5 Common Password Manager Mistakes

1. Staying Logged In

The master password is the most important element protecting your vault. However, your master password won’t help you if you’re already logged in.

For example, let’s say you’re using your laptop at a café and step away for a minute to go to the bathroom. If your password manager keeps you logged in, someone could walk up and steal everything in your vault.

Every password manager is different, but you should be able to adjust this setting to make your vault more secure. It’s a good idea to have the password manager log you out if you’re ever inactive for more than a few minutes. Even if it’s inconvenient to repeatedly enter your password, it’s still worth reducing the risk of unauthorized access.

2. Using a Weak Master Password

Password managers can make your information more secure, but they also put even more pressure on a single password. Your master password controls access to your entire vault, so it’s crucial to use a strong password that won’t be easy to guess or crack in a brute-force attack.

Fortunately, the master password is also the only thing you need to remember. You should figure out something complex that’s different from the rest of the passwords you use.

Repeats or variations of existing passwords should be off-limits. We also recommend checking to see whether your password has previously been exposed in a data breach. Check out our guide to creating strong passwords for more information.

3. Reusing Passwords

Because your vault is secure doesn’t always mean your passwords are safe. Password managers can only help guard against certain types of attacks. For example, there’s nothing you can do to stop websites from experiencing a data breach. A breach could expose your password regardless of how strong or complex it is.

Naturally, using the same password for more than one account increases the risk of a breach. The more times you reuse an identical password, the more you lose if that password is guessed or stolen. Since there’s no way to predict when a breach might happen, it’s critical to proactively safeguard your information.

Despite this clear security risk, roughly two-thirds of all internet users reuse passwords across some or all of their accounts. If you’re in that group, you should switch to unique passwords as soon as possible — particularly for bank accounts and other accounts with personal information.

One of the key benefits of a password manager is that you don’t have to remember each of your passwords, and using the same passwords multiple times is dangerous. If each password is unique, hackers can only get your password for one account at a time.

4. Leaving Two-factor Authentication Off

Using a strong password makes your account safer, but you should still enable two-factor authentication (2FA) for even more security. With 2FA, you’ll need something other than the password (a second factor) to access your account.

2FA usually goes through a designated device, such as your smartphone or a physical security key. The main advantage of 2FA is that a hacker would have to steal two different things to log in. It’s unlikely that anyone compromises your master password, but it’s always better to be safe than sorry.

If possible, you should avoid routing your 2FA notifications through email or short message service (SMS). While most users won’t have any problems, these confirmation messages are much easier for hackers to imitate compared to authenticator apps, security keys, and other channels.

5. Choosing Your Own Passwords

If your password manager is remembering passwords for you, you don’t need to come up with them yourself. Even if you try to use something new every time, you’ll inevitably end up falling back on the same tendencies — and you’ll also waste time that you could spend on other activities.

In 2023, all the major password managers come with built-in password generators. Just set the parameters, generate a new password, then copy and paste it into the password field. You’ll have a password that’s guaranteed to be unique, and you can adjust the settings easily based on your preferences.

What Are the Top Password Managers?

Every user is looking for something different, so there’s no single best password manager for every situation. Still, we’ve found that a few providers stand out from the rest. We’ll cover some of our top picks here, but you should also check out our list of the best password managers of 2023 for more information.


1Password is a well-rounded password manager with a deep range of features, an intuitive design, and support for all major devices. It’s usually on the pricey end at $2.99 per month, paid annually, but we’ve seen it discounted for as little as $1.50 per month, paid annually.

While 1Password works well for individuals, it’s also a good choice for families and groups. You can get a family plan at $4.99 per month, paid annually, for up to five users, and extra users can be added for $1 each per month. As with the individual option, the family version has been discounted as much as 50%.


Dashlane is a little different than 1Password — instead of a single subscription tier with one set of features, Dashlane comes with both a free and paid option. The free version is less robust than 1Password while the paid alternative costs more and comes with a few additional features.

Some of the most important additions to Dashlane Premium include dark web monitoring, automatic password changer, and secure virtual private network (VPN). A VPN could run you several dollars per month on its own, which helps justify Dashlane’s price tag of $6.49 per month or $4.99 per month when paid annually.

Final Thoughts

In 2023, most internet users have more than just a few accounts. Without a reliable password manager, it would be almost impossible to keep track of strong, unique passwords for so many different apps and websites.

Password managers are deemed necessities in 2023. People don’t always know how to take full advantage of their password manager’s features. These tips help you make your vault as secure as possible and protect against a variety of common cybersecurity threats.