Are password managers actually safe to use?
Yes — reputable managers use zero-knowledge encryption, so even the vendor cannot read your vault. The risk of reusing passwords is far greater.
Password managers encrypt your vault locally with a key derived from your master password. The provider stores only ciphertext and cannot decrypt it.
The realistic threat model is malware on your device or a weak master password — not the vendor being breached. Pick a long, unique master passphrase and enable MFA on the manager itself.
Reputable options: 1Password, Bitwarden, Proton Pass. Avoid browser-only managers tied to a single account with no MFA.
Without a manager, people reuse passwords across sites. One breach then cascades into account takeovers everywhere — a far bigger risk than the manager itself.
Upvotes help us prioritise what to answer next.