Learn

Personal Resource Center

Are Password Managers a Good Idea?

Fingers typing on laptop
Safe icon
Did you know? A password manager can generate and store your passwords for you automatically.

What Is a Password Manager?

A password manager is a software application or hardware device that creates strong, complex passwords for online accounts. The program provides access to those passwords via a master code that you, the user, create. The password manager also saves and protects other sensitive data, like user IDs, personal identification numbers, credit card numbers, and answers to security questions. All you need to remember is the master code.

The various types of password managers differ, mainly based on where your passwords and other log-in credentials are stored—most commonly in your web browser, in the cloud, on your desktop, or on a portable device, such as your mobile device or a USB plug-in.

 

How Much Do Password Managers Cost?

Prices​​ for password managers vary based on their specific features, including encryption methods, two-factor authentication, account recovery options, cloud storage capacity and the range and quality of additional features offered. As of December 2023, 1Password, Dashlane and RoboForm offer different features in their plans, starting at $2.99, $2.75 and $0.99 per month respectively, with 1Password providing strong encryption and a Travel Mode, Dashlane offering dark web monitoring and a VPN, and RoboForm excelling in form-filling capabilities.1

 

What Are the Risks When Using a Password Manager?

No information security system is risk-free, but password managers have some built-in protections that lower their risks considerably. Of course, one of the biggest challenges they face is keeping up with hackers' ingenuity.

“One risk that I see is if there are vulnerabilities in the code for the password manager," says Rakesh Verma, professor of computer science and director of the ReDAS (Reasoning and Data Analytics for Security) Lab at the University of Houston. “It's possible that attackers can try to reverse-engineer the code."

In other words, a hacker could potentially figure out the source code for the password manager and use that info to break into the site. But Wright says the risk of someone breaching a password manager's site is only modest with a high-quality program, because they are built securely enough to block most such attacks.

Another risk is that someone might learn your personal master code. The good news is that most password managers use a multi-factor authentication process, which requires multiple steps to verify your identity, including both a password and an additional step, like entering a code sent to your smartphone or your personal email address. This greatly lowers your chance of getting hacked if a cyber thief does gain access to your password.

To bolster your security, Wright says, pick a password management company with a good business reputation.

 

Are Password Managers Safe for Accounts That Have Financial Information?

Considering the risks that stem from using weak passwords and the challenge of keeping track of multiple accounts, Wright sees password managers as useful and reasonably safe tools. But think very carefully before using one for your banking and other financial accounts.

“I would not recommend using a password manager for very high-value accounts if you can manage to remember one pretty-good password for each one," Wright says, referring to accounts containing large sums of money that a thief could potentially steal via direct transfer. “For everything else, a password manager is a fine solution."

 

What Happens If Someone Gets My Master Password?

If someone obtains or steals your master password, then that person will have access to all passwords that are saved in the password manager — granting them carte blanche access to all of your accounts.

Some password managers have been found to have security vulnerabilities, such as storing the master password in local memory in plain text while running, which could be exploited if an attacker gains access to a user's machine's RAM.2 Additionally, a specific vulnerability named AutoSpill affects several mobile password managers on Android, compromising the security of credentials shared via WebView.3 Despite these flaws, password managers remain a safer option than not using one, provided you stay vigilant with updates and employ additional security measures like anti-malware software and two-factor authentication.

Besides someone stealing your master password, another risk is the chance you'll forget your code and be locked out. With some password managers, you may be able to get a hint about your forgotten password — or even the ability to reset your password if you're still using the same computer or mobile device you were previously using the password manager on. With most password managers, however, you'll be locked out permanently if you forget your password and will have to reset the passwords you had stored on the password manager manually — that is, by visiting the online account pages for each of the sites. Of course, that inconvenience would still be minor compared to having your account information stolen.

 

Are There Any Good Alternatives to Password Managers?

If you don't feel comfortable using a password manager, Verma has another idea for creating multiple strong passwords and making them easy to recall. While he thinks password managers are reasonably secure, he doesn't use one himself. Instead, he creates his own passwords using an algorithm.

You don't have to be a computer science or math whiz to do this, Verma insists. An algorithm is simply a step-by-step process.

“An algorithm is like a recipe, except that it's much more systematic and straightforward, so that even a computer can execute the steps," Verma says.

Here's how it would work: You design a password formula that includes both special elements you are likely to remember and parts that relate to each financial account. For example, you might pick some letters from the bank name, some digits from a family birth date, and a couple of symbols. The basic steps would be the same for each account password, but the specific characters would vary. You could memorize or store the formula – and maybe some hints to help you recall each password – without having to memorize dozens of codes.

Whether you decide to use an automated password manager for most of your passwords or go the DIY route, you need a system for creating passwords that are unique and hard to breach. And whatever you decide, be sure to keep those super-sensitive financial account passwords off your password manager.


Consider Signing Up for Credit Monitoring

Does remembering to regularly scan your credit report sound exhausting? Another option: Choose a service that will do the credit monitoring for you.

For example, as a Synovus Plus, Synovus Inspire, or Synovus Private Wealth customer, you can enroll in complimentary Financial Protection Services services through Carefull. Depending on the level of protection you have, Carefull will monitor your credit reports and notify you any time any changes are made. Carefull will also scan the web to make sure your personal information hasn't been compromised by checking websites, blogs, peer-to-peer networks. Carefull also offers full-service identity restoration if you become a victim of identity theft.

Learn more about how you can achieve peace of mind as a Synovus customer with Carefull.


Important disclosure information

  1. Safety Detectives. "How Much Does a Password Manager Cost? Get The Best Deal," updated December 12, 2023, accessed December 26, 2023 Back
  2. All Things Secured. "Are Password Managers Safe in 2023? (+ trick to ensure they are)," published January 9, 2023, accessed December 26, 2003 Back
  3. Archyde. "Top password managers have serious flaw in common, researchers say," published December 16, 2023, accessedMarch 21, 2024. Back