Home Password Manager Guides How Does a Password Manager Work?
Alex Popa Crypto & Tech Content Writer Author expertise
Disclosure
Disclosure
In our content, we occasionally include affiliate links. Should you click on these links, we may earn a commission, though this incurs no additional cost to you. Your use of this website signifies your acceptance of our terms and conditions as well as our privacy policy.

In this article, we’ll answer the question, ‘How do password managers work?’, explain their uses, guide you on getting started with them, and reveal why they’re the best way to store passwords.

Most of us have hundreds of accounts today, and keeping track of all those passwords is virtually impossible. Hence, we reuse passwords for our accounts or keep them in a notebook.

This is where password managers come in – they store all your passwords securely and conveniently. They also generate strong passwords automatically and offer autofill capabilities for increased protection and ease of use.

Below, we’ll show you how to use a password manager and help you make an informed decision about your online safety.

What Is a Password Manager And What Does It Do?

A password manager generates complex passwords and stores them securely, but that’s typically not all they do. Let’s explore their capabilities below:

They Can

  • Store your account credentials (username and password)
  • Encrypt your passwords to prevent unauthorized access
  • Auto-generate complex passwords
  • Sync your passwords to all your devices
  • Offer password-sharing mechanisms
  • Send security alerts for breached accounts and vulnerable passwords
  • Auto-fill account credentials on websites
  • Store PDFs, API keys, and other sensitive documents

They Can’t

  • Prevent malware from infecting your devices
  • Protect against keyloggers
  • Monitor your browsing activities
  • Detect spyware on your devices
  • Completely protect against user negligence

Why Use a Password Manager?

A password manager helps you transition from reusing passwords and notebooks to a unified workspace that you can access quickly. This brings convenience to an otherwise tedious process.

However, storing passwords digitally without using a password manager introduces new attack vectors, such as phishing, unauthorized access, and malware. So, how can a password manager guard against these threats?

It encrypts your passwords in a zero-knowledge ecosystem where only you can decrypt and access your personal information.

If you’re used to keeping passwords in a notebook, why would you switch to a password manager? Let’s see why below.

1. Password Generator

The biggest advantage of password managers is you don’t have to remember all your passwords anymore.

This lets you create more complex passwords, making your accounts more secure. And most password managers today have a password generator feature.

Password generator feature on 1Password

You can add uppercase and lowercase letters, symbols, and numbers to make the password unique and virtually impossible to guess. Password managers give you a lot of scope. For example, NordPass gives you 60 characters to play with for auto-generated passwords.

The longer and more random a password is, the harder it is to crack.

And best of all, you don’t have to know or remember it or even know what it is. The password manager does that for you.

2. Multi-Factor Authentication

Most password managers offer multi-factor authentication (MFA) functionality, locking your passwords behind additional security for extra protection.

These could be SMS codes, authenticator apps, or hardware keys. While they’re not all equally secure, they’re significantly better than no MFA.

1Password MFA options

Even if someone finds your master password (the password for your password manager account), MFA will stop them from accessing your password manager, protecting you from unauthorized access.

The golden standard of MFA is a security key (like a Yubikey or Titan), a physical token impervious to phishing attacks.

3. Auto-Fill Functionality

Password managers let you auto-fill credentials on websites by using browser extensions. This makes it highly convenient to log into services and platforms.

For instance, 1Password’s extension shows a dropdown list with your credentials when logging into an account for which you’ve saved a password.

1Password auto-fill options

Select the account data you want to fill in, and the password manager does the rest. With this, you can log into an account in mere seconds.

4. Support Across Multiple Platforms

Password managers typically support Windows computers, Macs, Linux, iPhones, and Android devices. They also work on various browsers like Chrome, Firefox, and Opera.

Even when you’re on the go, the mobile apps are robust enough to offer a seamless experience by giving you access to all the password manager’s core features.

How Do Password Managers Work?

A good password manager does much more than store your passwords. It offers a suite of services that improve your overall personal security and convenience.

Let’s talk about how password managers secure your accounts below:

1. Zero-Knowledge Ecosystem

A zero-knowledge ecosystem is the hallmark of any worthwhile password manager.

It means no one can access or decrypt what you store in the password manager – not even the app developers.

All the data is encrypted locally. This includes passwords, files, and personal information.

Even when the data leaves your device (for cloud sync), it is natively encrypted during transit. It only becomes readable on your device (which holds the decryption key) when you want to retrieve account credentials.

