Skip to main content
Information Security

Blog Posts

A blue padlock icon on a glossy circular button.

A blue padlock icon on a glossy circular button.

Password Managers

Everything you need to know

A password manager tool is software that helps users to encrypt, store, and manage passwords. The tool also helps users to create secure passwords and automatically log into websites.

What is a Password Manager Tool?

A password manager tool is software that helps users to encrypt, store, and manage passwords. The tool also helps users to create secure passwords and automatically log into websites.

Who Might Use a Password Manager Tool and Why?

People should use unique passwords for each website or system they login to in order to help minimize the impact from the breach of one website or system. However, most users cannot remember a separate password for many sites and tend to reuse the same password or write them on sticky notes attached to their computer. Password manager tools allow users to more securely manage many distinct passwords and automatically log them into websites.

Benefits to Using a Password Manager Tool:

Password manager tools enable users to create and securely maintain unique passwords for websites and other systems without having to memorize or write down passwords.

Risks to Consider When Using a Password Manager Tool:

Special care should be taken to secure the password tool since it will grant access to all passwords. The “master” password that grants access to the tool should be a very strong, complex, and unique password; use multifactor authentication if possible. Additional considerations should be made about whether you want your password management tool to store the passwords locally or in the cloud.

Technology/Tools That a User Might Consider:

Below are three popular password manager tools that an end user might consider for use. Users should evaluate which tool works best for their own unique purposes. The Information Security Office does not recommend the use of a particular tool. End users employ these tools at their own risk.

KeePass (and http://keepass.info/)

does not share encryption keys with KeePass, provides a password strength indicator, and the password database is not stored in the cloud. Ease of use across multiple devices is a little more complex as the user needs to maintain access to their private password database manually.

1Password

does not share encryption keys with 1Password, provides a password strength indicator, and the password database can be stored in Apple’s iCloud, DropBox or locally on personal devices. Ease of use across multiple devices is easy if stored in the cloud, but more secure if stored locally. The iOS version can be configured to support Touch ID on compatible devices.

Higher Education Reference Pages

Boston University http://www.bu.edu/infosec/howtos/password-management/
Indiana University https://protect.iu.edu/cybersecurity/safeonline/passphrases/vaults
Pepperdine University http://community.pepperdine.edu/it/security/password/passmgrs.htm
Purdue University http://www.purdue.edu/securepurdue/pswdManager.cfm
University of Illinois at Urbana-Champaign https://security.illinois.edu/content/use-password-manager
*Adapted with permission from EDUCAUSE and the Higher Education Information Security Council. Not written by the author.

computer,apps,encryption,information security,infosec,password,password manager,security,safe,digital security,software