Disclaimer: We sustain our work & review products through paid collaborations.
4 Security Concerns and Risks With Password Managers

4 Security Concerns and Risks With Password Managers


It’s a cold hard fact that while connected to the internet, nobody is ever 100% safe. However, it’s up to individuals themselves to ensure they stay risk-free online. The most important thing we need to protect is our passwords, and one solution to that is using a dedicated password manager software. Naturally, some users have concerns about using a password manager. Here we’ll address the top four security concerns users have with these services and show how password managers combat them.

4 security concerns and risks with password managers

1. Keeping all your eggs in one basket

The curious thing about password managers is that, theoretically, hackers are only one step away from accessing absolutely everything in your vault. However, in the same way gold is stored at Fort Knox, there’s no problem storing everything in one place so long as it’s totally protected. That’s why password managers are so secure – because they offer the best online defenses. For instance, the well-known password manager LastPass encrypts everything in your vault using military-grade AES-256 encryption so that even if someone was able to grab all your data, they still won’t be able to read it.

2. Hacked password managers

A vault full of your important details counts for little if password managers themselves can be hacked. So, is it possible to hack a password manager? The short answer is yes – in fact, most password managers have experienced some kind of breach in the past. However, it’s extremely rare that users’ passwords are ever leaked from a hack as they’re fully encrypted at all times. What’s most important though is how the company reacts to the breach – something we’ll explain more about below.

3. Data for sale

Users’ personal data has immense monetary value nowadays. So, imagine what a goldmine password manager companies are standing on with the details to all your accounts. However, password managers couldn’t sell your data even if they wanted to. This is because they don’t actually know anything about what’s in your vault. For example, with LastPass, not only is your vault completely encrypted, your master password is known only to you (so don’t lose it!).

4. Using public Wi-Fi

Although public Wi-Fi is a great convenience, you shouldn’t trust it with your security as it can suffer from what is known as a man-in-the-middle attack. All the hard work done by you and your password manager is undone if you’re using an insecure connection. So, while your password vault will remain secure, as soon as your data leaves the vault it’s potentially compromised. However, you can use your password manager in conjunction with a VPN for added security which will keep your data safe no matter where you are.

Furthermore, just because your account credentials are stored away in a secure vault doesn’t mean you can relax. Make sure to update all your passwords for new and improved ones by utilizing a password generator as this will help avoid password spraying. In fact, LastPass has a handy online password generator to try out. Finally, make sure you take advantage of any two-factor or biometric authentication that password managers offer.

 

How password managers deal with breaches

Although password managers can never fully guarantee your credentials’ safety, the difference in security is like going from a house guarded by a puppy to a compound patrolled by armed guards. But what if someone does sneak through the perimeter?

There’s nothing worse for a password management company than a security flaw. Offering a secure vault for your credentials is their bread and butter and a breach is the worst news imaginable. To keep their customers’ trust, transparency is key. The only time LastPass has even been breached was back in 2015 and the company was very open about the entire process. The attack on LastPass meant that that some email addresses and password reminders were compromised, but the passwords themselves remained safe. At the time, LastPass sent out emails and updated their blog frequently to keep their users up to date.

Most importantly, because of that attack LastPass improved its software and became even more secure – which is why password managers are such useful pieces of software. Not only do they keep your vital information safe now, they evolve and provide regular software updates to continue keeping your information safe from future threats as well.


Best password managers of 2025

Editors' choice

RoboForm

Editor's rating:
Identifies weak, reused passwords
Future-ready, seamless logins
Easy to use
Budget-friendly
Families

LastPass

Editor's rating:
Logical interface
Automated password categorization
Advanced mobile version
Various two-factor authentication options
Businesses

1Password

Editor's rating:
Keeps your data fully private
Protects against unauthorized access
Protects against unauthorized access
One-time password support
Security features

Keeper

Editor's rating:
Protects against data breaches
Works on all major devices
Budget-friendly
Help when you need it
Personal use

NordPass Personal

Editor's rating:
Keeps data safe and encrypted
Creates strong, unique passwords
Great value at no cost
Affordable premium upgrade
Password sharing

Dashlane

Editor's rating:
Updates weak passwords quickly
Encrypts your online traffic
Easy migration from other tools
Full mobile functionality
Local storage

Enpass

Editor's rating:
Comprehensive password management
No cost on desktops
Full control of your data
Keeps your info fully secure

Discussions

Share your thoughts, ask questions, and connect with other users. Your feedback helps our community make better decisions.

©2012-2025 Best Reviews, a clovio brand – All rights reserved