Password managers explained: do you need one? Are they safe?

How to tell a good password manager from a bad one.

Password managers explained: do you need one? Are they safe?

We know we are supposed to have passwords that should be changed regularly, but very few of us actually do it. Coming up with strong, varied passwords can be painful. And remembering them? Forget about it.

Most people use very weak passwords and reuse them across many ‘logins’. So, how are you supposed to use strong, unique passwords for all the sites and stores and subscriptions in your system? The answer is to use a password manager.

Password managers will securely store your login information and help you to log into sites automatically. They encrypt your password database with a master password – the only one you have to remember. Or you can create your own master password. Just make sure it’s impossible to crack and, whatever you do, don’t forget it!

Types of password managers include:

  • locally installed software applications
  • online services accessed through website portals
  • locally accessed hardware devices that serve as keys.

Locally installed software
Password managers are commonly stored on the user’s personal computer or mobile device in the form of a software application. These apps can be offline, with the password database stored on the same device, or they may offer or require a cloud-based approach, where the password database is stored remotely.

Some offline password managers do not require internet permission, so there is no leakage of data due to the network. To some extent, a fully offline password manager is more secure, but may be much weaker in convenience and functionality than an online one.

Web-based services
An online password manager is a website that securely stores login details. They are a web-based version of more conventional desktop-based password managers.

The advantages of online password managers over desktop-based versions are portability and a reduced risk of losing passwords through theft from or damage to a single PC.

Hardware devices
Security tokens can also act as a password manager. Smart cards or secure USB flash devices are used to authenticate a user in lieu of or in addition to a traditional text-based password.

The data stored in the token is usually encrypted to prevent probing and unauthorised reading of the data.

What can go wrong?
While password managers are generally very safe and improve your online security, there are still some vulnerabilities.

As with any system that involves the user entering a password, the master password may also be attacked and discovered by those intent to act maliciously. This risk can be mitigated with the use of multi-factor verification for your device.

Some password managers include a password generator and these generated passwords may be guessable if they use a weak number generator instead of a cryptographically secure one, so this is something you will want to investigate before signing up.

If you enjoy our content, don’t keep it to yourself. Share our free eNews with your friends and encourage them to sign up.

RELATED ARTICLES





    COMMENTS

    To make a comment, please register or login
    Alan
    1st Sep 2020
    11:10am
    Any recommendations from someone with "hands on" experience of password managers?
    ChannelingOrwell
    1st Sep 2020
    2:48pm
    Hi Alan,

    Forget about password managers and use this nifty little application called "ShortKeys"

    It monitors your key strokes, and when it recognises a predefined character string (say a 3 character code such as "1pw"), spits out whatever password you have previously set up on the screen.

    Say you define "1pw" to generate a predefined password such as "60324kK*" then typing in "1pw" will instantly generate the password "60324kK*" as if it was typed on your keyboard.

    So easy!

    You have replaced a complex, hard to remember, password with an easily remembered 3 character key, which if you forget it, can be looked up in an associated ShortKeys table.

    This application can also be used to instantly generate useful things such as your address, telephone number, many other passwords, usernames, account numbers, etc. ... or any text string you can think of.

    I couldn't do without it!
    Alan
    1st Sep 2020
    3:03pm
    Thanks CO. I'll check it out.
    Alan
    1st Sep 2020
    3:30pm
    Hi CO,

    I had a look at that shortcut program.

    As it says, you use a shortcut key to remember a longer password. In my case I am looking for something to look after my `130+ passwords.

    You'd need to remember the same number of shortcuts as you have passwords? Am I right in this?
    ChannelingOrwell
    1st Sep 2020
    3:50pm
    Hi Alan, " I am looking for something to look after my `130+ passwords"

    WTF? How did you manage to accumulate 130+ passwords?

    I have trouble accumulating ten passwords and I do a lot of logging in.

    You're doing something stupid there I think.

    You know you can spread one password over many different logins don't you?

    Could you list some of the logins making up your 130+? I'm curious ....

    Unbelievable ...
    Alan
    1st Sep 2020
    4:24pm
    Hi CO,

    I'm doing something stupid you reckon. I think using the same password for many different sites is absolute madness. Where's your security there? if someone manages to get your password then they can access multiple sites with the one password. The one thing we are told over and over is NOT to use the same password for more than 1 site.

    BTW ..... looking at the size of the net and the places we go to regularly, I don't think 130 sites is unbelievable. Of course there are only 30-40 that get used regularly and the rest might only be used once every couple of months.
    ChannelingOrwell
    2nd Sep 2020
    1:40pm
    Hi Alan,

    "using the same password for many different sites is absolute madness"

    Really?

    I have used the same username and password for ALL my shopping sites for many years now without any problems.

    For my internet banking there is additional security provided by a bank-supplied code generator token next to the computer which would be impossible to hack.
    This code has to be entered correctly after logging in conventionally, and before any transactions can take place.

    I will likely upgrade to having a separate security code SMS'd to my mobile phone in future.

    So that makes three separate items that a would-be hacker has to know. A difficult if not impossible task

    This, together with a very strong password
    mel
    1st Sep 2020
    12:52pm
    There are dozens of password managers. Each claims to be the best. But which are secure and trustworthy? Any recommendations?
    ChannelingOrwell
    4th Sep 2020
    11:47am
    Hi Mel,

    Why not use the password managers built into most, if not all, web browsers?

    They save passwords by default or you can reconfigure them to do so.

    They can save a separate password for each site you visit, so that you don't need any extra software.
    Kiwinoz
    1st Sep 2020
    12:56pm
    I have been using Roboform for years and find it very easy to use. there is a choice of a free package which offer about 20 passwords or paid package which provides unlimited passwords. It also allows you to set up your personal details and credit card information if you wish allowing a single click to populate all those competition sites. All this by remembering one single master password
    Alan
    1st Sep 2020
    1:30pm
    Does this Roboform keep your passwords somewhere else rather than on your computer?
    Golden Oldie
    1st Sep 2020
    2:00pm
    What can go wrong? Everything. Came home about 5 years ago from a holiday cruise, found I'd been burgled, and had my laptop, camera, movie camera, jewellery, and car, stolen. Nothing recovered. Glad I had my passwords in a different place.
    Miranda
    1st Sep 2020
    6:43pm
    I have used an app called 1Password for a few years. It’s easy to use and free. All you have to remember is the master password.
    jaycee1
    2nd Sep 2020
    9:02am
    Have used Keepass for years with no problems. It's free and very easy to use.

    https://keepass.info/news/n200507_2.45.html
    Alan
    2nd Sep 2020
    11:51am
    Hi JC,

    With that Keepass ... do you keep your secure vault in the cloud or on your local machine?


    Join YOURLifeChoices, it’s free

    • Receive our daily enewsletter
    • Enter competitions
    • Comment on articles