A password manager can make your digital life both
simpler and more secure. Are there any downsides to relaying on software to
create and store your passwords?
By Amer Owaida
Recently we commemorated World Password
Day with an article that dealt with five common mistakes to avoid when it comes to passwords. And
although password protection can be considered a cornerstone of our digital
existence, we rarely give it deep thought. Nothing drives that point home more
than the annually compiled lists of the
most-used passwords,
which have ranked 12345 and password among
the most-common choices year after year.
Our preference for flimsy passwords can
be partly attributed to our use of a gazillion different services, which –
unless you connect everything to your Google or Facebook account – often
implies creating a new account. On the other hand, if you do have multiple
complex passwords, they may prove difficult to remember. So, you opt to recycle the same simple password, since you’re thinking: where is the
harm? Well, if a hacker breaks a recycled password, then your accounts may
become an all-you-can-eat breakfast buffet for the attackers.
This is what a password manager – an
application specifically designed to store your login details in an encrypted
vault and to generate complex passwords for you – can help you avoid. By making
it supremely easy to create, save and autofill a unique and strong password for
each of your online accounts, this ‘digital safe’ can be an effective solution
to your conundrum. All you need to
remember is a single password called ‘master password’.
Types of password
managers
Most popular
password vaults function as cloud applications that can be accessed through a
browser. Regardless of your password manager of choice, you’ll have to create
one strong master password that will protect all your stored credentials used
to access the different services you use; so be very careful about your choice.
In the case of a cloud-based manager, this is part of creating an account.
The manager will then take it from here.
You can add all your existing accounts to it and when you sign up for new
services, you can either use your own passphrases or it will use a built-in
generator to create randomized, long, and secure passwords. Once you want to
sign into any of the services that you use, the password manager automatically
fills in your credentials and you’re all set.
If you have an issue with trusting
cloud-based applications with your passwords, you can opt for a locally hosted
vault, which will store everything on your device. In fact, you can choose from
a number of open-source options, which provide a lot of the functionality of
their cloud competitors, albeit often in a more modest design package. But what
these apps may lack in aesthetics, they make up for in features.
Another option that you can go for
besides cloud-based and open-source solutions are the managers that are
included in reputable endpoint security suites and represent a suitable option
to help you manage and secure your login credentials.
The pros and cons of
using a password manager
There are
various types of password managers to choose from, with cloud-based options
being among the most popular. The added benefit of them using the cloud is
having access to your passwords from anywhere. Most of the popular brands
(1Password, Dashlane, LastPass, etc.) offer apps for your smartphone, so if you
use multiple devices (which most of us do), then cloud-based services will sync
all your passwords across all devices. Some even have desktop options and browser
plug-ins, so they have all of the bases covered.
When it comes to subscriptions, the
basic set of options is offered for free. If you find those lacking, you can
always pay for one of the more premium tiers, which usually include more
settings and added security features.
As convenient as all of this sounds, it
comes with one caveat. You’re putting all your eggs in one basket, as it were;
and some online password managers have faced their share of problems in the
past. A few months ago for example, researchers found security flaws in a number of
popular password managers: some Android versions of their apps were found to be susceptible to
phishing attacks, while others allowed endless attempts at entering the master
PIN.
It is important to keep in mind that
since your data is stored on a server, in case of a breach or a successful
hack, cybercriminals can download the information in bulk and your account may
end up in that data trove. Should this happen, you are dependent on the
operators of your chosen service having properly implemented strong encryption and on
the strength of your master password; keep in mind that it guards the gate to
most of your digital life.