Using passwords is one of the ways of keeping your online accounts private and secure. But they can be easy to forget and strong ones are hard to create. This is where a good password manager can help.
What Is A Password Manager?
A password manager is a computer program or online service that performs password storage, generation, and management. Passwords are stored in encrypted databases online or on a user’s system.
Password managers can be of several types:
- Web-based password management services.
- Software programs installed on a local machine (the user’s computer).
- A hardware device that acts as a token to unlock a user’s machine.
Popular web browsers such as Chrome, Firefox, and Edge have password managers included. PCs, Macs, and Android also have them available as storage on the user’s local device.
Why Use A Password Manager?
Password managers can be very helpful for users that rely on many accounts each day to run their digital lives. Having many online accounts presents opportunities for hackers to break in due to guessing weak passwords, or stealing them from a site or machine. The user may also forget the passwords and be locked out of their account(s).
Here is what password managers can give you:
- Strong randomly generated passwords.
- Only having to remember or store the master password.
- Decreasing the chances of hackers stealing or cracking your passwords.
- Saved time and convenience.
How Do Password Managers Work?
Each password manager varies based on the intentions of the designers who built it.
The encrypted storage can be either local (the user’s computer or local network) or remotely via the web. Password management services keep files locked and require a user-generated “master” password to gain
access to the stored passwords and other login information held in their databases.
Some types of information password managers can store:
- Credit card information
- Airline flight information
- Personal medical data
The various additional features a password manager provides can enhance convenience and value for its users. Autofill of login credentials as well as random password generation makes them easy to use and practical.
Password managers are fairly easy for software makers to implement and usually do not require any major computer or server changes.
Password Manager Vulnerabilities
Password managers can be broken into by cracking a weak master password, accessing a local machine or hard document that stores the password, or by brute force attacks. If a password manager is hacked, all passwords stored within it are made vulnerable to theft.
App phishing is also a major threat to password managers, which is what happened with LastPass and 1Password.
Here are the main threats to a master password:
- Acoustic cryptoanalysis
- Hard document theft
- Non-granted local machine access
- Web-cam spying
- Cracked autofill login forms
If a password manager is broken into, this can lead to some major consequences for users, such as:
- Identity theft
- Financial theft
- Medical records theft
- Online shopping fraud
Are Password Manager Apps Safe?
Password managers are safe ways to store your passwords. They are stored in secure, encrypted online or local vaults. Many of them also have the option of using two-factor authentication.
However, different types of password managers have their own unique weaknesses. In particular, web-based password managers have several flaws:
- Authorization flaws- sharing access with multiple users that mimics authentication.
- Bookmarklet flaws – These are small programs that web-based password managers often use to log in users, but can be infiltrated by a dangerous website if not properly constructed.
- iframe login flaws- iframe logins can be mimicked by hackers that the user becomes accustomed to relying on when logging into the password manager.
- Web vulnerabilities – web-based password managers can have XSS and CSRF weaknesses that hackers can crack to obtain user passwords.
What To Look For In A Password Manager?
A good password manager should provide the following:
- A password generator
- Strong encryption for all sensitive data.
- Autofill option
- Multi-platform access
- 2-factor authentication (2FA)
- Storage breach alerts
- Industry-standard encryption (such as Advanced Encryption Standard (AES)).
- Security questions and answers.
- Fingerprint and facial recognition.
- Insecure login page warnings (that do not use HTTPS).
- Good customer service.
If provided, it is recommended to turn on 2-factor authentication not only when using a password manager, but with all devices and online accounts as well. The extra step of authentication can go a long way in preventing login hacks.
What Password Managers Cannot Do
A password manager cannot stop phishing and keyword logging that captures your keystrokes while you type in logins and passwords. So, it is very important to also have antivirus and antimalware software installed on your system to prevent these types of malware from infiltrating your system.
For anti-malware software recommendations, see our software Mega Review Roundup Here >
Are Password Managers Free?
Password managers that are included with your system or as part of your web browser are free. But if you are looking to add a good password manager either locally or online, they will most likely cost you money.
Password managers you can sign up for now include:
- Password Boss
- McAfee True Key
- Zoho Vault
Additional Password Recommendations
Make sure to clear your internet search history regularly (daily is recommended.) This contains the sites you have visited and logged into. If a hacker gets ahold of your logins through keylogging and combines this with your search history, they can narrow these down to access your secure accounts. Using a VPN can also help keep your accounts secure by preventing sniffers from monitoring your traffic behavior and the sites you visit.
Keeping track of your passwords can be difficult in today’s complex and busy digital world. Using a secure password manager that provides security and convenience can go a long way in keeping your data secure.