Password Manager Cheat Sheet: What Is a Password Manager?
Tech Republic Security
NOVEMBER 21, 2023
This cheat sheet provides an overview of what a password manager is and what it does, helping you keep your online accounts safe and secure.
A Password Manager Isn't Just for Christmas, It's for Life (So Here's 50% Off!)
Troy Hunt
DECEMBER 7, 2021
Change the password to one 1Password automatically generates c. Obviously, he still has a heap of accounts to set decent passwords on, but now he knows the pattern and he can repeat that over and over again. Login and have 1Password store the credentials b. Turn on 2FA and store the token in 1Password And that was it.
Passwords 
362
362 Join 28,000+
Insiders
Sign Up for our Newsletter
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Trending Sources
Bitwarden vs Dashlane: Comparing Password Managers
eSecurity Planet
MAY 14, 2025
Bitwarden and Dashlane are two popular password managers that offer business plans in addition to their products for individuals. 5 Bitwarden is a popular business password manager with features like user management, custom session length, and integrations with SIEM products. Bitwarden overview Overall rating: 4.2/5
6 Best Open Source Password Managers for Mac in 2024
Tech Republic Security
APRIL 10, 2024
Explore the top open-source password managers available for Mac users. Find the best one that suits your needs and secure your online accounts effectively.
Improper use of password managers leaves people vulnerable to identity theft
Tech Republic Security
DECEMBER 14, 2022
A password manager can be a useful and effective tool for creating, controlling and applying complex and secure passwords, but if you don’t use it the right way, you can open yourself up to account compromise and even identity theft.
Identity Theft 178
178 
I've Joined the 1Password Board of Advisers
Troy Hunt
OCTOBER 29, 2020
Almost a decade ago now, I wrote what would become one of my most career-defining blog posts: The Only Secure Password is the One You Can't Remember. I had come to the realisation that I simply had too many accounts across too many systems to ever have any chance of creating decent unique passwords I could remember.
Man accused of using keylogger to spy on colleagues, log in to their personal accounts and watch them at home
Malwarebytes
APRIL 9, 2025
The lawsuit claims that this gave Bathula login credentials for the victims’ personal accounts and systems, including bank accounts, emails, home surveillance systems, Dropbox accounts, Google Drives, dating applications, Google Nests, and iCloud accounts. Use a password manager. Protect your webcam.
Threat Modeling Password Managers
Adam Shostack
JANUARY 2, 2025
Here's my model of what we're working on: Let me walk you through this: There's a password manager, which talks to a website. The two boundaries displayed are where the data and the "password manager.exe" live. If your computer is not compromised, and your passwords are nowhere else, then you're safe.
12 Million Zacks accounts leaked by cybercriminal
Malwarebytes
FEBRUARY 14, 2025
Now, a cybercriminal using the monicker Jurak, leaked sensitive information related to roughly 12 million accounts, which allegedly stems from a breach that happened last year. Protecting yourself after a data breach Losing data related to a financial account can have severe consequences. Change your password. Take your time.
When Accounts are "Hacked" Due to Poor Passwords, Victims Must Share the Blame
Troy Hunt
NOVEMBER 7, 2018
It's just another day on the internet when the news is full of headlines about accounts being hacked. This is when hackers try usernames and password combos leaked in data breaches at other companies, hoping that some users might have reused usernames and passwords across services. Without doubt, blame lies with them.
Passwords 268
268 
Top Unexpected Ways to Utilise a Password Manager for Enhanced Security and Organisation
IT Security Guru
JANUARY 22, 2024
Password managers have become integral tools for individuals and businesses alike. They are primarily known for securely saving and managing login credentials so users don’t have to remember them all or write them down, where they could be compromised.
Feds seized $23 million in crypto stolen using keys from LastPass breaches
Security Affairs
MARCH 10, 2025
DoJ, threat actors may have used private keys extracted by cracking the victim’s password vault stolen from the 2022 security breach suffered by an online password manager. The scale and speed of the theft indicate a coordinated effort, consistent with previous breaches of online password managers and crypto thefts.
