How Password Management Software Works

Types and Benefits of Password Management Software
The user interface for Aurora, a standalone password management application for Microsoft Windows, will be entirely familiar for Windows users.
The user interface for Aurora, a standalone password management application for Microsoft Windows, will be entirely familiar for Windows users.
Screenshot by Stephanie Crawford for HowStuffWorks

Software developers have taken different approaches to creating password management software, including where it stores the data, how it's secured and what additional features should be available for saving and retrieving account information.

The following are the different types of password management software available as of 2011. First, we'll examine the features and benefits of each type, as well as why you might choose it. Later, we'll take a close look at their risks.

Bonus feature within other software. Operating systems, Web browsers, antivirus software and other applications occasionally include a password manager feature. Some examples include the password managers in Chrome, Firefox and Internet Explorer browsers and the identity management features in the Norton 360 comprehensive security suite. Use this type of software if you're confident in the security offered through the product and don't feel a need for an additional layer of protection.

Standalone password manager. The earliest type of password management software was the standalone application not associated with any other software. Many such apps still exist today, including KeePass and Aurora. Aurora boasts strong encryption along with added features such as form-filling for Web pages, a password generator and the option to export passwords to a readable file. Try out this type of password management if you do most of your computing on one device that you don't share with other users.

Password managers using embedded security hardware. This is a less commonly employed approach than other types of password management. This software requires hardware embedded on your device to save and encrypt data. For example, Lenovo's T-series ThinkPad laptops feature a chipset mounted on the motherboard called the Embedded Security Subsystem. Used in combination with Lenovo's password management software, you can save passwords and other data to the device,. Furthermore, it's encrypted so that only someone with a passkey, fingerprint (from a fingerprint reader) or both credentials can retrieve that data. Because the information is stored in the chipset instead of on the hard drive, you can also configure the computer to require the passkey or fingerprint to boot the machine altogether. Use this type of password management if your computer is at a high risk of physical hacking or theft; usually, that's the case if you keep it in a shared living or office space or you travel a lot with it.

Web-based password manager. This newest type of password manager is a Web application that you can use from any Internet-connected device. Apps like RoboForm and PasswordSafe have similar features to Aurora with the added benefit of accessing those features from a variety of Web browsers running on different desktop and mobile operating systems. For example, using a single password to sign in to RoboForm, you can retrieve all the passwords you've saved there. Use this type of password management if you have multiple computers or mobile devices with different operating systems and you need to retrieve all your passwords from each device.

So, now that you're savvy about your password management software options, let's weigh their benefits with their risks.