Are Password Vaults Secure?

Password vaults can make our lives convenient and give us comfort in our personal lives, but are they secure? Trusting a company with all your credentials can seem pretty scary – especially to those of us who understand that there is no such thing as a perfectly secure application. Yes, there is risk in using a password vault. Even some of the larger and more well-regarded password vaults have had security incidents. For me, it is about managing risk. I believe that for the vast majority of people, the risks in using a password vault are much less dangerous than the alternative.

You can also increase the security of this solution by applying some of the same, common-sense principles that you should be using elsewhere in your life. First, make sure that you choose a very long master passphrase (20+ characters) that has some complexity. It doesn’t need to look like “d8$k24Vs(&3i90q0i6%x7?jsq1wn^DP7Qe2.” Something like “n3v3reatradishn@ch0s1nbed” (never eat radish nachos in bed) provides a reasonable balance of length and complexity with the human need to remember it. Second, only choose a vault that supports two-factor authentication. 

In the event your master passphrase is compromised, this will at least make it more difficult for an attacker to login to your account. Ensure that you have screen lock timers set for all your devices, and lock your devices manually when leaving them unattended. As you add passwords to your password manager, use the opportunity to change them. Storing your passwords securely doesn’t mitigate the dangers of password re-use!