What Is a Master Password? (And How to Choose a Good One)

A master password is the single password that unlocks a password manager. Once you enter it, you get access to every other password stored inside. It is the one credential you genuinely have to memorize — and because it protects everything else, it deserves more care than any individual account password.

Think of it like the key to a safe. The safe can hold a hundred valuables, but they are all only as protected as the one key sitting in your pocket.

Why the master password is special

Most password managers use zero-knowledge encryption, which means your vault is encrypted and decrypted locally using a key derived from your master password. The company running the service never sees it and cannot recover it for you. That design is great for privacy — nobody, not even the vendor, can read your data — but it also means there is usually no "forgot password" reset that magically restores access. If you lose the master password, you can lose the vault.

This trade-off is the whole point. We explain it in more detail in what is zero-knowledge encryption.

What makes a good master password

Because you only have to remember one, you can afford to make it long and distinctive:

• Use a passphrase. Five or six random words are easy to recall and very hard to crack. See password vs passphrase.
• Make it unique. Never reuse your master password anywhere else. If it leaks from some other site, your whole vault is exposed.
• Aim for real length. Sixteen characters is a floor; a six-word passphrase comfortably clears it.
• Avoid personal facts. Birthdays, names, and addresses are the first things an attacker guesses.

You can sanity-check a candidate with our master password tester, which scores both strength and how realistic it is to remember.

How to remember it without writing it on a sticky note

The trick is to turn a random passphrase into a vivid mental image. If your generated phrase is "lantern-otter-gravel-trumpet," picture an otter holding a lantern, standing on gravel, playing a trumpet. Absurd images stick. Type it a dozen times the day you create it, then again the next day, and it moves into long-term memory fast.

If you must record it as a backup, store it somewhere physical and secure — a sealed note in a home safe — rather than in a file on the same device you are trying to protect.

How Passlock handles this on a Mac

Passlock stores your passwords in the native macOS Keychain, which is unlocked by your Mac login and protected by Apple's hardware-backed encryption. That means your day-to-day access is tied to the security you already trust to run your computer, and nothing is stored on a remote server. Passlock then lets you go further: you can put an extra lock on individual passwords — or your entire vault — using a time delay, a word challenge, or a password held by someone you trust.

Your master password (or in Passlock's case, your Mac login) is the foundation everything else rests on. Spend ten minutes getting it right, and you rarely have to think about it again.