All the well-known password managers, such as NordPass, 1Password, and Dashlane, do this. So, it’s not a novelty feature as much as an expectation.

2. Password Sharing

Password managers let you share passwords in a more controlled manner.

Instead of copy-pasting the password to your friend’s chat, you can create a share link from within a password manager.

1Password sharing option for passwords

You can customize the expiration date, access parameters, and whether the link can only be viewed once or multiple times.

This adds significant privacy and security when sharing passwords. And it puts you, instead of the receiving party, in control of the situation.

3. Dark Web Monitoring & Security Alerts

Some password managers (like 1Password and NordPass) actively scan the dark web, searching for data breaches where your personal data was compromised.

If they find anything, they’ll alert you and recommend that you change your password or email address.

Best of all, you don’t have to enable this feature – it runs passively in the background.

1Password security alerts

Simultaneously, your password manager scans your passwords’ strength and repeatability (if you use the same password for multiple accounts).

If it identifies an issue, it sends a security alert that shows the problem and what you should do to mitigate the risk.

4. Single Sign-On

Single sign-on (SSO) lets business teams access a password manager using pre-existing credentials.

These credentials can typically also give access to several other business-related tools. For instance, a company may enable SSO on Slack, NordPass, and Monday, allowing employees to log into all three platforms using the same credentials.

Most modern password managers allow SSO for business accounts because it’s a highly convenient feature despite introducing new security risks.

If a hacker obtains access to an SSO account, they also gain access to all accounts linked to the SSO credentials.

5. Two-Factor Authentication

Two-factor authentication (2FA) lets you add additional authentication factors (like SMS or email codes) to your password manager account.

Not all password managers offer the same 2FA options, though. NordPass offers three: authenticator, security keys, and backup codes.

1Password, on the other hand, offers only two: authenticator and security keys. However, the Secret Key also counts as a 2FA, even though it’s not marketed as such.

1Password security key 2FA

2FA mitigates the risk of unauthorized access to your password manager – even if someone knows your email and password, they still need the 2FA codes or security token. Without them, they can’t access the account.

2FA only works on unrecognized devices/browsers.

2FA is irrelevant on devices or browsers on which you’re already connected to your password manager or you’ve connected to them in the past (recognized devices).

So, if anyone steals your phone and knows your password manager’s default credentials (username and password), they’ll be able to access your account unimpeded.

However, if someone tries to access your account from an unrecognized device, 2FA kicks in and keeps them out.

6. Cloud Sync for All Devices

An online password manager syncs your password vaults across all your devices, making accessing your accounts from anywhere easier.

Most password managers do this automatically when you install the app on your devices. For instance, installing NordPass on your desktop, laptop, and mobile device means you can add entries (like passwords) on one device and access them from the other two in real time.

Your data is completely safe with NordPass online backup. It’s all encrypted on your device, so when the information reaches our servers, we have zero knowledge about the data you’re storing in NordPass.

With NordPass’ XChaCha20 encryption mechanism, synched data is virtually impregnable to external attacks.

Types of Password Managers

There are three types of password managers – offline, online, and stateless or token-based.

Each has pros, cons, and use cases for specific needs. Below, we’ll explain each password manager type and help you make an informed decision about which one may be right for you.

1. Offline Password Managers

Unlike online (cloud) password managers, offline ones save passwords and other data on your devices (locally) and don’t require an internet connection.

Technically, they’re much safer and more private than cloud-based password managers because you control your data flow.

There’s no intermediary between you and your password manager.

KeePassXC interface

Offline password managers include KeePassXC, Pass, and Enpass, with the latter considered one of the best offline password managers available today.

However, offline password managers are less convenient to use – device synchronization is a hassle (if at all possible in some cases), and you have to keep the app up to date manually.

Using an outdated version could have devastating consequences due to unpatched security vulnerabilities.

Here’s an overview of offline password managers:

Pros

  • Increased privacy compared to online password managers
  • Typically free of charge
  • Open source architecture
  • Doesn’t require an internet connection

Cons

  • Less convenient to use
  • Limited synchronization options
  • Harder to keep up to date

2. Online Password Managers

You’re probably most familiar with online or cloud-based password managers – 1Password, NordPass, and LastPass are a few examples.

They store your passwords on the cloud and use state-of-the-art encryption to secure them.

Online password managers typically operate in a zero-knowledge environment, which means they can’t access or decrypt your passwords.

