Not even a global pandemic can render cyber threats ineffective, which is why data security and protection are paramount. There is a need to consider various methods to achieve adequate protection.
A password manager is a software program that helps an individual to generate, store and manage a strong password.
A strong password usually consists of at least 8 characters, which consists of lowercase and uppercase letters, numbers, and at least one unique character such as “! and@”. For websites you regularly use that require your log-in credentials, a password manager helps you to store (in some cases, generate) log-in credentials and then login automatically. Such a password is encrypted with a specific master password set by a user. The set password will be the only password a user needs to know.
Password managers simplify the usage of strong passwords and reduce the risk of losing them to attackers. This article addresses the types, benefits, and risks involved in using password managers.
Types of Password Managers
Desktop-Based Password Manager
This type of password manager is the oldest and is referred to as the most secure. It encrypts and saves the username and password on the user’s personal computer locally.
Cloud-Based Password Manager
The likes of NordPass and 1Password fall under this category. User’s credentials (username and password) are stored in the service provider’s server. Data transmission between the client’s web browser and the service provider’s server is done over a secured transmission channel. With this kind of service, a user can access his/her data at any point in time. This can be risky because the service provider can get access to the user data.
Browser-Based Password Manager
It is very similar to a cloud-based password manager. Unlike Cloud-based, Browser-based manager is model into a web browser such as Google Chrome and Mozilla Firefox as an extension with an in-built option that randomly generates and saves the password and the username of the user. It is user-friendly but less secured.
Portable Password Manager
This type of manager offers a unique and flexible feature. It stores credentials on a mobile device, removable disk, or Hard Disk Drive. The portable password manager is secure when put side by side with a desktop-based password manager, but confidential data loss could result from a loss of portable device loss.
Examples of Password Managers
Keeper
Keeper actively demonstrates that password management security is of high priority and top-notch. It has the function to co-exist with other well-developed apps and browsers as an extension with cross-platform syncing. The limiting factor to this password manager is the limitations that come with the free version.
LastPass
LastPass is an outstanding and easy-to-use password manager that helps users generate and store strong passwords. It has well-organized features that match other paid password managers’ capabilities, such as platform syncing, which is enabled for premium users but limited to free version users and two-factor authentication.
bitwarden Premium
This, amongst other password managers, is considered to be effective in terms of cost and services it offers. Bitwarden premium password manager uses an advanced two-factor authenticator. Which serves as an authenticator by generating Time-based One Time Password (TOTP) for supporting sites. It offers an impressive free edition. It comes with its cons, such as limited support for iOS and extra cost on full-scale security functions.
LogMeOnce Password Management Suite
LogMeOnce is a more sophisticated password manager with a friendly user interface. It offers numerous unique functions (mostly patented), which makes it costly at the end of the day compared to other password managers. It synchronizes across most Operating systems such as macOS, Windows, Linux, and Android. Its only limiting factor is the cost of use, especially when the user decides to utilize all its features.
Benefits of Using a Password Manager
Password managers help mitigate various methods used by attackers to perpetrate password attacks on their victims. Here are common attacks, plus how a password manager helps curb these methods.
a. Brute Force Attack
A type of attack whereby an attacker employs the use of a computer program to gain access to a user’s account with all possible password combinations in a predetermined format (letter by letter) and not just randomly. Password manager curbs this type of attack by generating a strong password that cannot be classified as easy-to-guess. It is random, consisting of uppercase and lowercase letters, numbers, and at least one special character.
b. Dictionary Attack
Unlike the brute force attack previously discussed, in a dictionary attack, attackers use a computer program to cycle through common words to determine a user’s password. A strong password generated by a password manager would prevent this type of password attack.
c. Keylogger Attack
Technically, this type of attack falls under the malware or digital virus category. This type of password attack installs a computer program on the user’s endpoint to track all of its keystrokes. i.e. as the user types in their credentials, the attacker gets a record of the keystrokes. A password manager helps input user’s login credentials automatically. Hence, the keylogger attack would not be effective. An attacker can only steal the passwords you typed, not the ones you don’t.
d. Password Reuse
Many password leaks occur as a result of password reuse. Some users find it difficult to use a unique password for every website and decide to use a single password for different websites. If an attacker gets this password and email of the user, its account could be compromised. Password manager solves this problem by generating unique passwords for different websites.
Risks Involved in Using Password Managers
A password manager allows users to encrypt various passwords with a single MASTER PASSWORD (more or less putting all your eggs in one basket); a situation whereby a user forgets this master password could lead to loss of various user accounts.
a. Single Point of Failure
An attacker getting access to the master password could compromise every single login detail stored on a password manager.
Recommendation
Suppose, out of fear, the risks mentioned above give you second thoughts on using a password manager. In that case, you can consider using the computer program to store low-value passwords to get familiarized with how password manager works and minimize risk.