Password Manager

A password manager is a tool that stores your passwords securely and helps you generate strong, unique passwords for every site and app.

Most also act as a phishing signal because they will not autofill on the wrong domain.

Why it matters for account recovery

Password managers matter because password reuse is one of the highest-probability takeover paths. When one password unlocks multiple accounts, a single breach becomes a cascade.

For recovery, the vault becomes part of the control plane. That makes strong protection and a backup path important.

Common failure modes and misconceptions

• Weak vault protection: If your vault password is weak, or your vault account is compromised, the damage is broad.
• No recovery plan: Losing access to the vault without a recovery method can lock you out of many accounts at once.
• Ignoring autofill warnings: If the manager refuses to autofill, treat it as a domain mismatch signal and stop.

Safe best practices

• Use a strong vault password that you do not reuse anywhere else.
• Enable strong authentication on the vault account (see 2FA).
• Keep recovery methods and emergency access up to date.
• Use the manager to eliminate reuse, which drives credential stuffing.

Related terms

• Credential stuffing
• Phishing
• Account takeover (ATO)

Related guides

• Common mistakes creating passwords
• How to secure your Google account
• How to protect your online information

Password managers reduce risk by changing defaults: unique passwords become easy, and wrong-domain logins become obvious. The tradeoff is that the vault becomes a high-value target worth protecting well.