Analysis Tech

Password Managers: Do I need one? What do they do?

Password hell

This is an extension of my previous article about how to create safer passwords. One of the options that I provided was the use of password managers. Password managers are tools designed to keep all of your passwords in one place (like that piece of paper that you know you’re not supposed to write them down on) in a secure manner, preventing the need to remember hundreds of unique credentials.

So how does it work?

Password managers can be approached in a couple of ways: web-based or application-based. The first is accessible via the web, where the company stores all of your passwords for you (how kind of them). The latter is an application on your phone or computer that will keep your passwords locally.

Web-based password managers are extremely convenient. They provide a simple web interface that makes logging into your various sites very easy and can usually auto-fill credentials for websites that you are trying to login to, adding a single mouse click to your usual process (once configured).

Application-based password managers are less convenient but more secure. I say “more secure” because the password files themselves (and the application code, if open-source) are available to the good guys who can test them for vulnerabilities. That way, if someone finds a weakness in the password database or the application, the general public is a lot more likely to hear about it. Less convenient, because the passwords are stored on the device that you configure the credentials on. As an example, if I download the app on my phone and added my Facebook credential, I would only be able to utilize that convenience from my phone, unless I copy the database somewhere else. That also means that if I update my password somewhere, the other copy becomes out of date.

What are the options?

Instagram login on cell phone

There are a few major contenders in this realm. Let’s consider an option from each category.

On the web side, LastPass claims to be the #1 password manager. They have a good portion of the market by offering a high level of convenience from the user’s perspective. They integrate directly with the browser and can also save credit card data and other useful information (not that I recommend doing so). They’ve also been breached. Oops. It turns out that security companies are just as capable of missing security flaws in their programs as the rest of us!

On the application side, KeePass is my personal favorite due to its simplicity. Being application-based (and free/open-source), don’t expect too many of the premium features, but it is fully capable of generating complex passwords and auto-filling them for you when necessary. For a technically-inclined user, the password database can be copied to other devices for immediate use.

Benefit analysis

 Web-basedApplication-based
PortabilityUse AnywhereLimited to one device unless you sync password databases
Ease of UseMake an account and go!Download the app and go!
SecurityYou’re trusting the company to secure their site.You’re trusting the security of your phone/computer.

One major benefit of password managers that bears mentioning is that you can (and should) use them to keep your passwords as complex as possible. If you don’t have to remember or even see your passwords, a password of “A9*”7Lc8A[0(./”P%-BW\Wbd<Vng8c~” becomes a viable option!

However, while such complex passwords would no longer leave your account to people outright “guessing” your password, there is still no substitute for two-factor authentication. It is up to you to balance convenience and your security.

passwords

Photos courtesy of Ron Bennetts on Flickr and Pixabay

Please Login to comment
avatar
  Subscribe  
newest oldest most voted
Notify of
Miche
Member
Miche

I’ve been debating if it’s okay to take a tiered approach to my password security. Critical stuff (to me) like financial-related things I tend to keep more secure, but the &*$#96 passwords for my gym membership and social media accounts and fitness app and grocery account and Red Box and hotel/airline accounts, et cetera, I leave in the capable (if hackable) hands of a password manager. I’ve been trying to think through the wisdom of that. I tend to feel like a relatively uninteresting life somehow insulates me from danger or theft…which is probably a stupid attitude. (It’s not one… Read more »

georgehand
Member

Good to hook, Alex. We used Last Pass and duel authentication in our org. I was not aware that last pass had been breeched before. When I think hard about it, even if someone broke into my last pass and got all my passwords to all my accounts… they still wouldn’t have jack$hite of any value. But loves me some articles on technology!
geo sends

%d bloggers like this: