Keeping a copy of your master password inside your password manager is generally a good idea.
It’s such a good idea that many password managers like 1Password even do it by default.
I know keeping your master password in your password manager may not seem like a good idea to some, but let me list off why it’s an excellent idea.
1. It Keeps You From Being Locked Out
Your master password is the one password you can’t forget as it’s used to encrypt all your data in your password manager.
Yet, things happen, and people forget their master password even when you advise them it’s okay to write down your master password and keep it somewhere safe in your home.
A common trend with people forgetting their master password is that many of them still have access to their vault but from another device. They have the vault to unlock with their face or a fingerprint reader for convenience, but they can’t export their passwords since they don’t know the master password. If they had kept a copy of their master password in their password manager, they would not be stuck in this situation.
2. It Helps To Stop Phishing Attacks
A phishing attack is when someone sends you a link via email or text message that looks like the real website but is a fake. Once on the fake website, they get you to log in so they can steal your password.
What is crazy is that many modern phishing attacks can even get around some 2FA, too, as shown in this video below.
A password manager, in general, can protect you from some phishing attacks if you use the browser extension for your password manager. This works because the browser extension won’t autofill the password unless you’re on the correct website.
So if you use autofill on the password manager’s extension for the online web portal it won’t fill in unless you’re on the correct URL that’s been set up.
This little speed bump can be just enough to make you wonder if something is up. While not 100% perfect, it’s better than nothing.
If you keep your master password in your vault and do regular backups, which is a good idea, your master password will also be in those backups.
Your vault is the one source of truth.
You make changes, you do it from your password manager first. This makes it easier to keep up with things, organize, and do backups.
4. Easier To Share
This situation may not be for everyone, but if you have someone you trust, you can keep your master password in your vault and then share it with someone within the password manager.
An example of this is having a password manager with a family account, and you share your master password with your spouse.
If your spouse has a copy of your master password (and 2FA), there is no delay in them getting in if the situation arises. They can pay the bills or do whatever as they have a way in.
Emergency access exists for this kind of situation, but sometimes the time delay or the worry about more moving parts is not worth it.
Another way is if you help manage someone else’s password manager. Maybe it’s a parent, kids, or someone who trusts you that needs help with their master password. They can store their master password in their vault and then share it with you just in case they get locked out or forget it.
5. It’s Locked Up
If you keep your master password in your password manager, the only way to get it is if you unlock the password manager first.
If the password manager is unlocked, you don’t need the master password anymore.
It’s like worrying about your house keys when the burglar is already in your home. Or tossing your house keys outside because you don’t want someone in your home to get them. They’re already in the home, they don’t need the keys anymore.
If you’re worried about someone sneaking into your password manager to get your master password, then you need to tighten the time for your vault to lock and turn on 2FA for your password manager. Keeping your master password in your password manager or not doesn’t matter if you have someone snooping willy-nilly in your vault; you’ve got other problems to deal with.
6. If You’re Still Worried
If you’re still worried about keeping your master password in your password manager, you can always pepper your important passwords.
Even if someone got in your password manager, they wouldn’t know the full password.
But you get the convenience and security of keeping your master password in your password manager.
It’s a win-win situation.
I would shorten your time to lock your vault and add 2FA before peppering, as that will more directly address the things you worry about.
Should You Store Your Master Password In Another Password Manager?
If you’re using another password manager to store your master password, so you don’t have to remember it, then that is not an ideal solution.
If you’re storing your master password in another password manager as a backup, that is fine.
I’ve seen people use a local password manager to store the master password to their main password manager in the cloud. While this works, it’s just making things more complicated and messy for yourself.
You can make a strong and memorable master password here, and that is what you should strive for and not some complex system that will only hurt you in the long run.
Sometimes the simplest solution is the best.
What If I Still Don’t Want To Keep My Master Password In My Password Manager?
If you’re still not convinced to keep a copy of your master password in your password manager (maybe even hidden in a fake account), that is okay.
But please, write down your master password and keep it somewhere safe in your home.
Things happen, people forget things, and the last thing you want to happen is to be locked out of your password manager because you forgot your master password.
I have a post on the many ways you can hide your master password here.