Effortlessly upgrade to Passkeys on Pixel phones with Google Password Manager
Google Security
JANUARY 30, 2024
This is why the Pixel team has been especially excited about passkeys —the easier, safer alternative to passwords. Passkeys are safer because they’re unique to each account, and are more resistant against online attacks such as phishing. Google Password manager will incorporate these updates for other platforms in the future.
Weekly Update 258
Troy Hunt
AUGUST 26, 2021
Lots of little things this week, hoping next week will be the big "hey, Pwned Passwords just passed 1 billion", stay tuned for that one 😊 References You probably should have an OnlyFans account (no, not in the way it sounds like you should.) Is the silver lining of Brexit an end to inane cookie warnings?
68k Phishing Victims are Now Searchable in Have I Been Pwned, Courtesy of CERT Poland
Troy Hunt
AUGUST 30, 2023
The advice to impacted individuals is as follows: Get a digital password manager to help you make all passwords strong and unique If you've been reusing passwords, change them to strong and unique versions now, starting with the most important services you use Turn on multi-factor authentication wherever it's available, especially for important (..)
Phishing 362
362 
Security expert Troy Hunt hit by phishing attack
Malwarebytes
MARCH 26, 2025
Your account has been flagged due to a spam complaint, and as a result, you are temporarily unable to send emails until this issue is resolved, the email read. To fix the issue, Hunt was asked to sign into his Mailchimp account. The phishing email was convincingly designed, and it threatened consequences if its recipient failed to act.
Phishing 122
122 
Why we’re no longer doing April Fools’ Day
Malwarebytes
MARCH 31, 2025
Last year a burger restaurant sent customers into a spin after sending them a fake order confirmation email, which led to customers fearing that their accounts had been hacked. Use a different password for every account. Password managers help you create complex passwords, and they remember them for you.
Scams 141
141 
When Security Locks You Out of Everything
Schneier on Security
JUNE 28, 2022
And even if I could convince the cloud provider to bypass that and let me in, the backup is secured with a password which is stored in—you guessed it—my Password Manager. To get my passwords, I need my 2FA. To get my 2FA, I need my passwords. And, thus, get access to my accounts.
Passwords 320
320 
Phishing evolves beyond email to become latest Android app threat
Malwarebytes
FEBRUARY 11, 2025
They dont crack into password managers or spy on passwords entered for separate apps. If enough victims unwittingly send their passwords, the cyber thieves may even bundle the login credentials for sale on the dark web. The requests are bogus and simply a method for harvesting passwords.
Phishing 130
130 
Instagram Hacked: Top 5 Ways to Protect Your Account
Hacker's King
DECEMBER 26, 2024
If your account falls into the wrong hands, it can lead to the loss of personal memories, private messages, or even a damaged online reputation. While hacking attempts continue to evolve, so do the strategies to secure your account. Create a schedule where passwords are changed automatically or at regular intervals.
10 Behaviors That Will Reduce Your Risk Online
Daniel Miessler
MAY 14, 2020
Use unique, strong passwords, and store them in a password manager. Many people get hacked from having guessable or previously compromised passwords. Good passwords are long, random, and unique to each account, which means it’s impossible for a human to manage them on their own.
Risk 345
345 
On world password day, Microsoft says fewer passwords, more passkeys
Malwarebytes
MAY 2, 2025
But over time, the number of passwords we use, and the necessary strengths have grown so much that the system has become practically unusable without a password manager. So, only a few years later, Microsoft introduced Windows Hello , a new way for users to securely sign in to their accounts with their face, fingerprint, or PIN.
