If you’re currently memorizing or writing down all your passwords, switching to a secure password manager is one of the best things you can do to protect your accounts. However, simply using a password manager doesn’t necessarily mean you have strong cybersecurity.

Proper use of your password manager is as important as the specific tool you choose. Find out some frequent mistakes people make when using a password manager.

What Are 5 Common Password Manager Mistakes?

1. Staying logged in

The master password is the most important element protecting your vault, but it won’t help if you’re already logged in.

Say you’re using your laptop at a café and step away for a minute to go to the bathroom. Someone could steal everything in your vault if your password manager keeps you logged in.

Every password manager is different, but you should be able to adjust this setting to make your vault more secure. Having the password manager log you out if you’re inactive for over a few minutes is a good idea. Even if it’s inconvenient to enter your password repeatedly, it’s still worth reducing the risk of unauthorized access.

2. Using a weak master password

Password managers can make your information more secure, but these tools also put even more pressure on a single password. Your master password controls access to your entire vault, so using a strong password that won’t be easy to guess or crack in a brute-force attack is crucial.

Fortunately, the master password is the only thing you need to remember. Figure out something complex that’s different from the rest of the passwords you use.

Repeats or variations of existing passwords should be off-limits. We also recommend checking whether your password was previously exposed in a data breach. Check out our guide to creating strong passwords for more information.

3. Reusing passwords

Using the same password for multiple accounts increases the risk of a breach. The more times you reuse an identical password, the bigger your loss if that password is guessed or stolen. Since there’s no way to predict when a breach might happen, it’s critical to safeguard your information proactively.

Despite this clear security risk, roughly two-thirds of all internet users reuse passwords across some or all of their accounts. If you’re in that group, switch to unique passwords as soon as possible — particularly for bank accounts and other accounts with personal information.

One of the key benefits of a password manager is that you don’t have to remember each of your passwords, and using the same ones multiple times is dangerous. If each password is unique, hackers can only get your password for one account at a time.

4. Leaving two-factor authentication off

Using a strong password makes your account safer, but you should still enable two-factor authentication (2FA) for even more security. With 2FA, you’ll need something other than the password (a second factor) to access your account.

2FA usually goes through a designated device, such as your smartphone or a physical security key. The main advantage of 2FA is that a hacker would have to steal two different things to log in. It’s unlikely that anyone compromises your master password, but it’s always better to be safe than sorry.

If possible, you should avoid routing your 2FA notifications through email or a short message service (SMS). While most people won’t have any problems, these confirmation messages are much easier for hackers to imitate than authenticator apps, security keys, and other channels.

5. Choosing your passwords

If your password manager is remembering passwords for you, you don’t need to develop them yourself. Even if you try to use something new every time, you’ll inevitably fall back on the same tendencies and waste time you could spend on other activities.

In 2023, all the major password managers come with built-in password generators. Just set the parameters, generate a new password, then copy and paste it into the password field. You’ll have a password guaranteed to be unique, and you can adjust the settings easily based on your preferences.

Need a password manager?
Protect your data with these top-rated password managers.
Best password generator for enterprise
Best value password manager
Best password manager for security

What Are the Top Password Managers?

Every user seeks something different, so there’s no best password manager for every situation. Still, we’ve found that a few providers stand out. We’ll cover some of our top picks here. Check out our list of the best password managers of 2024 for more information.

Should You Use a Password Manager?

In 2024, most internet users have more than just a few accounts. Without a reliable password manager, keeping track of strong, unique passwords for many different apps and websites would be almost impossible.

Password managers are deemed necessities in 2024. People don’t always know how to utilize their password manager’s features fully. These tips help you make your vault as secure as possible and protect against various common cybersecurity threats.


Frequently Asked Questions About Wrong Password Manager Use

  • What are the flaws of password managers?

    A main flaw is that if a hacker gets access to your main password, they have access to all of them. Also, some are poorly-protected managers, and some do not work with all websites.

  • What are the four features to look for in a password manager?

    Look for one in which password vaults are protected with strong encryption. Also, it should have a strong password generator, autofill, and integration with 2FA.

  • What are two things you should never do with a password?

    Don’t use easily guessed passwords like “user” or “12345.” Also, avoid using the same password twice.

  • Why don’t people use password managers effectively?

    Sometimes people incorrectly think they are at low risk or lack sufficient knowledge to use these tools properly.


About The Password Manager, Gunnar Kallstrom:

Kallstrom, The Password Manager, is a Cyber Team Lead for a Department of Defense (DOD) contracting company in Huntsville, Alabama, and has worked as a Computer Network Defense (CND) Cyber Analyst. An author and content creator for a cybersecurity academy, Kallstrom spent nearly 15 years in the Army as a musician before entering the cybersecurity field.

He holds a bachelor’s degree in music from Thomas Edison State University and a master’s in organizational development and leadership from the University of the Incarnate Word.

Kallstrom has completed several Computing Technology Industry Association (CompTIA) courses, including Security+, Network+, A+ Core 1, and A+ Core 2. He earned a CompTIA Security+ Certification. Additionally, he has completed the Cyber Warrior Academy program with more than 800 hours of hands-on, intensive, and lab-driven technical training in cybersecurity methods and procedures.

Passionate about all things cyber, Kallstrom was a speaker on a panel at the 2022 InfoSec World conference, giving a talk entitled “Hacking into a Cyber Career – True Stories.” Kallstrom is also a mentor to entry-level cybersecurity candidates seeking to break into the field. When he’s not working, he still enjoys playing guitar and fishing (not phishing).