If you’re like me, you have so many online accounts that it’s tough to estimate how many sets of login credentials there are to keep track of. Less than optimal management strategies include post-it notes under keyboards, spreadsheets that are vulnerable to digital breach, or a physical address book that stays at home, but makes it impossible to log in from any other location.
You may have heard about password managers and, more recently, passkeys as ways to simplify sign-ins and improve security. This guide explains what password managers are, how they work, and whether using one makes sense for you. Spoiler alert – you can use passkeys with password managers, too!
What Is a Password Manager?
A password manager is a tool that securely stores your login information for websites and apps. Instead of remembering many passwords, you remember just one main password, and the manager handles the rest.
Most password managers can:
- Save usernames and passwords
- Create strong passwords
- Fill in login forms automatically or show your credentials
- Sync your information across your phone, tablet, and computer
Some password managers are built into web browsers, while others are separate apps or services. Examples of password managers include Keeper, Proton Pass, Bitwarden, Nordpass, and many others. Of these, Bitwarden has the most robust free version.
How Password Managers Work
When you use a password manager, it keeps your login information locked away in an encrypted vault. Encryption means your data is scrambled so it can’t be read by others.
Here’s what usually happens:
- You create a strong main password.
- The manager saves your website logins securely. It may do so automatically, or prompt you to save credentials when you enter a new login.
- When you visit a site, it can automatically fill in your details.
- Your logins stay updated across your devices.
This allows you to use strong, unique passwords for every account without having to remember them all. It should be noted, though, that if you lose the password for your password manager account, you may lose access to all of your saved passwords. Be sure you have a recovery plan.
Your recovery plan may vary depending on the manager you use. Here are suggestions for Bitwarden and 1Password. Whichever manager you choose, make sure you can recover access if it is lost.
What Are Passkeys?
Passkeys are a newer method of signing in without using a traditional password.
Instead of typing a password, passkeys let you log in using:
- Your fingerprint
- Face recognition
- A device PIN or screen lock
Passkeys are tied to your device and the specific website or app. This makes them harder for hackers to steal or trick you into giving away.
Not all websites support passkeys yet, but many major companies are starting to offer them. For more info, check out our previous article about passkeys.
Password Managers vs. Passkeys
Password managers and passkeys are often talked about together, but they serve slightly different roles.
- Password managers help you manage passwords you still need.
- Passkeys reduce or eliminate the need for passwords on supported sites.
Many modern password managers can now store and manage passkeys, making them a central place for all your sign-in methods. Even as passkeys become more common, most people still need a password manager because:
- Many sites still require passwords
- You may use multiple devices
- You may want backup and recovery options
For most users, the two tools work together to improve your security profile.
Benefits of Using a Password Manager
- Better security – Password managers help you avoid reusing passwords, which is one of the biggest security risks online.
- Less stress – You don’t have to remember dozens of logins, keep track of your paper password lists, or reset forgotten passwords.
- Faster Sign-Ins – Auto-fill features make logging in quicker and easier.
- Secure password creation – let your password manager generate a random, hard-to-crack password.
- Support for Modern Sign-Ins – Many password managers now support passkeys, making it easier to adopt newer, safer login methods.
Limitations and Things to Consider
Password managers are helpful, but they aren’t perfect.
- There may be a learning curve at first
- You need to protect your main password carefully
- Not all websites support passkeys yet
- Recovery planning in advance is crucial in case you lose access to your device
- Though the possibility is remote, password managers can still be hacked, and they don’t necessarily handle it well
Understanding these limits helps you weigh the risks.
Who Should Use a Password Manager?
A password manager can be useful if you:
- Have many online accounts
- Reuse the same password in multiple places (you shouldn’t)
- Use both personal and work logins
- Log in on multiple devices
- Want an easier way to manage passkeys as they become more common
I don’t know about you, but I fall into all of these categories. You may not need one if:
- You only have a few accounts
- You already use strong, unique passwords and can manage them
- Your workplace controls all logins with its own systems
Even then, many people find password managers convenient as their online lives expand.
Tips for Using a Password Manager Safely
Aside from having a recovery plan, as discussed in the “How Password Managers Work” section, these simple steps go a long way toward staying secure:
- Choose a well-known, reputable service
- Create a strong main password you can remember
- Keep your devices updated
- Learn how account recovery works before you need it
- Use built-in security features when available
If you’d like to go the extra mile, try peppering your passwords to ensure a hacked password manager doesn’t expose your actual passwords. However, this breaks the function that would fill it automatically by adding a step where you “add the pepper” to the saved password after it is entered in the login form.
Common Myths about Using Password Managers
Perhaps you’re not yet convinced that password managers or passkeys are for you because you’ve heard bad things. Let’s dispel some common myths:
“Passkeys mean passwords are obsolete.”
Not yet. Many sites still rely on passwords. They can also be used if your passkey fails for some reason.
“Password managers aren’t safe.”
Reputable managers use strong security methods and are often safer than reusing passwords. Though, as we mentioned, no storage solution is completely invulnerable.
“These tools are only for tech experts.”
Most modern password managers are designed for everyday users.
Summary
Password managers and passkeys are practical tools designed to make online life safer and easier. While passkeys represent the future of sign-ins, password managers remain useful for managing today’s mix of passwords and new login methods.
