Javascript is not enabled.

Javascript must be enabled to use this site. Please enable Javascript in your browser and try again.

Skip to content
Content starts here
CLOSE ×

Search

Leaving AARP.org Website

You are now leaving AARP.org and going to a website that is not operated by AARP. A different privacy policy and terms of service will apply.

Why Experts Say Everyone Should Be Using a Password Manager

Whether free or subscription-based, these services can make your digital life easier and prevent cybercriminals from stealing your data​

spinner image a broken lock illustration is surrounded by insecure passwords written on sticky notes
iStock / Getty Images

Nearly 1 in 3 Americans say they’ve already been victims of online financial fraud or cybercrime, a recent Wells Fargo poll found. And the threat continues to grow. This year, the cost of cybercrime is expected to soar to $9.5 trillion worldwide, up from an estimated $8 billion in 2023, according to Cybersecurity Ventures, a research firm in Northport, New York.

Unfortunately, many of us end up assisting cybercriminals by using easy-to-crack passwords. We’ll reuse the same passwords over and over, or choose obvious terms like a pet’s or a child’s name (or, worse, something like 1234abcd), instead of taking recommended safety measures such as using passwords at least 12 characters long and a combination of letters, numbers and symbols.

spinner image Image Alt Attribute

AARP Membership

LIMITED TIME OFFER

Flash Sale! Join AARP for just $9 per year with a 5-year membership. Join now and get a FREE GIFT

Join Now

But with the average person having to keep track of dozens of passwords, it’s no wonder that we take shortcuts that can put us at risk of cybercrime.

The good news is that you can solve that dilemma by using a password manager — a software app or browser-based service that stores your passwords securely and will even generate strong passwords for you.

A password manager is “an invaluable tool to add complexity and ensure safety to an individual’s security profile,” explains Rahul Mahna, a partner at consulting firm Eisner Amper’s Outsourced IT Services team. “As with any technology, there are gaps that will become apparent at times. However, a password manager is still the best commercially available product for handling user security.”

Use of password managers has surged in recent years, but even so, surveys indicate that only about a third of computer users employ such protection, according to computer security expert Roger A. Grimes, who thinks that the actual percentage is probably even less than that.

Instead, many of us are sticking with low-tech remedies such as writing passwords down on a piece of paper stashed in a drawer, storing them in a document on a computer or relying on memory (good luck with that).

Choosing a password manager

 Most commercial password managers come with a subscription fee. LastPass, one of the biggest password manager companies, has monthly consumer plans that start at $3 a month and $4 for families, for example. Other popular brands include Keeper Security, Bitwarden (whose basic plan is free; a premium account with added features is $10 a year), Dashlane and 1Password.   

4 steps to take now to keep your data secure

  1. Use a password manager.
  2. Use a different password for every website and service.
  3. Don’t use the same root password, merely adding numbers or symbols to make it different.
  4. Use passwords that are long and difficult to guess.​

There are also free password managers built into browsers from tech giants Apple, Google and Microsoft. Mozilla’s Firefox also offers one. But is it worth paying for the subscription-based services? Many cybersecurity expert say yes. They include Steve Morgan, a cybersecurity researcher and editor in chief of Cybercrime Magazine,​ who points out that subscription-based managers have useful features, such as “password health check, encrypted cloud storage, support for biometrics” such as facial and fingerprint login. Keeper, for instance, offers a Secure File Storage plan for $9.99 a year (on top of the $34.99 annual subscription) to prevent cybercriminals from accessing sensitive documents, like tax files.

“If someone makes a life decision to get serious about security and to manage their passwords, then they should really think about one of the paid apps, which really aren’t that costly and will have them covered long term,” notes Morgan, whose company also owns Cybersecurity Ventures.

Why? The free browser-based options may not be as secure as the paid services, says Ed Skoudis, president of SANS Technology Institute, a Bethesda, Maryland college that focuses upon cybersecurity. The subscription-based services “offer better encryption and security practices. A single vulnerability in a browser, which is a very complex piece of software with an enormous attack surface, could expose a user’s passwords or sensitive data. Password managers, on the other hand, are simpler pieces of software with a narrower attack surface.”

Technology & Wireless

Consumer Cellular

5% off monthly fees and 30% off accessories

See more Technology & Wireless offers >

The subscription-based managers have been hit by hackers, however. In 2022, LastPass, for example, was hacked twice by cybercriminals. According to a 2023 blog post on the company’s website, in the second incident the hackers managed to download a trove of information that included backups of customers’ vault data. Even so, the password manager has claimed that its design helped protect its customers’ most sensitive information: Their “end user usernames, passwords and secure notes, were all encrypted,” LastPass spokesperson Elizabeth Bassler explained in an email.

Browser-based password managers have other limitations. Sharing passwords with family members, for example, is a built-in option on the paid applications, since subscribers log in with a master password that can be made available to all household members. With a browser such as Chrome, in contrast, passwords are locked up with your personal account, the one that controls your email, and you may not be willing to share that information.

Benefits of free password managers

How to Keep Your Data Secure

  1. Use a password manager​
  2. Use passwords that are long and difficult to guess for all your accounts​
  3. Use a substantially different password for every website and service. It’s particularly important that your master password for your password manager be unique and hard to crack.
  4. Set up two-factor authentication to access your password manager, so you'll need both your master password and a unique code sent by text to your device every time you log in.

 Free password managers do have some advantages. Besides their cost (or lack thereof), they’re easy to use. When you create an account that requires a password, the browser will ask if you’d like it to save the password. Just click “yes,” and you’re done. The password is encrypted and saved. 

And the Chrome, Firefox, Safari and Edge browsers all are capable of generating unique strong passwords, just as a paid stand-alone password manager will do.

What's most important is that you use some service to keep your data secure. “Whether you use a free or paid service,” says Grimes, “everybody should be using a password manager … just like everybody should be wearing a seat belt.”

spinner image membership-card-w-shadow-192x134

Get instant access to members-only products and hundreds of discounts, a free second membership, and a subscription to AARP The Magazine.

Discover AARP Members Only Access

Join AARP to Continue

Already a Member?