Password managers make it easy to use strong, unique passwords everywhere. This is an important benefit of using them, but there is another: Password Manager protects you from fake websites trying to "fish" your password.
What is phishing and how does it work?
Fishing ( Phishing) is designed to trick you into giving your password or other information to a scammer.
For example, suppose you receive an email claiming to come from your bank. The email indicates that your account may have been compromised and you must click a link to take immediate security measures. Click on the email link and you will end up with a website that looks like your real bank website.
In a hurry, to secure your account, enter your password and possibly other details such as your credit card number. Phishing is done. The attacker now has the username and password of your bank account, as well as any other information you provided on the form you entered. It was not the actual website of your bank. You received the email from a scammer.
Security professionals advise you not to click on links in such messages. Instead go directly to your bank account website from a new browser tab and log in. Similarly, if someone claiming to be from your bank picks up your phone, hang up and call your bank customer service number directly to see if the call was genuine.
There are many other ways you can come up with a phishing site. You might click on a link to buy something on the web and end up with a page that looks like Amazon.com or another online store, but it is not. You might click on a link to email someone and get a Google login screen for your Gmail account.
It's all in the URL
There is something you can do to find phishing sites:
Examine the URL in the web page address. For example, if you do banking with Piraeus, verify that you are in the domain of Piraeus. But e-fishing sites could be smart - for example, an e-fishing site might use the domain "www.winbank.gr.safe.info/onlinebanking/login".
If you read the URL carefully, you will realize that this URL is actually hosted on "safe.info" and not on "winbank.gr".
Likewise, some phishing sites use characters that look like other characters to make the address look like the real thing. For example www.winbank.gr can become www.winbanκ.gr, adding a Greek character in place of k.
How a password manager helps protect you
If you use a password manager, you have extra protection. This is valid for as long as the password manager can automatically fill in your credentials, be it 1Password, LastPass or someone else. From iGuRu.gr we highly recommend him KeePass because it encrypts and stores your passwords locally rather than in the cloud.
If you save a link to a site like winbank.gr or Amazon.com, your password manager will remember the address and automatically provide you with the password when you are on the right page. If you are on a different site, your password manager will not display the password you are using.
This protection will not display a large red alert. But you will notice that the password manager does not find a password to log in to this page.
It also works on a smartphone
Of course, the same features are available when using a password manager on a mobile device.