So, pretty much any good password manager won’t actually store your vulnerable passwords on their servers. What they’ll keep on their servers are the encrypted passwords for all your websites, but those passwords are useless unless a hacker has the decryption key (also commonly referred to as the Master Password) which is stored on *your* device (or in your head).

So say hypothetically that this password manager *is* unethical or lazy and they sell your data/get hacked. What the recipient will have are a bunch of encrypted passwords that are useless in their current state, and possibly even the encryption method. None of that will still give the hacker access to your accounts until they manage to get their hands on your decryption key or master password, which (hopefully), you’re good about protecting.

So a lot of these apps won’t get into exact specifics of what they do (as part of their security stance), but they use highest-level encryption, proactive monitoring, penetration testing, pattern recognition (e.g., a you normally access from one geographic area, all the sudden an attempt is made from the other side of the world), and the really good ones (like 1Password) are “zero-knowledge” systems. Meaning the company themselves cannot access your information due to the way they have their data, access, and other considerations structured. As others have mentioned the semi-randomness (in effect, every password is unique), combined with MFV (passkeys, 2FA, rotating keys, even physical keys in some cases) all combine to a much better security profile than “I use the same password for every site,” because humans just can’t remember that. Then add on that you can have VERY long and complex passwords (randomized strings or phrases).

But, the central access, how you access the app, has to be secure too. If one spent all this time setting it up and using complex passwords that are managed, and then used a simple password for access (without MFV: Mulfi-factor verification), then it’s reducing the overall benefit and increasing the risk.

As far as the company allowing access/selling, that would become pretty evident pretty quickly, and they would have to be pretty shady to set a honeypot trap like that. Which is why you should only use well-known and trusted apps that are established, which is true of most things like this.

The benefit of using a password manager FAR exceeds any risks. The alternative is a virtual guarantee that at some point there will be a compromise due to the almost guaranteed simplicity of passwords which are not stored/managed. Additionally, good ones (again, 1Password comes to mind) will even monitor to see if any of your passwords show up in leaks or dumps, as well as sites that have had breaches, and then alert you to change it.

Use one. Even Apple/Android native password management is an improvement of remembering passwords that are all the same or similar, but a full blown app like 1Password (don’t work for them, just really like them) is a vast improvement.

Just don’t EVER use LastPass. They had a pretty bad breach a while ago and the way they handled it…they shouldn’t be in business any longer.

Well, there’s two ways they can work. One is not as safe as the other.

Some services are “end to end” encrypted. That means the encryption keys are stored on YOUR device, and do not get stored by the company. They’re storing an encrypted file on their servers. But since you have the keys, they can’t decrypt the files. 1Password is a service like this. A good way to tell if a service is “end to end” is to look for two qualities:

* It’s hard to add new devices and may involve a convoluted process including one device that’s already added.
* If you forget your password you lose all your data.

The first one is because if it’s REALLY safe, the only person who ever has the “keys” for encrypting your data is you. The company does not have those keys. So they can’t give the keys to a new device, they can only help facilitate the transfer from one of your devices to the other. And if they’re being very honest, they can’t even be a “middle-man” and handle the keys at all. That makes transferring pretty complex.

The second makes more sense if we understand the less secure version.

LastPass is a service that does not do “end to end” encryption. They store the keys AND the encrypted file on their servers. So when you put in your password, you’re just proving you’re a person who should have access to the keys. Adding a new device is easy, because the company has and can share the keys.

This is why it’s easy to reset the password in these. The password’s not part of the encryption, it’s just part of gaining permission to use the keys. So when you change the password, nothing about the encrypted data changes. With end-to-end encryption, usually the password is PART of the key data, so if you forget it *it’s impossible* to decrypt the file. If the file can’t be decrypted, the password can’t be changed. If you still know the password, you can change it. When that’s the case what happens is you use the keys + password to decrypt, then keys + new password to encrypt a new file and upload that. If you legitimately forgot your password all you can do is delete the encrypted data and start over.

Services that aren’t end-to-end are a lot less safe. Ask LastPass. Last year they were fully compromised and the attackers stole BOTH users’ encrypted data AND the keys to unlock it. Game over. People shouldn’t use services like this. They are more convenient, but they also make it possible for people to steal ALL of your passwords at the same time. End-to-end services require someone to steal things from YOUR machine specifically, which is less likely.

So to address your question:

* End-to-end companies like 1Password can’t sell or lose your data because it is impossible for them to see your data.
* Companies like LastPass can sell or lose your data because they can decrypt it by themselves.

Note that practically no company’s going to sell your passwords. That would likely make them criminally liable. But they *might* sell a list of the sites you’ve saved passwords for. That’s valuable marketing data.

Reasons to use one:

1. Security. Randomized, long, and unique passwords for each account make you more secure. You can also use random passwords for answers to security questions and store those in a good password manager’s account entry as a note or something. A good PW manager encrypts these in such a way that they are not accessible by them or a bad actor.
2. Portability. Your passwords are everywhere with you, on all your devices.
3. Shareability. My family uses Bitwarden, and that way my wife and I can share passwords with each other while also having our own set.

The most annoying thing about this is when you have to enter a 20-digit random-character password somewhere while reading it off of your phone. But that’s pretty rare, TBH, and doesn’t negate the massive security benefits.

You need to consider the least bad option.

Is a password manager 100% secure? No.

Is it more secure than the alternative that most people do of using one password across multiple sites? Yes

Most breaches occur because a website gets hacked. The hackers then try that username and password across multiple sites. If the password manager means you can use a strong unique password for every site you visit the chances of being compromised are much lower.

Unless you have a superhuman memory for every password on every site or want the agonisingly slow process of keeping a secure record somewhere of all your passwords and needing to look it up every time you login then a password manager is the best compromise of ease and security.