Only the user has the means (master password) to access and decrypt their vault. Most password managers also ensure your master password never touches their servers in an unencrypted form.

1Password interface

Even though online password managers take every security precaution to keep their users safe, your data is still stored online (on the cloud).

This includes passwords, number of vaults, usernames, and sites you have an account with.

More security typically leads to less convenience, though.

If you’re privacy-conscious, you may prefer an offline password manager without all the bells and whistles of online password managers.

But if you favor convenience and comfort, you’ll compromise on the extra privacy to get the seamless experience of an online password manager.

Here are the pros and cons of online password managers:

Pros

  • State-of-the-art encryption protocols
  • Seamless cloud sync for all your devices
  • Typically audited by external security organizations
  • Password-sharing capabilities
  • More scalable for business use
  • Easy to keep up to date
  • Faster security advancements

Cons

  • Technically less private due to cloud-based storage
  • Subscription-based (no one-time fee)
  • Less control over your data

3. Stateless Password Managers

Stateless or token-based password managers don’t save your passwords anywhere. There’s no database of passwords, online or offline.

 LessPass stateless password manager

These password managers typically require three things to create and ‘retrieve’ passwords:

  • Master password
  • Username
  • Website URL

When you first create a password for an account, you enter the website URL, your username, and the master password.

Using these details, the stateless password manager creates a unique and seemingly random password. You use that password for that account, and it’s not stored anywhere.

The next time you connect to that account and enter the master password (always the same), username, and website URL into the password manager, it’ll mathematically compute the same password it originally created.

That’s because every generated password is a hash built from the master password, website URL, and username. Applying the same mathematical function will always retrieve the same password.

Some stateless password managers allow token-based authentication as a 2FA for the stateless password generation process. This means security keys like Yubikey and Google Titan.

There’s a catch, though. A big catch.

Passwords generated with stateless password manager are deterministic, not random.

This means a hacker can technically reverse-determine your master password if they know any of the passwords generated from it.

A complex master password can alleviate this risk (mostly). Technically, however, there are as many ways to crack your master password as the number of passwords derived from it.

This problem doesn’t exist with offline or online password managers. Passwords generated with these are truly random.

To summarize the benefits and downsides of stateless password managers:

Pros

  • Free and open-source
  • Invulnerable to data leaks since there is no database

Cons

  • Complicated, cumbersome, and inconvenient to use
  • Requires you to remember the usernames for all accounts
  • Changing your master password means changing all generated passwords
  • Every compromised password can be used to brute-force your master password
  • Your master password is the single point of failure for all generated passwords
  • Cannot store additional data like documents, API keys, or security questions

How to Choose a Good Password Manager?

Choosing a good password manager is no easy feat, with so many alternatives on the market. Here are several key features to look for in a good password manager:

  • Good device compatibility
  • Solid encryption (AES-256 + SRP)
  • A zero-knowledge ecosystem
  • Secure file storage (like PDFs and API keys)
  • Customizable password generator
  • Automated sync between devices
  • Vault health reporting (like password strength indicators)
  • Auto-fill capabilities
  • Multi-factor authentication (like SMS codes and security keys)
  • Ease of use and intuitive interface

We’ve tested and reviewed many password managers, so we know what to look for and the common issues they tend to have.

To help you decide, we’ve made a list of our top picks.

Password Manager Top Choice For Starting Price (/month) Free Trial Standout Features
NordPass XChaCha20 encryption $2.16 Yes (browser extension only) – Passkey compatibility
– Autofill capabilities
– Data breach monitoring
– Strong password generator
1Password Secret key encryption $2.99 No – Password tags
– Watchtower
Dashlane Unlimited password sharing $4.99 Yes (browser extension only) – Dark web monitoring
– Single sign-on
Keeper Emergency access $2.92 Yes – 24/7 customer support
– Unlimited devices
Roboform TOTP authenticator $2.49 Free plan – Passkey support
– 1-click login

NordPass stands out with its XChaCha20 encryption, which is less resource-intensive than AES-256 (currently used by all other password managers) and has a higher safety margin.

1Password is another great choice due to its Secret Key encryption, and Keeper offers emergency access in case you lose your password. Roboform is also the only password manager on our list with a free plan.

Check out our list of the best Android password managers for a more in-depth analysis of password managers.

How to Setup a Password Manager

Setting up a password manager only takes a few minutes. We’ll use 1Password to show you how it’s done.

