Privacy glossary

Password manager


What is a password manager?

A password manager is software that stores the usernames and passwords to your online accounts. It can automatically fill in usernames and passwords on login pages, generate new random passwords, and sync your passwords across multiple devices. Using a password manager can save you a lot of hassle and—when used properly—dramatically improve your privacy, safety, and security online.

Why should I use a password manager?

Poor password practices are a very common way for people to get hacked. If you use a common password like “password123”, it will be very easy for hackers to guess. It’s also easy for hackers to guess passwords derived from personal information like names and birthdays of family members, or from common phrases like “GoYankees”. Furthermore, if you use the same password on multiple sites, a hacker who gets your password for one site can then get into your accounts on other sites without any additional effort.

You can avoid all that by using a password manager, which remembers your passwords for you. Since you don’t have to memorize your passwords, you can use long randomly-generated passwords that hackers can’t guess, and you can use a different password for every account.

In addition to usernames and passwords, most password managers can also store and auto-fill credit card numbers, which can save you a lot of time when buying things online.

How do I use a password manager?

Major browsers all have password manager functionality built in. There are also standalone desktop and mobile apps, which integrate with your browser through an extension. Two popular and reputable standalone password managers are 1Password and Bitwarden. Another widely used option is LastPass, but security experts no longer consider it trustworthy, after a recent serious data breach.

To start using a password manager, you can either enable the feature in your browser (visit your browser’s support page for instructions), or install a standalone app from your device’s app store. Standalone apps will help you install their browser extensions. With a standalone app, you’ll need to sign up for an account, and possibly pay for a subscription; visit the specific app’s support pages for details.

You may need to choose a master password. You’ll use the master password to “unlock” the password manager and get access to your stored passwords. No one will be able to access your stored passwords without the master password—not even the password manager’s developer. It’s very important to choose a master password that you can remember, but that no one else can guess.

Once you enable a browser’s password manager, or install a standalone password manager’s extension, it will offer to save your username and password any time you log in to a site. From then on, the password manager can automatically fill in the username and password fields when you’re logging into that site.

Password managers also include a feature to generate a new, random password. You can choose how long you want it to be, and whether to include digits and special characters. You should use this any time you create a new account. You should also consider replacing old passwords for existing accounts with randomly generated ones—especially for important accounts like banks and social media.

You can also add your credit card number to the password manager, so that it can auto-fill the number on checkout pages. 

How do I choose a good master password?

It’s important to choose a master password that’s easy for you to memorize, but hard for anyone else to guess. There are a variety of techniques for doing so.

One popular technique is to simply choose four or five random words and put them together. This makes memorization easy: You can create a mental image that involves all four words. For example, you can memorize the four-word password “overlap-roulette-traffic-resent” by imagining overlapping roulette tables, which cause a lot of traffic that you resent.

Note that if you use that technique, it’s crucial that the words be truly random and unrelated to each other. It’s best not to try to come up with random words unassisted. Instead, you can use something like the “Diceware” technique. To pick each word, you roll a standard six-sided die five times, assemble the results into a five-digit number, then look up that number on a Diceware word list (such as EFF’s). For example, if you rolled 3, 4, 1, 2, and 6, you would look up the number “34126” on a Diceware list. Then you’d repeat the process to generate more random words.

Ready for a better Internet?

Brave’s easy-to-use browser blocks ads by default, making the Web cleaner, faster, and safer for people all over the world.