Passwords 84
84 
Hi, robot: Half of all internet traffic now automated
Malwarebytes
APRIL 16, 2025
Good bots accounted for just 14% of the internet’s traffic. An increasing number try to hijack peoples’ online accounts, which they often do by credential stuffing. These account takeover attacks have skyrocketed lately. Don’t reuse passwords. Bad bots do all kinds of unpleasant things. Protect your PC.
Internet 143
143 
International law enforcement operation dismantled RedLine and Meta infostealers
Security Affairs
OCTOBER 29, 2024
Change passwords : After malware removal, update passwords for key accounts (email, banking, work, social media) and enable two-factor authentication. Use a password manager : Simplifies managing strong, unique passwords across accounts. payment info) may have been compromised.
Identity Theft 125
125 
The Risk of Weak Online Banking Passwords
Krebs on Security
AUGUST 5, 2019
If you bank online and choose weak or re-used passwords, there’s a decent chance your account could be pilfered by cyberthieves — even if your bank offers multi-factor authentication as part of its login process. Crooks are constantly probing bank Web sites for customer accounts protected by weak or recycled passwords.
Banking 277
277 
Data From The Emotet Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI and NHTCU
Troy Hunt
APRIL 26, 2021
Following the takedown, the FBI reached out and asked if Have I Been Pwned (HIBP) might be a viable means of alerting impacted individuals and companies that their accounts had been affected by Emotet. Change your email account password. Turn on 2 factor authentication wherever available.
Malware 363
363 
The Wages of Password Re-Use: Your Money or Your Life
Krebs on Security
MAY 4, 2021
In a world in which all databases — including hacker forums — are eventually compromised and leaked online, it can be tough for cybercriminals to maintain their anonymity if they’re in the habit of re-using the same unusual passwords across multiple accounts associated with different email addresses.
Passwords 338
338 
AutoSpill attack steals credentials from Android password managers
Bleeping Computer
DECEMBER 9, 2023
Security researchers developed a new attack, which they named AutoSpill, to steal account credentials on Android during the autofill operation. [.]
GUEST ESSAY: Until we eliminate passwords, follow these 4 sure steps to password hygiene
The Last Watchdog
NOVEMBER 22, 2021
With so much critical data now stored in the cloud, how can people protect their accounts? Until biometrics or a quantum solution change our everyday approach to encryption, passwords remain our first line of defense against data breaches, hackers, and thieves. 3) Activate 2FA on all accounts. 3) Activate 2FA on all accounts.
Passwords 244
244 
Gmail Under Siege: FBI Warns of Unusual AI-Driven Phishing Attacks
eSecurity Planet
FEBRUARY 10, 2025
Since early 2022, there has been a 49 percent rise in phishing attempts capable of evading filters, with AI-generated threats accounting for nearly 5 percent of these attacks. Compromising a single Gmail account can grant access to an extensive personal and corporate data treasure trove.
Phishing 115
115 
How AI was used in an advanced phishing campaign targeting Gmail users
Malwarebytes
FEBRUARY 13, 2025
These often start with a call to users, claiming their Gmail account has been compromised. The goal is to convince the target to provide the criminals with the users Gmail recovery code, claiming its needed to restore the account. Use a password manager to autofill credentials only on trusted sites.
Phishing 108
108 
How to enhance the security of your social media accounts
Pen Test Partners
AUGUST 29, 2024
TL;DR Strong passwords : Use a password manager. This makes it harder for unauthorised users to gain access even if they have your password. Secure networks : Avoid using untrusted public Wi-Fi to access social media accounts, instead, use mobile data.
Media 116
116 
Big name TikTok accounts hijacked after opening DM
Malwarebytes
JUNE 5, 2024
High profile TikTok accounts, including CNN, Sony, and—er—Paris Hilton have been targeted in a recent attack. CNN was the first account takeover that made the news, with Semafor reporting that the account was down for several days after the incident. The account is then taken over and the user loses access.
