Security guide

Why You Need a Password Manager

To use strong, distinct passwords on every site, you need a password manager rather than human memory.

What a password manager is

A password manager is a tool that stores each site's login details encrypted and fills them in automatically when needed. You only have to remember a single master password.

The vault is strongly encrypted, and many use an approach where even the manager service itself cannot see the contents (zero knowledge).

What's good about it

With a manager, you can do the following.

  • Use a long, random, unique password on every site
  • Improve convenience with login autofill
  • Prevent phishing, since autofill won't appear on fake domains
  • Sync securely across multiple devices
  • Check for leaked, duplicate or weak passwords

The master password is the key

A manager's security rests on a single master password. Make this a long, easy-to-remember passphrase (for example, several words joined together) that you use nowhere else.

Adding two-factor authentication to the master password as well greatly increases security.

Browser storage vs. a dedicated manager

Built-in browser storage is convenient but depends on the device lock and is limited in features. A dedicated password manager offers more protection, such as a strong generator, breach checks and secure sharing.

Back to guides