Do you not just despise having to remember a plethora of different passwords for all the divergent websites and applications you use or register for? Or perhaps you prefer to save your passwords inside of your browser of choice? Maybe you would rather note down your passwords on a piece of paper or store them in a local file on your device?
Regardless, given the swift evolution of technology and the drastic speed at which it is currently developing, issues related to online security and privacy are currently more prevalent than ever before. Because of this, websites and both mobile and desktop applications have also begun to require users to devise passwords that are difficult for others to guess or decipher. No more are passwords such as ‘admin’ or the generic ‘password’ relevant and each website you decide to register on now has substantially different requirements ranging from ‘at least one capital letter and a number’ to obligatory symbol usage.
Google via Twitter
One the one hand, this results in the process of remembering and keeping track of all your passwords becoming extremely laborious even if you decide to utilize separate similar iterations of one distinct password. On the other hand, while cracking such a password could prove challenging for a person, computational algorithms are a whole different entity and they are capable of running a stupendous amount of commands in under a second, meaning that your password might not be as undecipherable as you actually think, even though you decided to implement strange and unique characters in it.
All of these aforementioned factors and circumstances have consequently led to the creation of the so-called password managers in order to help you both remember your passwords and safely preserve them by the use of encryption.
What is a password manager?
A password manager can be simply defined as a tool or piece of software that is capable of storing your passwords securely, in most cases by utilizing the process of encryption, in order to completely remove or at the very least minimize the potential of any data leaks occurring. Some managers even offer you a password-generation feature, which you can further use in order to create more machine-difficult passwords. They consist of a mixture of randomized sequences of lower and uppercase characters, integers and symbols that are substantially more difficult to be decoded by a machine.
Why is having a password manager important?
If you are a user, who casually stores all of their passwords inside the browser or its cached memory, this section is for you. Imagine leaving your personal computer running or smartphone unlocked because you were required to go somewhere else in a rush. It would take someone literally no more than 3 clicks to open your browser settings and uncover all your passwords. Consequently, this becomes even worse if the websites that you have registered on are not using two-factor authentication, meaning that they can not only steal your data, but also personal information, purchase history and other sensitive information that can be classified as a privacy breach, not to mention the fact that they could effortlessly change the password and permanently lock you out of your account. While most banks and payment services do have additional login requirements as an added security measure, not all websites and applications implement them, which can leave both you and your data vulnerable.
Photo by Yura Fresh on Unsplash
On the other hand, there are also other potential points of access to your passwords that you might not even be aware of. Over the past years there has been an increasing amount of browser extension fraud cases, with users downloading a seemingly harmless extension only to later discover that it has been collecting both their personal data and their passwords in the background. The same password theft has also occurred on a number of different occasions such as with antivirus software or applications, downloaded from an unknown or untrusted source that acted as backdoors. However, these are all examples of privacy leaks and security breaches that could have been avoided if a password manager had been utilized.
What features signify a reliable password manager?
There are quite a substantial number of different factors that you could take into consideration when determining whether a given password manager is reliable or not. Firstly, a password manager’s top priority should always be security. Because of this, when you decide to do your research on different password managers, it is absolutely vital to check whether the given manager has a record of previous data leaks or even worse - system hacks. Generally, if an application has had its source code leaked and its system hacked, major changes are required to be implemented in order to ensure that such instances are avoided in the future. Moreover, when downloading and installing a particular password manager, you should also do routine checks about background processes that could be attempting to monitor your activity or steal your information.
Nevertheless, there are also many different open-source password managers, the source code of which is publicly available. This, consequently, means that no malicious code can be injected by the developer or anyone else due to the fact that it would immediately be noticed by the community.
Ultimately, when choosing a password manager, do also research whether they have a storage vault and if your passwords will undergo an encryption process to increase security. Additionally, you should also pay attention to the encryption type as it can be both symmetrical, using the same key to both encrypt and decipher information, and asymmetrical, which utilizes separate keys to perform both processes independently.
Photo by Markus Spiske on Unsplash
Finally, staying on the topic of encryption, it is also beneficial to ensure whether the given password manager you have selected to use has a security check certificate, which will simultaneously encrypt your passwords and perform regular checks on both on them and the users that are accessing the passwords or storage vault, along with providing you with data about their device, location and time of access, making it easier for your to identify potential security breaches.
Types of password managers and how do they compare to each other
Password managers can be grouped in different groups depending on many factors. However, in this article we will be grouping them by type. Simply put there are 2 general types of password managers - open-source, which we previously briefly touched upon, and premium - which were professionally developed by a company. This differentiation can also be applied in relation to their price as open-source managers are usually completely free to download and use in comparison to the premium password managers that require to be bought or subscribed to.
However, it is important to remember that price is not the leading factor when considering a password manager as it is security that is of the utmost importance. Here are some of the most popular password managers in no particular order compared by the following attributes:
SRP, AES,SHA2, Fortuna PRNG
Free or €30/per 10 users
Free/$3 per person business plan
AES-CBC 256-bit, PBKDF2 SHA-256
$3/personal use or $7.99/business
Free App or $5 monthly for Teams
RSA2048, 256-bit AES
Free personal use or $48 premium
Individual, Family & Buy Once Plans
256-bit AES, PBKDF2-HMAC-SHA512
Free personal use or €3/month for premium
Free personal use or €4.50/monthly
Offer many different plans
PBKDF2, 256-bit AES
Free personal use or $3.99/monthly
Free personal use or Premium Business Plan
256-bit AES, PBKDF2-SHA256
Consequences of a hacked or forgotten password
There are many viable examples that can illustrate the impact and severity and consequences that a hacked password can actually have. This example by the Guardian of a man losing his life savings due to an email interception and later on password breach is just one of them, not to mention the different phishing and even ‘smishing’ attacks that are also used to gather user data and personal information along with their passwords.
Moreover, a substantial amount of wifi routers were recently found to have had a major flaw in their software, which would allow hackers to gain complete information about people’s data, personal information and password as seen in this article by the BBC.
In addition to forcefully hacked passwords, there are also simple instances at which people just do not remember the password to their account. However, in the case of Stefan Thomas, forgetting a password turned out to be extremely expensive as he could not recall the credentials for his login to an account containing nearly $220 million dollars in Bitcoin as reported by the Guardian.
Overall, it is evident that issues related to privacy and security are currently being discussed now more than ever and keeping your passwords safe has never been as important. Because of this, you should consider utilizing a password manager in order to help you store your different passwords securely. When deciding on a password manager, ensure to research their brand and product in order to determine whether security is their primary focus along with the different methods of encryption that they utilize and whether they have previously had a security breach.