Go ahead; forget it because a password manager will remember it for you!? So what is a password manager anyway and what is the point of one? A password manager enables you to login to all your accounts from one master password without having to worry about not remembering them, as you only have a master password to remember. The password is usually encrypted for you so that you also don’t have to worry about doxxers trying to steal it. A password manager is the most easy and effective way of having strong passwords stored across multiple devices without the dangers involved with traditional passwords. Password managers also often help you not only with logins, but with high-profile security account details being kept secure, life banking details, emails, pay-pal credentials and so on.
How do password managers work?
There are three main types of password managers, one is the offline password manager which stores the passwords on your actual devices. There is secondly the web-based password manager which is stored on a cloud giving you a wide level of accessibility across various devices. Lastly, there are token-based or stateless password managers. This one involves a local piece of hardware which is usually either a usb stick or flash disk which contains a key to unlock a particular account. There is not a particular need for a list of passwords to recall as a password vault as the token generates a new one every time you login to a new account.
Can you use multiple password managers?
You can but you shouldn’t. You're effectively increasing the chance of your credentials being stolen if you use two or more password managers with identical credentials. This is due to the fact that there are now more entrance points. In general, password managers all have the same level of security; however there are issues when you try to use more than one at the same time.
Having more than one password manager only opens up the flood-gates to doxxers. Therefore, we recommend finding one well-secured manager; one with a quality cipher-system and with a strong encryption key. Also, having multiple password managers would only make the use of a password manager obsolete as the whole point of a password manager is convenience, that is to only use one master password, or to have less to remember. In other words, by adding more logins, you are adding alternative methods of accessing your account, which is only opening more entryways to your passwords.
Therefore, adding more methods of logins cannot reduce the risk of hostile hijack, but rather increases the risk since more passwords provide the attacker with additional entry points. If you use more than one login, then your "security level" is only as high as the weakest authentication system you are using.
We can suggest that if you must use a password manager, you may use a stateless or token-based password manager for sites which allow it. You can then use an offline or cloud-based alternative for the remaining ones.
Likewise, there are certain cases such as with offline password managers where you can use multiple password managers as you want, as long as they don't have the same entries.
There is also another alternative for people who have high-profile important passwords and less important accounts which they want to keep on different password managers. This is a little bit inspired by the don’t put all your eggs in the same basket analogy.
This is called the 2-password manager method. This is when instead of using one password manager you use one password manager for all of your highly sensitive information and another on your device for non-important every-day passwords. But in general this is usually a less common practice as it can cause issues when importing and exporting passwords.
We hope that this guide has helped you. You may also be interested in our guide on Do password managers work offline? Or Are password managers a single point of failure? We are pragmatic paranoia, being paranoia at its best, bringing you the latest cybersecurity news!