Accountability 128
128 
Inside the Cit0Day Breach Collection
Troy Hunt
NOVEMBER 19, 2020
I'm going to highlight one particular row that used a Mailinator address simply because Mailinator accounts are public email addresses where there is no expectation whatsoever of privacy. I mean can we trust that both the email addresses and passwords from these alleged breaches represent actual accounts on those services?
Passwords 364
364 
Experian, You Have Some Explaining to Do
Krebs on Security
JULY 10, 2022
Twice in the past month KrebsOnSecurity has heard from readers who’ve had their accounts at big-three credit bureau Experian hacked and updated with a new email address that wasn’t theirs. In both cases the readers used password managers to select strong, unique passwords for their Experian accounts.
Accountability 335
335 
Why World Password Day Is a Perfect Reminder to Up Your Security Game
SecureWorld News
MAY 1, 2025
In an age where generative AI and machine learning power cyberattacks, password-cracking tools have become more sophisticated, making these outdated techniques ineffective. Hackers today can guess common patterns and character swaps in mere seconds, leaving those "clever" passwords vulnerable. Avoid storing passwords in plain sight.
Passwords 73
73 
Threat Modeling and Logins
Adam Shostack
JANUARY 2, 2025
Recently, I was opening a new bank account. The bank unexpectedly sent me a temporary password to sign up, and when I did, the temporary password had expired. But then, after I went to reset the password, the bank emailed me a one time code. Theyre checking live access to the email account with the one time code.
Banking 130
130 
GUEST ESSAY: Understanding the security limits of the static and dynamic passwords we rely on
The Last Watchdog
JANUARY 31, 2022
In other words, dynamic passwords are changeable static passwords. Dynamic passwords need to be securely managed. Online and offline password managers come into play here. However, password managers introduce the problem of risk concentration, or putting all of one’s eggs in a single basket.
Passwords 232
232 
Account takeover attacks on the rise, impacting almost 25% of people in the US
Tech Republic Security
SEPTEMBER 23, 2022
Losses triggered by account takeovers have averaged $12,000 per incident, according to data cited by SEON. The post Account takeover attacks on the rise, impacting almost 25% of people in the US appeared first on TechRepublic.
Accountability 166
166 
National Consumer Protection Week: Keeping your personal data safe in a digitally connected world
Webroot
MARCH 3, 2025
Common attacks to consumer protection Identity theft and fraud Some common types of identity theft and fraud include account takeover fraud , when criminals use stolen personal information such as account numbers, usernames, or passwords to hijack bank accounts, credit cards, and even email and social media accounts.
Okta breach happened after employee logged into personal Google account
Malwarebytes
NOVEMBER 7, 2023
After 1Password, BeyondTrust, and Cloudflare detected unauthorized log-in attempts to their in-house Okta administrator accounts, they reported the incidents to Okta who started an investigation. To gain access to that service account, the attacker compromised an Okta employee. Change your password. Take your time.
Accountability 137
137 
LastPass: ‘Horse Gone Barn Bolted’ is Strong Password
Krebs on Security
SEPTEMBER 22, 2023
The password manager service LastPass is now forcing some of its users to pick longer master passwords. But critics say the move is little more than a public relations stunt that will do nothing to help countless early adopters whose password vaults were exposed in a 2022 breach at LastPass. ”
Passwords 322
322 
Bad Consumer Security Advice
Schneier on Security
DECEMBER 4, 2018
There are lots of articles about there telling people how to better secure their computers and online accounts. To remain anonymous and secure on the Internet, invest in a Virtual Private Network account, but remember, the bad guys are very smart, so by the time this column runs, they may have figured out a way to hack into a VPN.
Accountability 276
276 
Fake Booking.com phish uses fake CAPTCHAs to trick hotel staff into downloading malware
Malwarebytes
MARCH 26, 2025
Monitor your accounts. Check your accounts periodically for unexpected changes and notifications of suspicious login attempts. Use a different password for every online account. Choose a strong password that you dont use for anything else. Better yet, let a password manager choose one for you.
Phishing 121
121 
Let's personalize your content