HomeInsightsSpotlightElection Security Spotlight — Password Managers

Election Security Spotlight — Password Managers

What It Is

A password manager is a tool that stores passwords in one secure place. Instead of remembering dozens of passwords, you only need to remember one strong master password. Password managers generate complex, unique passwords, which reduces the risk of data breaches caused by reused credentials across multiple platforms.

Password managers also automatically fill in login credentials for websites and applications, saving time and improving efficiency. In addition, these tools encrypt and store passwords, credit cards, and other sensitive information in a secure vault or database.

Why It Matters

Using a password manager significantly reduces the risk of security breaches caused by weak, reused, or forgotten passwords. In an election office, a single compromised account can lead to serious consequences, including data loss, unauthorized access to election systems, and reduced trust in the election system.

Password managers can also help prevent you from falling victim to phishing scams. If you click on a link in an email and land on a fake website, your password manager will not autofill your login credentials because the website address does not match what is stored in your vault. Phishing remains the most common ways cybercriminals gain access to networks, making this added protection especially valuable.

What You Can Do

Here are steps your election organization can take:

  • Educate staff. Explain how password managers help protect critical election infrastructure and personal accounts.
  • Encourage adoption. Share the benefits of using these tools with all employees in your election office.
  • Update password guidance. Create or update policies to specify which password managers are approved to secure employee accounts at work.
  • Implement multi-factor authentication (MFA). Password managers strengthen password security, but no tool is foolproof. As an added layer of protection, use MFA for accessing password managers and any accounts that support it.
  • Stay engaged with the EI-ISAC. Tune into the Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®) Quarterly Calls and attend the ISAC Annual Summit to stay informed about the evolving threat landscape.

Please contact us at [email protected] if you have any questions.

As of June 23, 2025, the MS-ISAC has introduced a fee-based membership. Any potential reference to no-cost MS-ISAC services no longer applies.