Practical Privacy, Security, and Speech Guide
A field guide to modern privacy, security, and freedom of speech.

2.2 Password managers

Padlock on a warm-toned surface
Identity, passwords, and account security.

Centralisation as both solution and risk

A password manager keeps your login details in one place, protected by a single master password. That centralisation solves a genuine problem: people are asked to remember dozens of logins, so they reuse passwords or choose weak ones. A manager lets you use long, unique passwords everywhere without having to memorise each one.

The same centralisation creates a different kind of risk. If the manager is compromised, an attacker may gain access to far more than one account. The practical question is not whether to centralise, but how to do it in a way that brings the everyday benefits while containing the downside.

What password managers protect against

The most common real-world threat is credential stuffing: criminals take email and password pairs from a breach and try them on other sites. A manager blocks this by making every password unique. Even if a shopping site leaks your details, the same password will not unlock your bank or your email.

Managers also protect against casual or low-effort attacks. A long, random password is not realistic to guess, and it removes the pattern that attackers rely on. It also reduces the temptation to write passwords on paper or store them in insecure notes, because the manager becomes the authorised place for secrets.

A common misunderstanding is that a manager protects against all phishing. It helps, but it is not a magic shield. Some managers warn you when the website address does not match the saved login. That is useful, yet it only works if you notice the warning and if you have a saved entry for the legitimate site. Phishing that uses a real-looking domain can still fool people, especially on small phone screens.

Local vs cloud-based managers

Local managers store the encrypted vault on your own device. They do not automatically sync unless you choose to set it up yourself. This reduces dependence on a third-party service and can be attractive if you are cautious about data stored on other peoples servers. The trade-off is convenience. If your laptop is lost or fails and you have not made a copy of the vault, you may lose access to your passwords entirely.

Cloud-based managers keep a copy of the encrypted vault on their servers and sync it across your devices. The security design usually assumes the provider cannot see your passwords because they do not have the master password. This is called end-to-end encryption: the vault is encrypted on your device before it is uploaded. In practice, the risk is that the provider becomes a high-value target. If their service is breached and your master password is weak, attackers can attempt to crack the vault offline.

In everyday life, this choice often comes down to how many devices you use. Someone who logs in across a work laptop, a personal laptop, and a phone may accept cloud sync to avoid copying files around. Someone who uses one computer might prefer a local vault and a manual backup.

Master password failure modes

The master password is the key that unlocks everything. Most managers do not have a way to reset it for you, because that would require them to be able to read your vault. If you forget it, there is usually no recovery. That is not a punishment, it is a design choice.

A second failure mode is choosing a master password that is too easy to guess or too short. This is the single biggest practical weakness. Attackers who obtain the encrypted vault can try billions of guesses offline. The longer and more unique your master password, the harder that guessing becomes. A memorable phrase made of several unrelated words can be both usable and strong.

Another risk is how you enter the master password. If your computer has malware that records keystrokes, a strong master password does not help. This is not a common day-to-day risk for most people, but it is real. It is one reason to keep devices updated, avoid untrusted downloads, and use reputable app stores.

Sync convenience vs exposure

Syncing makes daily life smoother: you save a password on your phone and it appears on your laptop within seconds. It also increases the number of places the vault exists. That is not inherently bad, but it means you are trusting the security of multiple devices and a syncing service rather than a single computer.

A realistic example is a lost phone on public transport. If the phone is locked and the manager requires the master password or a separate unlock, the risk is limited. If the phone has no screen lock or the manager is left open, the vault may be exposed. The practical mitigation is mundane: use a strong device lock, turn on automatic locking, and configure the manager to require a password or biometrics every time.

In the UK, workplace policies sometimes prohibit storing corporate credentials in personal tools. Using a consumer password manager to store work logins can breach policy, even if it is secure. It is worth checking what your employer allows, and if necessary using an approved manager for work and a separate one for personal accounts.

Backups and disaster recovery

Backups are the quiet, unglamorous part of using a manager. If you rely on a local vault, make encrypted backups on a schedule. That can be a second device, an external drive, or a protected cloud storage account. The key is to ensure you can restore the vault if a device fails.

Cloud-based managers reduce the chance of losing the vault, but they do not solve everything. If you forget the master password, sync does not help. Some managers offer emergency access or recovery codes. Those tools are only useful if you set them up in advance and keep the recovery material somewhere safe.

A sensible approach is to keep a printed recovery code in a sealed envelope at home, or store it in a secure place such as a safe. That is not an invitation to relax about security; it is a practical step to avoid locking yourself out during a stressful moment, such as a lost phone or a crash before a holiday.

Situations where a password manager is inappropriate

There are contexts where a manager is the wrong tool. On a shared computer in a library or an internet cafe, installing a manager or logging into your vault is risky. You do not control the device, so you cannot be sure it is free of monitoring software. In those situations, it is safer to avoid logging into sensitive accounts entirely.

Some high-risk environments require additional separation. Journalists, activists, or people escaping domestic abuse may need to keep certain accounts entirely separate from others. A single vault can create unintended links between identities. In those cases, multiple vaults or different managers may be more appropriate, or even a paper-based method for a limited set of accounts.

Another inappropriate case is when the manager conflicts with organisational policy or legal requirements. Certain regulated sectors in the UK require corporate credential storage and auditing. Using a personal manager might be convenient but could expose you to disciplinary or compliance issues. The pragmatic approach is to keep personal and professional logins separate and follow the rules that apply to your role.