The risk of using weak or simple passwords — or reusing the same password across multiple online accounts — continues to grow, as such practices make accounts highly vulnerable to hacking. This is where password manager applications play a vital role, as they can securely store and “remember” countless complex passwords while allowing easy access whenever needed.
According to a report by the German News Agency (dpa), Germany’s Federal Office for Information Security (BSI) tested 10 password manager programs and found that some require improvement. Three of the tested applications stored passwords in a way that could theoretically allow the developing companies to access them, increasing the risk of security breaches. The BSI stressed that software developers must address this issue by implementing additional security measures.
Despite these shortcomings, the identified flaws do not justify abandoning password managers altogether. On the contrary, the BSI emphasized that the benefits of using password managers far outweigh the risks, noting that avoiding such tools and relying on weak passwords can be significantly more dangerous.
The agency added that software developers are responsible for fixing vulnerabilities in their products, pointing out that several companies have already begun implementing improvements or have pledged to do so.
In a related effort, the Consumer Protection Center of North Rhine–Westphalia, in cooperation with the Federal Office for Information Security, conducted a data protection review of 10 password manager programs. The review examined privacy policies and the data collected during the registration process.
The results showed that about half of the tested password managers handle data efficiently, either by not collecting any personal data at all or by collecting only the data strictly necessary to perform their functions.
Some developers also collect usage data, such as the websites for which login credentials are stored and the frequency of visits. In certain cases, this data is analyzed to improve services. However, consumer protection experts noted that only a small number of companies use such data for marketing purposes or share it with marketing partners.
Privacy Policies
The report stressed that users should carefully review privacy policies when choosing a password manager, ensuring that unnecessary data is neither collected nor shared with third parties.
If password data is stored in the developer’s cloud infrastructure, users should verify where the data is stored and what level of protection is applied. Such information can usually be found on the company’s website, in the terms and conditions, or within the privacy policy.
Cloud Storage
According to dpa, cloud storage has become a standard feature in most password managers, as it is the only way to synchronize data across multiple devices simultaneously.
There are also password managers that operate exclusively on a single device. Their main advantage lies in enhanced privacy and data protection, since all data remains under the user’s control. However, this approach limits access from other devices unless compatible software is installed and the password database is manually copied and regularly updated.
German experts advised users to research any password manager online before installing it, particularly to check whether it has suffered security breaches or incidents in the past. If so, switching to an alternative service may be the safer option.
Passkeys as an Alternative
Experts also recommend exploring the use of passkeys, which are increasingly being adopted as an alternative to traditional passwords. Passkeys allow users to log in without a password by using a pair of cryptographic keys.
This method is considered highly secure, as passkeys are difficult to steal, guess, forget, or intercept. Authentication is also reinforced by an additional factor such as fingerprint scanning or facial recognition, and passkeys can be stored in many password manager applications.
Five Key Security Measures When Using Password Managers
After choosing a password manager, the Federal Office for Information Security and consumer protection centers recommend taking the following five essential steps:
– Create a strong master password.
– Enable two-factor authentication (2FA).
– Activate automatic backups or perform regular manual backups of stored passwords.
– Enable automatic locking when the application is not in use to prevent unauthorized access.
– Keep the software updated regularly, as timely updates are crucial for password security and must be installed as soon as they are released by the developer.
