Password Managers are commonly recommended by security experts, yet not everyone agrees with them. Skeptics often associate the use of password managers to putting all your eggs in one basket. An investigation into users’ considerations towards using password managers (Fagan, M., Albayram, Y., Khan, M.M.H. et al) reveals that “non-users are more likely to feel suspicious compared to users,which could be due to misunderstandings about the tool.”
Users, on the other hand, noted convenience and usefulness as the main reasons behind using the tool, rather than security gains. This means a large portion of users don’t really consider security as the primary benefit while making the decision. It’s no surprise since our online behavior is yet to change. The fear of forgetting is stronger than the fear of being hacked, according to a study conducted by LastPass and Lab42. Although we know having a weak password is bad, as evident in major online breaches, we choose the easy route anyway – Cognitive Dissonance, for short. Hence, poor password choices and password management (e.g. writing them down on paper, and eventually losing them). At this point in time, it’s better to have the eggs in a basket, than to have none at all.
The question now is, “can you trust the basket?” Well, while we’ve yet to to create a more universal and secure method of limiting account access, it’s definitely more trustworthy than the human brain. Password managers are able to encrypt all your logins in the vault. This means that even if hackers are able to intrude the password manager itself, all your individual logins stored will remain indecipherable and uncompromised.
Though most password managers can generally autofill, test, and change your passwords for you, it should still be treated as a high-involvement purchase (or download) given that they have different package offerings, and interface designs. Some even cater to specific operating systems.