means security experts, or even consumers, can inspect all code to verify any assertions the company makes with regard to encryption or server security. Examples of open-source password management providers include Bitwarden and Passbolt.

Step 4: Check your password manager supports relevant platforms

When choosing your password manager, you’ll need to ensure the potential provider is compatible with all the devices, plug-ins, and browsers used across your network.

Most password managers will work with Windows and Mac operating systems, as well as Android and Apple mobile devices. However, you could encounter difficulties if you’re using a less well-known operating system.

Bear in mind, this issue of device compatibility is especially important if a number of your employees work from home and sign into your systems from their personal devices.

Step 5: Choose your master password carefully

A render of a black computer screen whit random white characters indicating a bank of passwords, with the word password highlighted in green text

Your master password is incredibly key, and choosing it is an important step (Image credit: Shutterstock)

As we’ve already discussed, password managers operate via a master password—a single form of identification that controls access to all passwords in your personalised vault.

Choosing the right master password is essential in order to maximise cybersecurity across your business. The trick lies in creating one that is both memorable and impossible for wannabe hackers to guess or decode.

You could, for example, select a combination of three random words, rather than relying on personal details such as your children’s birthdays or mother’s maiden name. One essential point to bear in mind: always make sure your passwords include a combination of numbers, both upper and lower case letters, and special characters.

If you’re nervous when it comes to creating a password yourself, many password managers offer generator tools that will do this on your behalf.

Step 6: Set up 2FA or MFA

The best password managers function on two-factor authentication (2FA) or multi-factor authentication (MFA) models, which require users to log in via two or more methods.

The first login will normally be through their main device, such as their workplace computer, and the second will typically be via a one-time password on a linked email address or a device like a smartphone.

If you are concerned about your master password being vulnerable to hackers, you could consider a password manager that uses biometric technology. StickyPassword, for example, requires mobile users to verify their identities by swiping their fingers across their device.

Step 7: Check for weak/reused passwords

A list of poorly-constructed passwords on a notepad

(Image credit: Shutterstock)

A number of top password managers, such as Bitwarden, contain features that enable you to view reports and analytics on any vulnerable passwords within your network. Depending on the software you choose, you may be able to target this according to certain teams or even individuals within your organisation.

If such analytics features appeal to you, consider opening an account with Dashlane, which includes a data-driven dashboard designed to monitor password hygiene across an entire network.

Other password management plans include data breach reports and dark web monitoring, which searches the internet for illegally obtained information such as the login details of cybercrime victims.

Step 8: Educate your employees

Whenever you’re implementing a new piece of software, adoption is unlikely to be successful without thorough engagement from everyone within your company. As part of your IT induction process, you should explain to your new hires that you operate a password manager and ensure they are aware of the correct procedure for reporting any questions or concerns.

Summary

Are password managers safe? While all online activity does carry an element of risk, the benefits of password managers far outweigh potential safety concerns. Without such apps, your business’s most critical data could be left vulnerable to cyberattacks if your employees choose weak or easily decipherable passwords to access your networks.

When it comes to ensuring maximum possible safety, the most valuable precautions you can take often occur before you install, or even purchase, your software and lie in finding a provider that includes the safety features best suited to your business’s needs.

Further reading on password managers

Take a look at our other guides to the best free password managers and the best password managers for business. It's also worth looking at our top five things to consider before buying a password manager. We also look at whether open-source password managers are safe to use, whether password managers are safe, and how you can test password strength via a series of free tools.

Katy Ward

Katy Ward is a freelance journalist and editor with more than 10 years' experience writing about tech and finance. Throughout her career, she has worked with tech giants such as Google and Yahoo!, as well as a host of fintech start-ups. Her work has appeared in national newspapers and independent media outlets.