It’s not a silly question at all.
Password managers, aka vaults, use several techniques and indicators to decide when, where, and how to fill in your information.
I’ll review some of the basic concepts that apply to most password vaults, as well as some of the complexity they have to deal with — including sites that seem to explicitly prevent their use.
Become a Patron of Ask Leo! and go ad-free!
Password vaults are for website logins
To begin with, we need to be clear that password vaults exist primarily to make logging in to online services easier. They make it possible to use long, complex passwords you couldn’t easily remember and type in.
Put another way, password vaults work in your web browser. Other password uses — say Windows itself asking for a password — is not where they come into play.
Now, there is one interesting exception, and that’s mobile. If your password vault has a mobile app, then it is likely to offer to manage passwords required by some (or perhaps most) of the apps installed on that device, in addition to working in the web browser.
Vaults save three pieces of information
At their core, each time you create a new entry in a password vault, three pieces of information are stored. If you have an account here at Ask Leo! and sign in via the “My Account” page, your password vault will care about:
- The URL: https://askleo.com/my-account/.
- Your username. That can be the email address associated with your account, or in some cases, an actual name (like “Leo”, in my case).
- Your password.
Creating a vault entry automatically
Most password vaults notice when you successfully sign in to a site it doesn’t already have an entry for. Then it asks if you want to save that information.
When you say “Yes” or “Add”, the information is saved in your password vault.
It may also give the entry a “name”, making it easier to find in the future. Here, LastPass created a name for the entry: “askleo.com” — the name of the site the entry applies to. (This isn’t used for anything other than display purposes.) It’s the URL field that matters for what’s next.
Using a saved entry
In most cases, using an entry saved in your password vault requires almost no work at all. Simply return to the URL of the log-in page, and the vault fills in the appropriate information, including your saved password, automatically. (Some vaults may not enable this feature by default, in which case you can typically right click and click on an item provided by the vault to fill in the fields, or perhaps click on the vault’s toolbar icon for the open to fill.)
All you need to do is click “Log in”.
Occasionally, you might be given a choice — for example, if you have more than one account with a given service. Exactly how that’s handled depends on your specific password vault, but generally there’s a control of some sort to click on (or right-click on) that will expose the saved credentials that apply, allowing you to choose which to use.
Creating vault entries manually
Occasionally, a password vault fails to recognize that you’ve logged in to a website or service for the first time, and doesn’t offer to create a vault entry for you.
There are two approaches to dealing with this situation:
- Create the entry manually. Most password vaults let you create entries from scratch. As we’ve seen, all you need to save is the URL, the login ID, and your password.
- Tell the vault to save before login. After filling in your user ID and password, but before you sign in, most vaults let you say, “Save this information now”, at which point they create a new vault entry for you with the fields and the URL found on the page. Exactly how, or even if, each vault allows you to do this varies.
In either case, signing out and then returning to the sign-in page will tell you if the vault got the information in a way that will allow it to sign in for you in the future.
When saved entries don’t work – reason #1
The #1 reason a password vault might not automatically fill in fields for you when you visit a website’s login page is that the URL is different. It’s not uncommon for the URL in your browser to be completely different at account creation time than it is at sign-in time. For example:
might be where you created your account and password, and thus what your password vault saved as the URL for the site. Yet when it comes time to sign in again, the URL of the login page might be something like:
— which is, of course, different. Same site, different page.
This is where the different password vaults differ. Some simply fail at this point. Others, however, look at those two URLs, notice they’re for the same site (albeit different pages), and offer, or fill in, the credentials you saved.
Fortunately, most vaults allow you to edit the URL manually. When this happens to me in LastPass, I edit the URL field to be just the domain:
LastPass then recognizes login attempts on any page on that domain. Your vault may, of course, behave differently, so you’ll want to save what was there to begin with before you change anything, just in case you need to set it back.
When saved entries don’t work – reason #2
Honestly, this frustrates me.
Some websites, or website designers, or perhaps their more bureaucratic and less tech savvy bosses, don’t like password vaults. They want you to manually type in your password every single time, without the assistance of technology. (Never mind that this leads to people choosing weaker passwords, or storing them in significantly less secure ways.) I discuss this in some more detail in Why Are Sites Making It Difficult for Password Managers?
Because of this misguided mandate, websites sometimes take steps to prevent password vaults from working. Period.
When this happens, most of the time you can still use your vault, though doing so is a little more cumbersome: open the vault and copy/paste the password from the vault to the password field of the website’s login page.1 This allows you to continue to use those long and strong passwords you have no hope of remembering.
There’s so much more
Saving your login information is the most basic of features across all password vaults, but most do much, much more. They securely save information and fill in forms other than sign in forms, save secure notes about anything you want to record, and more.
Once you find a password vault you’re comfortable with that meets your sign-in and password-saving needs, I encourage you to explore its additional features.
If you found this article helpful you'll love Confident Computing! My weekly email newsletter is full of articles that help you solve problems, stay safe, and increase your confidence with technology.
Subscribe now, and I'll see you there soon,
Footnotes & References
1: Yes, there are a few — thankfully, a very few — that even disable pasting in the password. At that point, typing is almost the only solution. Avoiding that site or service is typically my next step, as they clearly don’t understand security and favor misguided bureaucracy instead.