What is a password manager, and why does it let you violate "don't write down passwords"?
A password manager is an encrypted vault that stores unique random passwords for every account — you only remember the master password.
How it works:
- Generates strong random passwords (e.g.
R7$mK9!pQz#vW2Nx) per site - Stores them encrypted with a key derived from your master password
- Auto-fills on login → you never type the actual passwords
Why "writing them down" is fine here:
The classic rule "don't write passwords down" assumes a sticky note on your monitor. A password manager is a digital vault with strong encryption (typically AES-256 + PBKDF2/Argon2 key derivation). Even if attackers steal the vault file, they need to brute-force your master password — which takes effectively forever if it's strong.
The master password is everything:
- Must be very long (passphrase recommended)
- Must NOT be reused anywhere else
- Should NOT be written down
Common managers: Bitwarden (open source, free), 1Password, KeePassXC (offline), built-in browser managers (convenient but lock you to that browser).
Tip: Combine with 2FA on the manager itself — even if someone steals your master password, they can't unlock the vault without your second factor.
Go deeper:
Password manager (Wikipedia) — the encrypted-vault + single-master-password model that makes unique passwords safe.