Password Managers

Start using a Password Manager for most Passwords

We’re often told that the passwords for our online accounts should be really strong, and to not use the same password anywhere else. Especially for those important accounts like email, banking, shopping and social media.

The trouble is, most of us have lots of online accounts, so creating different passwords for all of them (and remembering them) is hard.

This is where a password manager can help. A password manager (or a web browser) can store all your passwords securely, so you don’t have to worry about remembering them. This allows you to use unique, strong passwords for all your important accounts (rather than using the same password for all of them, which you should never do).

In addition, many password managers are helpful because they can:

  • synchronise your passwords across your different devices, making it easier to log on, wherever you are, and whatever you’re using
  • help spot fake websites, which will protect you from phishing attacks
  • let you know if you’re re-using the same password across different accounts
  • notify you if your password appears within a known data breach so you know if you need to change it
  • work across platforms, so you could (for example) use a single password manager that would work for your iPhone and your Windows desktop

Saving passwords in your browser

When you’re logging into your online accounts, most web browsers (such as Chrome, Safari and Edge) will offer to save them for you. It’s safe for you to do this on your own device provided you keep them updated, but you should not do this on shared devices.

Browsers such as Safari and Chrome will ask before saving your password.

Note you should always make sure you are using the latest version of your browser (and operating system), and you should keep this up to date.

Saving passwords on shared computers

If you’re using a shared computer outside your home (for instance, at a college or library) you should never save your password in a browser.

If you’re sharing a computer in your household, either with family or housemates, then you’ll have to think about who else could access the computer (and therefore to your saved passwords), and decide if you’re ok with this. The safest option is to:

  • make sure that everyone has their own account on the shared computer
  • make sure that everyone logs out when they’ve finished using it

For help on setting up and using accounts on the same computer, please refer to the following links:

Using password managers

A password manager is an app on your phone, tablet or computer that stores your passwords, so you don’t need to remember them. Once you’ve logged into the password manager using a ‘master’ password, it will generate and remember your passwords for all your online accounts. Many password managers can also enter your passwords into websites and apps automatically, so you don’t even have to type them in every time you log in.

There are lots of different password managers, many of which you can use for free if you accept certain limitations. So it’s worth searching for online reviews, and finding one that meets your requirements. The NCSC also provides some technical guidance about the security features you may want to consider when choosing one.

If you use MacOS, you can use Keychain which is a password manager system built into the operating system.

Protecting your password managers

It is important to take steps to protect your password manager account, for the following reasons:

  • if you forget the ‘master’ password for your password manager, you will not be able to get back into your accounts
  • if a cyber criminal accesses your password manager account, they will have access to all your accounts

With this is mind, the NCSC strongly recommends that you:

  1. Turn on two-factor authentication on the password manager account. This means that even if a cyber criminal knows the ‘master’ password, they still won’t be able to access your password manager account.
  2. Choose a strong ‘master’ password to control access to your password manager account (for example by using three random words). Note that you can’t store this password in the password manager itself, so if you can’t remember it, it’s OK for you to write it down on paper, provided you keep it safe and out of sight.
  3. Install updates for your password manager app as soon as you’re prompted.