Extra security steps
Kia noho haumaru ō raraunga ki tētahi pūwhakahaere kupuhipa

Keep your data safe with a password manager

A password managers stores and protects all your passwords, and creates secure new passwords for you — and you only need to remember one master password to access them.

5 min read

What it is

Using a password manager is like putting your passwords in a safe that only you have the key to. It:

  • lets you store and protect all your passwords – the password manager encrypts your passwords so no one else can access them
  • allows you to create random, unique sequences of letters, numbers and symbols that you can use as passwords for your online accounts
  • lets you store digital records, like your secure notes.

How it works

When you set up a password manager, you create a 'master password' that you use when you access your passwords. Once all your other passwords are stored in the password manager, the master password is the only one you have to remember. The password manager will do the rest for you.

You can add your existing passwords to your password manager, or it can create new passwords for you by generating a random sequence of characters or a passphrase based on the password requirements for a website.

Password managers encrypt your data. This means that even if someone got access to your encrypted password vault, they can't see the information you store in it without your master password.

How to protect yourself

Like anything else online, password managers aren’t foolproof – but they do make it much more difficult for anyone to get access to your accounts, data and information.

Choose the right password manager for you

There are a lot of password managers available, both free and paid. Have a look at reviews online to see which one would work best for you.

You can choose to:

  • install a password manager locally, on your device, or
  • use an online service that stores your encrypted passwords in the cloud.

If you decide on a password manager that's stored locally on your device, make sure you back your password vault up regularly. This can also be done as part of a full device backup. Doing regular backups protects your password manager if it’s ever deleted, or if your device needs to be restored after a cyber attack.

Backing up your data and devices

Cloud-based password managers are a good option if you want to sync your data between different devices. You can access cloud-based password managers by going to a website, or by installing a browser plugin. A plugin is like an add-on, or extension, to your browser. If you use a plugin, it will prompt you to access your password manager when you go to a website’s login page.

Using the cloud

Most browsers — like Internet Explorer or Chrome — have a built in password manager. You’ll see it when you log in to a site and a message pops up asking if you want the browser to save your password for you. This can be handy, but it's not as secure as using a dedicated password manager. Browsers will usually store your passwords on your computer. This means that if you leave your computer unattended or unlocked, other people could get easy access to your passwords.

Choose a secure master password

When you choose a master password:

  • choose something unique
  • make it long and strong — try using a passphrase rather than a password
  • don’t use personal information that would be easy for someone else to guess.

How to create good passwords

Turn on two-factor authentication

If you want to add an extra layer of security to your password manager, you can turn on two-factor authentication (2FA). That way an attacker would need your password and an additional thing, like a one-time code, to get into your password manager.

Use two-factor authentication to protect your accounts

Resources

Password managers: Keep your data safe [PDF, 88 KB]