As we move forward with our digital lives, complying with the need to “log into” just about anything we touch these days it becomes increasingly difficult to maintain a high degree of password hygiene. There are those incredibly disciplined people amongst us that can perform effective Password Management in their head, and then there are the rest of us that well, can’t.

I have previously recommended considering using a Password Manager in situations where “it all gets a bit too much” to manage your passwords manually. (The warning signs are that you are breaking Cardinal sins such as writing them down, re-using the same one for multiple sites, using weak passwords, never changing them or storing them in your web browser.)

However, it begs the question of how secure such software is before we start using it. Not all Password Management software will be 100% secure 100% of the time – nothing ever is, and there will be occasions where a vulnerability is discovered that needs patching by the vendor but in terms of how they will approach the security of your passwords they take it incredibly seriously. Most offer security whitepapers that you can read to understand in-depth how secure their platform is.

At a high-level, you would usually use a so-called “Master password” to unlock the vault of stored passwords which then lets the application work. The application will be hardened to prevent unauthorised access to the encrypted data (passwords) inside. Better software will also let you enforce Two-Factor Authentication using a mobile device, massively increasing the security – I use this method for example, and my Password Manager auto-locks after a period of time if I don’t use it.

Most vendors also employ a “Zero knowledge” system by never having the ability to read your passwords or store your Master password on their servers.

You are always more protected with a Password Manager than without it, unless of course you can genuinely do a better job using only your head!