1. Select the Free Trial Option

Go to 1Password, select ‘Get started’ on the homepage, and then select a free trial option.

1Password subscription plans and free trial option highlighted

2. Create an Account

Fill in your name and email address, and select ‘Next’ to create your 1Password account.

1Password account creation screen

1Password will send a code to your email. Enter it in the next window to proceed.

1Password email code verification process

Create your 1Password master password and select ‘Next.’ Remember that if you forget the password, you lose access to your account.

1Password account password creation

3. Select a Payment Method

Select ‘Add a payment method’ and fill in your credit card information, or select ‘Create Account and add a payment method later.’

1Password payment process

4. Save Your Secret Key

1Password will now create (locally) the Secret Key, the crux of its encryption protocols. Select ‘Save PDF’ and save the file someplace safe.

1Password emergency kit and secret key highlighted

The PDF contains instructions on how to use the Emergency Kit. It will also have a copy of your Secret Key and another field for your password.

Remember, you can’t reset your master password using the Secret Key. The latter only functions as additional security for your account.

5. Install the Apps

Once you access your account, select ‘Get the apps’ to install the desktop and mobile apps.

1Password ‘Get the apps’ option highlighted

Select an OS option below, depending on which apps you want to install.

1Password app options highlighted

After installing the apps, log into your account using your email, master password, and Secret Key.

6. Create a New Entry

We’ll use the desktop app for this part. Once you open it, select ‘New item’ in the top-right corner. Then, select ‘Login.’ This is the most common type of entry for login information in 1Password.

Alternatively, you can select other options, such as ‘Document’ or ‘API Credential,’ to add different entries.

1Password new entry creation

Change the name of the entry in Step 1, then enter your username in Step 2 and the password in Step 3. To use the password generator, select ‘Create a New Password.’

The password generator will pop up, and you can customize the length and composition of your new password. When you’re happy with it, select ‘Use’ to fill it in.

1Password new account details highlighted

Don’t forget to click ‘Save’ at the bottom to save your entry.

1Password new entry ‘Save’ button highlighted

7. Share a Password

To share a password, select ‘Share’ in the top-right corner and ‘Get Link to Share’ in the pop-up window. This will copy a share link to your clipboard.

Paste it to your friend’s chat to share it with them.

1Password sharing feature

If you choose ‘Can be viewed only 1 time,’ the link will expire after the receiving party accesses it once.

1Password one-time sharing expiration

This lets you control password sharing and avoid unauthorized access from links you forgot you shared. NordPass also has this feature.

Should You Use a Password Manager?

Keeping passwords in a password manager database is crucial nowadays, especially with cybercriminals getting more sophisticated.

Without a password manager, we often reuse passwords, compromise on password complexity, or record our login details in a notebook. The first is like asking to be breached; the rest are not ideal.

A password manager like NordPass saves you from all this hassle and secures your online life with state-of-the-art encryption and zero-knowledge principles.

FAQs

Is it a good idea to use a password manager?

Do password managers change your passwords?

What disadvantages of password managers do you know?

Do password managers know your passwords?

References

The Tech Report - Editorial ProcessOur Editorial Process

The Tech Report editorial policy is centered on providing helpful, accurate content that offers real value to our readers. We only work with experienced writers who have specific knowledge in the topics they cover, including latest developments in technology, online privacy, cryptocurrencies, software, and more. Our editorial policy ensures that each topic is researched and curated by our in-house editors. We maintain rigorous journalistic standards, and every article is 100% written by real authors.

Alex Popa Crypto & Tech Content Writer

Alex Popa Crypto & Tech Content Writer

Alex is a content writer passionate about data privacy, cybersecurity, and crypto. You’ll often find him geeking out on the latest security key, password manager, or the hottest crypto presale, looking for that one digital currency to rule them all.

With over six years of freelance writing under his belt, Alex fell in love with the process. From researching data and brainstorming topics to comparing cryptocurrency whitepapers and digging deep into crypto roadmaps, it’s all in the keyboard. Ideally, a mechanical one with brown switches.

Alex is an eternal learner who knows that continuous improvement is the best way to remain relevant. Currently, he's brushing up his E-E-A-T and SEO skills, but who knows what comes next?

In his spare time, he enjoys video games, horror movies, and going to the gym, which sometimes conflicts with his gourmand nature. Oh, well, you can't have them all.

Follow Alex on LinkedIn