Extra security steps
Kia noho haumaru ō raraunga ki tētahi pūwhakahaere kupuhipa

Keep your data safe with a password manager

A password manager stores and protects all your passwords and creates secure new passwords for you — and you only need to remember one master password to access them.

5 min read

What it is

Using a password manager is like putting your passwords in a safe that only you have the key to. It:

  • lets you store and protect all your passwords – the password manager encrypts your passwords so no one else can access them
  • allows you to create random, unique sequences of letters, numbers and symbols that you can use as passwords for your online accounts
  • lets you store digital records, like your secure notes.

How it works

When you set up a password manager, you create a 'master password' that you use when you access your passwords. Once all your other passwords are stored in the password manager, the master password is the only one you have to remember. The password manager will do the rest for you.

You can add your existing passwords to your password manager, or it can create new passwords for you by generating a random sequence of characters or a passphrase based on the password requirements for a website.

Password managers encrypt your data. This means that even if someone got access to your encrypted password vault, they can't see the information you store in it without your master password.

How to protect yourself

  • Choose the right password manager for you

    There are a lot of password managers available, both free and paid. Have a look at reviews online to see which one would work best for you.

    You can choose to:

    • install a password manager locally, on your device, or
    • use an online service that stores your encrypted passwords in the cloud.

    If you decide on a password manager that's stored locally on your device, make sure you back your password vault up regularly. This can also be done as part of a full device backup. Doing regular backups protects your password manager if it’s ever deleted, or if your device needs to be restored after a cyber attack.

    Backing up your data and devices

    Cloud-based password managers are a good option if you want to sync your data between different devices. You can access cloud-based password managers by going to a website, or by installing a browser plugin. A plugin is like an add-on, or extension, to your browser. If you use a plugin, it will prompt you to access your password manager when you go to a website’s login page.

    Using the cloud securely

  • Choose a secure master password

    When you choose a master password:

    • choose something unique
    • make it long and strong — try using a passphrase rather than a password
    • don’t use personal information that would be easy for someone else to guess.

    How to create good passwords

  • Turn on two-factor authentication

    If you want to add an extra layer of security to your password manager, you can turn on two-factor authentication (2FA). That way an attacker would need your password and an additional thing, like a one-time code, to get into your password manager.

    Use two-factor authentication to protect your accounts