Cyber Security: Password Managers It is possible to create your own strong passwords, but it can sometimes be difficult to remember each one, especially if you use a number of online services. The Rolodex was the information system of the 80s. Nowadays filing sensitive information in a place that is portable, secure and easy and quick to access is done via a password manager. A password manager stores the password and the site it applies to. A password manager is an application (program) that runs on your computer, phone or tablet - storing passwords for you in a virtual portable filing cabinet on your device. Using a password manager makes your life much simpler because, rather than having to remember a multitude of passwords, you only need to remember a single password and the computer does the rest. Very simple password managers allow stored passwords to be copied and pasted into login boxes. More sophisticated managers let users launch and log in to an application or website by clicking on their entry in the manager itself Some password managers include browser 'plug-ins' so that you can complete a login on a web page simply by pressing a button. Password Generation FacilitiesThe majority of password managers also offer password generation facilities. They have no problems creating passwords that are highly resistant to both brute force and dictionary attacks. Computers can generate and then file away arbitrarily long pieces of nonsense text, such as: MHpKQCvpYoouTAaPiiWuFKjpNe7qnsbwkrvq3s3cX Safety when using a Password ManagerSince a password manager contains a great deal of extremely valuable information it represents an attractive target for an attacker. Before choosing a manager you should check that:
Web-Browser storage of passwordsMost modern web browsers offer to remember passwords when you enter them into web forms, providing password management for websites you visit using the browser. This can be very convenient for frequently visited sites where you regularly have to enter details. The security of this password storage is strong, and your data will not be visible to casual inspection, but you should be extremely careful using them on any computer that you do not own or have sole control of, since your data will be stored on the machine and could be misused by another user or an administrator. You should only consider using a browser's password storage on a machine that you are the sole user of, or one where you entirely trust the other users. Under no circumstances should you store passwords in the browsers of public machines in places such as cafes, libraries and workplaces. Alternatives to a browser's password management are dedicated password management applications. Additionally, make sure you select a very strong password for controlling access to the password store. This will minimise the risk of attackers having access to your passwords, even if they do manage to steal the encrypted password store, either from your machine or from online storage provided by the password manager software. Choosing a product to manage your passwordsYou need to carefully check that the software meets your requirements. You need to get the answers to a few questions before purchasing a system:
Balance of RiskWhen you evaluate using a password manager consider the balance of risk. A password manager only requires you to memorise a single secure password. All the other passwords it looks after can be long, unique strings of random characters, for example: Dyet%eb5YT%^ahyrp)(nd. This is much more secure than using a paper notebook – thieves breaking into a house or office look for password notebooks. Notebooks also get dropped or left on the train! Some examples of password manager applications are:
Your Master PasswordThe protection offered by a password manager is only as good as the password you select to control access to it – the 'master password'. Therefore, make sure to select a long, hard to guess password – ideally a phrase or combination of random words. This will prevent attackers from getting access to all of your passwords, even if they steal the password store from your machine or an online password system. Password managers are a prime target for hackers, and occasionally hackers have managed to find ways of attacking them. It is therefore very important that you have a very strong password and that such software is always kept up to date. For example, in June 2015 attackers were able to steal a large number of password stores from LastPass, putting those users with very weak master passwords at risk of having all their passwords used by hackers. In September 2019, another vulnerability was discovered in LastPass by a Google Project Zero researcher. This was fixed almost immediately by LastPass in an update. Problems with Password ManagementForgetting the master password - is a real problem - all of a sudden all of your passwords are unavailable. Whether you just forget - or because of illness, age and stress your memory has a lapse you would lose access to vital online facilities. If your password manager's data file falls into the hands of criminals you need to hope your password is strong, otherwise all of your passwords are accessible to hackers. Click here to see alternatives to password management. |
|