Password Managers: Highly Recommended But Still Vulnerable
We have so many different accounts online these days that remembering all the passwords has become something of a nightmare. It is standard advice to use a different password for different accounts and change them on a regular basis. So how do you remember which password you have used on which account? The answer has been with the help of password managers.
While password managers are a huge help it does bring about the question of how safe they are to use. Surely if they help you and others in your home to easily gain access to your accounts, then if it gets compromised others will also have easy access.
How Do Password Managers Work?
Password managers are essentially digital safes that store all the passwords to your different accounts.
When prompted to enter a password, the password manager will auto-complete the password for you, or if you are using one on a mobile device, it is possible to copy and paste the password.
Password managers make it very easy for people to have unique long passwords that would not be feasible without the use of a manager as they would be impossible to remember for all accounts.
Password managers can also store payment information for such as debit and credit cards. While this is convenient, it does have vulnerabilities.
Password Managers Have Already Been Compromised
While password managers can help you remember passwords and allow you to utilize long complicated and unique passwords, it does not necessarily mean that your accounts are safe.
A recent report by Independent Security Evaluators revealed that some malware can compromise password managers. What is even more worrying is the fact that the risks are there even when the password manager is locked and running.
The popular password manager LastPass was hacked back in 2015. Developers of the software realized something was amiss when they found strange server activity. The hackers managed to steal password reminders and email addresses, along with other information. However, the hackers did not manage to bypass the “slow hashing” encryption method used by the company to keep the password data of users safe.
More recently in 2017 OneLogin password manager was hacked. The company revealed that cybercriminals had gained access to customer’s data in the U.S and the hackers might have decrypted the data that was supposed to be safe and secure.
Other Security To Put In Place
Though there have been some troubling incidents, there's no doubt that password managers can be used to boost your online safety, providing there are additional security measures in place.
Senior research scientist at OpenDNS, Mark Nunnikhoven, believes that password safety is an extremely important part of digital security. Nunnikhoven recommends people just remember two passphrases that are long instead of smaller passwords. These paraphrases are for access to your personal computer and for a password manager.
This two-passphrase rule allows for the creation of complex passwords that are almost impossible to guess for anyone attempting to break into an account. You then only have to remember the paraphrase to get into your computer and the password manager and the rest are kept safe in the manager.
When using password managers ensure you have malware and virus protection in place and consider using a virtual private network (VPN). A VPN allows users to hide behind a false IP address with their real one hidden away. This makes it more difficult for malicious actors to track your online activities and associate them with your real identity, which could make you a target for social engineering.