What is a password manager and how does it work?

by Malo Jamain, Business Developer

What is a password manager? 

In the early days of the Internet, the number of passwords a user had to remember was quite limited, as the number of online applications was not yet as large as it is today.

Since the launch of Google in 1998 and Facebook in 2004, things have evolved a lot and become more complex.

In a 2017 report, LastPass, a company specializing in password management, estimates that on average, a user must remember about 200 different passwords.

Today, it has become almost impossible for a person to remember all the passwords created through the different applications and websites. 

Since passwords can give access to sensitive data (bank account, messages, etc.), and security was for a long time not the priority of large Internet companies, hackers began to steal them in order to resell them on the black market, which can have serious consequences on the lives of victims.

A 2020 study by Photon Research estimates that more than 24 billion complete sets of usernames and passwords are in circulation on the dark web.

As a result, most websites and applications now impose a minimum level of security when creating an account, leading Internet users to have to create complex passwords that are harder to remember.

It is now common to see this type of interface when registering on a website:

Cryptr - Type of interface when registering on a website

Fortunately, this growing complexity has brought out new technologies allowing you not to have to remember your passwords: password managers.

A password manager is an online application or service allowing a user to centralize all of their passwords.

This password manager is itself protected by a password, called the “master password,” which must be known only to the user.

Subsequently, when you visit a website, the password manager remembers the different passwords created for you.

It is then easier for the user to create strong and varied passwords across the applications they use, not having to remember them afterwards.

What are the advantages? 

The first advantage of using a password manager is saving time.

Indeed, in addition to storing your passwords, password managers often have an autofill feature that allows you to access your account faster.

The second advantage is that you no longer need to remember all the passwords you create on each website, only the master password. Remembering a single password is much easier, so you can choose a complex and strong password.

The third advantage is the automatic generation of strong passwords.

According to the CNIL, a strong password must have at least 12 characters, lowercase and uppercase, as well as special characters.

It must also not indicate anything about you (date of birth, place of residence, etc.).

Most password managers suggest a strong, automatically generated password when you create an account on a website. This allows you not to have to ask yourself the question of the password you are going to create, while ensuring important security.

For businesses, knowing who has access to which account can sometimes be tricky to keep track of.

If some accounts are shared, it gets even more complicated.

This is why password managers also make it possible to manage access to shared accounts more efficiently. 

Once the password has been created on your account, you can share access to this account (username and password), without the person to whom you are sharing this access knowing the password used. 

The fifth benefit of using a password manager is being alerted when one of your passwords is compromised.

Indeed, there are currently billions of passwords available for sale on the dark web.

Some password managers therefore offer to alert you when one of the passwords you want to use appears to be compromised. 

By using a different password on each website, if one of your passwords is compromised, the hacker will not necessarily be able to access your other applications.

What are the different types of password managers? 

The first type of password manager is the password manager installed directly on your computer (desktop-based).

The passwords are then stored locally, on your computer, in an encrypted safe.

There are several limitations to the use of such a solution.

First, it is impossible to access these passwords from another device (a tablet, a mobile phone, etc.).

In addition, if you lose your computer, then you also lose all the passwords stored in this manager.

The second type of password manager fills these gaps, it is the cloud-based password manager.

All of your encrypted passwords are then stored on the service provider’s network (Dashlane, LastPass,1Password etc.). The Chrome browser also offers a password manager, but that will only be usable on Chrome.

The responsibility for the security of your passwords is then in the hands of these companies, which are not immune to cyber attacks, as illustrated by the two attacks suffered by LastPass in recent months.

The main advantage of these solutions is that all of your passwords are accessible from all your devices (phone, tablet, computer, etc.), as long as you have an Internet connection and your master password.

Most often these password managers consist of a simple extension of your Internet browser combined with a mobile or desktop application.

Within companies, the preferred alternative to passwords is Single Sign On (SSO).

Like password managers and as the name suggests, Single Sign On allows employees to access a range of applications with a single password.

It is a sort of passport into the digital world.

SSO authentication is very common in the B2B world. IT departments prefer this solution more than password managers because it reduces the time IT departments spend troubleshooting and resetting passwords. 

There are plenty of SSO authentication providers available on the market: Okta, Ping Identity, Forgerock, Microsoft, IBM Security Access Manager, etc. 

What are passwords’ best practices?  

The first good practice regarding passwords is not to multiply the use of the same password on different websites (even if you use a password manager).

You can thus create different, strong and complex passwords by letting the password manager remember them.

The second good practice concerns the length of your passwords.

Indeed, the shorter the password, the faster, even instantaneous, its hacking will be, as shown in the image below:

Cryptr - Length of your passwords

Care must therefore be taken to create complex passwords, with no connection to who you are, but rather sequences of letters (upper and lowercase), numbers, and special characters.

The passwords suggested by the managers comply with these security rules. If you have no ideas, you can simply accept the password suggested by your manager with one click.

As seen earlier, one of the advantages of password managers is that it remembers your various passwords for you, except for one, the master password.

For this master password, a good practice is to create a “passphrase” rather than a password: a series of random words, easy to remember but difficult to guess. Example: “carrot-porter-nomad-giraffe.”

The fourth and final good practice relating to your passwords is to activate the multi-factor authentication feature when it is available.

With this feature, you will need to verify your identity using two or more authentication factors, using something you own (a smartphone, tablet, bank card, etc.), something you know (secret question, code), or something you are (facial recognition, fingerprints, etc.).

This additional layer of security means that if a malicious person who knows your password tries to log in to one of your accounts, they will remain blocked on the login page because they will not have the second authentication factor (a code sent to your mobile phone for example).

Now that you know the usefulness of password managers and how they work, do not hesitate to download one, you will save time and security.

Especially since most password managers offer a free version!

For more information on the various authentication products developed by Cryptr, follow us on LinkedIn, Twitter, YouTube and Instagram.

And to discuss with our teams, you can book the slot of your choice by clicking here: Meet Cryptr 

Add enterprise SSO for free

Cryptr simplifies user management for your business: quick setup, guaranteed security, and multiple free features. With robust authentication and easy, fast configuration, we meet businesses' security needs hassle-free.

More articles

SAML vs SSO: Differences between SSO and SAML authentication

Uncover the key differences between SAML vs SSO in user authentication. How SAML enables SSO and their roles in enhancing identity security and login processes

Read more

A guide of Magic Link Login for Passwordless Authentication

Unlock passwordless authentication with email magic links! boost security and user experience. Discover our comprehensive guide to email magic link login

Read more