How to tell a good password manager from a bad one.
We know we are supposed to have passwords that should be changed regularly, but very few of us actually do it. Coming up with strong, varied passwords can be painful. And remembering them? Forget about it.
Most people use very weak passwords and reuse them across many ‘logins’. So, how are you supposed to use strong, unique passwords for all the sites and stores and subscriptions in your system? The answer is to use a password manager.
Password managers will securely store your login information and help you to log into sites automatically. They encrypt your password database with a master password – the only one you have to remember. Or you can create your own master password. Just make sure it’s impossible to crack and, whatever you do, don’t forget it!
Types of password managers include:
- locally installed software applications
- online services accessed through website portals
- locally accessed hardware devices that serve as keys.
Locally installed software
Password managers are commonly stored on the user’s personal computer or mobile device in the form of a software application. These apps can be offline, with the password database stored on the same device, or they may offer or require a cloud-based approach, where the password database is stored remotely.
Some offline password managers do not require internet permission, so there is no leakage of data due to the network. To some extent, a fully offline password manager is more secure, but may be much weaker in convenience and functionality than an online one.
An online password manager is a website that securely stores login details. They are a web-based version of more conventional desktop-based password managers.
The advantages of online password managers over desktop-based versions are portability and a reduced risk of losing passwords through theft from or damage to a single PC.
Security tokens can also act as a password manager. Smart cards or secure USB flash devices are used to authenticate a user in lieu of or in addition to a traditional text-based password.
The data stored in the token is usually encrypted to prevent probing and unauthorised reading of the data.
What can go wrong?
While password managers are generally very safe and improve your online security, there are still some vulnerabilities.
As with any system that involves the user entering a password, the master password may also be attacked and discovered by those intent to act maliciously. This risk can be mitigated with the use of multi-factor verification for your device.
Some password managers include a password generator and these generated passwords may be guessable if they use a weak number generator instead of a cryptographically secure one, so this is something you will want to investigate before signing up.
If you enjoy our content, don’t keep it to yourself. Share our free eNews with your friends and encourage them to sign up.
Join YOURLifeChoices, it’s free
- Receive our daily enewsletter
- Enter competitions
- Comment on articles