Analysis Tech

Password Managers: Do I need one? What do they do?

Password hell

This is an extension of my previous article about how to create safer passwords. One of the options that I provided was the use of password managers. Password managers are tools designed to keep all of your passwords in one place (like that piece of paper that you know you’re not supposed to write them down on) in a secure manner, preventing the need to remember hundreds of unique credentials.

So how does it work?

Password managers can be approached in a couple of ways: web-based or application-based. The first is accessible via the web, where the company stores all of your passwords for you (how kind of them). The latter is an application on your phone or computer that will keep your passwords locally.

Web-based password managers are extremely convenient. They provide a simple web interface that makes logging into your various sites very easy and can usually auto-fill credentials for websites that you are trying to login to, adding a single mouse click to your usual process (once configured).

Application-based password managers are less convenient but more secure. I say “more secure” because the password files themselves (and the application code, if open-source) are available to the good guys who can test them for vulnerabilities. That way, if someone finds a weakness in the password database or the application, the general public is a lot more likely to hear about it. Less convenient, because the passwords are stored on the device that you configure the credentials on. As an example, if I download the app on my phone and added my Facebook credential, I would only be able to utilize that convenience from my phone, unless I copy the database somewhere else. That also means that if I update my password somewhere, the other copy becomes out of date.

What are the options?

Instagram login on cell phone

There are a few major contenders in this realm. Let’s consider an option from each category.

On the web side, LastPass claims to be the #1 password manager. They have a good portion of the market by offering a high level of convenience from the user’s perspective. They integrate directly with the browser and can also save credit card data and other useful information (not that I recommend doing so). They’ve also been breached. Oops. It turns out that security companies are just as capable of missing security flaws in their programs as the rest of us!

On the application side, KeePass is my personal favorite due to its simplicity. Being application-based (and free/open-source), don’t expect too many of the premium features, but it is fully capable of generating complex passwords and auto-filling them for you when necessary. For a technically-inclined user, the password database can be copied to other devices for immediate use.

Benefit analysis

 Web-basedApplication-based
PortabilityUse AnywhereLimited to one device unless you sync password databases
Ease of UseMake an account and go!Download the app and go!
SecurityYou’re trusting the company to secure their site.You’re trusting the security of your phone/computer.

One major benefit of password managers that bears mentioning is that you can (and should) use them to keep your passwords as complex as possible. If you don’t have to remember or even see your passwords, a password of “A9*”7Lc8A[0(./”P%-BW\Wbd<Vng8c~” becomes a viable option!

However, while such complex passwords would no longer leave your account to people outright “guessing” your password, there is still no substitute for two-factor authentication. It is up to you to balance convenience and your security.

passwords

Photos courtesy of Ron Bennetts on Flickr and Pixabay

0 0 vote
Article Rating
Subscribe
Notify of
guest
10 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Miche
Miche
1 year ago

I’ve been debating if it’s okay to take a tiered approach to my password security. Critical stuff (to me) like financial-related things I tend to keep more secure, but the &*$#96 passwords for my gym membership and social media accounts and fitness app and grocery account and Red Box and hotel/airline accounts, et cetera, I leave in the capable (if hackable) hands of a password manager. I’ve been trying to think through the wisdom of that. I tend to feel like a relatively uninteresting life somehow insulates me from danger or theft…which is probably a stupid attitude. (It’s not one… Read more »

Miche
Miche
1 year ago
Reply to  Alex Green

Sincere question–what does identity theft look like? I mean, I’ve seen The Net with Sandra Bullock, and saw previews for Identity Theft with Justin Bateman (never made time to watch the whole thing), but what does the non-Hollywood, real life version look like? What’s the parade of horribles I’m up against as a reality check? Just how miserable can my life become if someone steals my identity and uses it?

Mic-Mac
Mic-Mac
1 year ago
Reply to  Alex Green

Alex,
I have LifeLock and though I have only applied for a car loan and a credit card and maybe one store card in the 4 or 5 years since I had it, in all three instances I did get a notification. Is there a service where one can actually get a listing of all open accounts listed under ones own social security number? I know there is, I just can’t remember where I got it many years ago when I did have it run.

georgehand
1 year ago
Reply to  Alex Green

I had somebody once get hold of my SSN. They opened up a mobile phone account and ran up a $1,500.00 phone bill making LD calls up and down the east coast. I had a collection agency hounding me daily trying to make me pay the bill. I was in Delta at the time, but that didn’t mean $hit to the collection monkey on the other end of the phone, as it should not have.
geo sends

Mic-Mac
Mic-Mac
1 year ago
Reply to  georgehand

Geo, my son in law, was in the Philippines, stationed at Clark SFB for about two weeks when the June 15th eruption of Mount Pinatubo happened. He was on base security detail and one of the last dozen or so people to leave when they closed the base down. Someone had his Social Security number and got a calling card and was racking up a bill of about $1000 a month for several months. It ended up being an Airman on base. He had stolen other things from others on base and from some who had evacuated. The bastard ended… Read more »

georgehand
1 year ago

Good to hook, Alex. We used Last Pass and duel authentication in our org. I was not aware that last pass had been breeched before. When I think hard about it, even if someone broke into my last pass and got all my passwords to all my accounts… they still wouldn’t have jack$hite of any value. But loves me some articles on technology!
geo sends

10
0
Would love your thoughts, please comment.x
()
x
%d bloggers like this: