What is a password manager and why you should have one
Do you not just despise having to remember a plethora of different passwords for all the divergent websites and applications you use or register for? Or perhaps you prefer to save them inside of your browser of choice? Maybe you would rather note down credentials on a piece of paper or store them in a local file on your device?
Regardless, given the swift evolution of technology and the drastic speed at which it is currently developing, issues related to online security and privacy are currently more prevalent than ever before. As a result, websites and both mobile and desktop applications have also begun to require users to devise passwords that are difficult for others to guess or decipher.
No more are words such as ‘admin’ or the generic ‘password’ relevant and each website you register on now has substantially different requirements ranging from ‘at least one capital letter and a number’ to obligatory symbol usage.
Google via Twitter
One the one hand, this results in the process of remembering and keeping track of all your passwords becoming extremely laborious even if you decide to utilize separate similar iterations of one distinct variation.
On the other hand, while cracking such a password could prove challenging for a person, computational algorithms are a whole different entity and they are capable of running a stupendous amount of commands in under a second, meaning that your credentials might not be as undecipherable as you actually think, even though you implemented strange and unique characters in it.
All of these aforementioned factors and circumstances have consequently led to the creation of the so-called password managers in order to help you both remember your watchwords and safely preserve them by the use of encryption.
What is a password manager?
Such a software can be simply defined as a tool that is capable of storing passwords securely, in most cases by utilizing the process of encryption, to completely remove or at the very least minimize the potential of any data leaks occurring.
Some services even offer you a password-generation feature, which you can further use to create machine-indecipherable identification credentials. They consist of a mixture of randomized sequences of lower and uppercase characters, integers and symbols that are substantially more difficult to be decoded by a machine.
Why is having a password-storing software important?
If you are a user, who casually stores all of their passwords inside the browser or its cached memory, this section is for you. Imagine leaving your personal computer running or smartphone unlocked because you were required to go somewhere else in a rush. It would take someone literally no more than 3 clicks to open your browser settings and uncover all your private information.
Consequently, this becomes even worse if the websites that you have registered on are not using two-factor authentication, meaning that they can not only steal your data, but also personal information, purchase history and other sensitive information that can be classified as a privacy breach, not to mention the fact that they could effortlessly change the password and permanently lock you out of your account.
While most banks and payment services do have additional login requirements as an added security measure, not every website implements them, which can leave both you and your data vulnerable.
Photo by Yura Fresh on Unsplash
However, there are also other potential points of access to your personal passwords that you might not even be aware of. Over the past years there has been an increasing amount of browser extension fraud cases, with users downloading a seemingly harmless extension only to later discover that it has been collecting both their personal data and their credentials in the background.
The same password theft has also occurred on many different occasions such as with antivirus software or applications, downloaded from an unknown or untrusted source that acted as backdoors. However, these are all examples of privacy leaks and security breaches that could have been avoided if the appropriate password manager had been utilized.
What features signify a reliable service?
There are quite a substantial number of different factors that you could take into consideration when determining whether a given manager is reliable or not. Firstly, a password-keeping service’s top priority should always be security.
Therefore, when you conduct your research on different products, it is absolutely vital to check whether the given product has a record of previous data leaks or even worse - system hacks. Generally, if an application has had its source code leaked and its system hacked, major changes are required to be implemented to ensure that such instances are avoided in the future.
Moreover, when downloading and installing a particular manager, you are encouraged to also do routine checks about background processes that could be attempting to monitor your activity or steal your information.
Nevertheless, there are many different open-source password managers, the code of which is publicly available. This, consequently, limits the possibility of malicious code being injected by the developer or anyone else due to the fact that it would immediately be noticed by the community.
Ultimately, make sure to also do your own independent research on whether your targeted products have a storage vault and if your passwords will undergo an encryption process to increase security.
Additionally, you should also pay attention to the encryption type as it can be both symmetrical, using the same key to both encrypt and decipher information, and asymmetrical, which utilizes separate keys to perform both processes independently.
Photo by Markus Spiske on Unsplash
Finally, staying on the topic of encryption, it is also beneficial to ensure whether the password manager you have elected to use has a security check certificate, which will simultaneously encrypt identification data and perform regular checks.
Additionally, make sure that the selected service also records user activity in the storage vault including providing data about an individual’s device, location and time of access, which will make it easier for you to identify potential security breaches.
Password manager types
Usually, such products can be grouped differently based on a couple of factors such as type, encryption and cost among others. In terms of types, 2 general variations exist - open-source, which we briefly touched upon, and premium - which were professionally developed by a company. This differentiation can also be applied in relation to their price as open-source managers are usually completely free to download and use in comparison to the premium password-keeping services that require to be bought or subscribed to.
However, it is important to remember that price should not be the primary influential factor when you are considering a password manager as it is security that is of the utmost importance. Addiotionally, you should think about the divergent encryption types that exist in the field of password-storing software as well. Some of the most common encryption formats are 256-bit AES, OpenPGP, PBKDF2, SHA and Twofish amongst others.
Consequences of hacked or forgotten credentials
There are many viable examples that can illustrate the impact, severity and consequences that a hacked password can actually have. A man lost his life savings due to an email interception which led to a breach. Furthermore, there is currently an increase in the different phishing and even ‘smishing’ attacks that are also used to gather user data and personal information along with their passwords.
Moreover, a substantial amount of WiFi routers were recently found to have had a major flaw in their software, allowing hackers to gain complete access to people’s data, personal information and passwords.
In addition to being forcefully hacked, simple instances in which people just did not remember the password to their account have also occurred. However, in the case of Stefan Thomas, forgetting his credentials turned out to be extremely expensive as he could not recall the credentials for his login to an account containing nearly $220 million dollars in Bitcoin.
Final comments on password management
Overall, it is evident that issues, correlating with privacy and security, are currently being discussed now more than ever and keeping your passwords safe has never been as important. Because of this, you should consider utilizing a password manager to ensure secure storage.
When deciding on a particular software, ensure to research their brand and product in order to determine whether security is their primary focus along with the different methods of encryption that they utilize and whether they have previously had a security breach.