People now have more passwords than ever, thanks to the evolution of technology and our reliance on all things electronic. Remembering the ever-expanding set of passwords has become nearly impossible. Therefore, the use of Password Managers is becoming a popular concept. Password managers allow you to generate and store complicated passwords without having to remembering them.
We aim to outline the benefits and drawbacks of password managers and provide advice on overcoming the potential disadvantages.
What is a Password Manager?
Password managers are most often digital apps that securely store your passwords on your computer or in the cloud, although there are paper versions that can be kept as hard copies in your safe or other secure place. But for the topic of this article we will stick with the digital app versions.
Instead of remembering a multitude of different passwords, these digital password managers allow you to keep them all in the password manager software. Some password managers offer a browser extension that may then enable you to auto-fill the account you wish to log in to, simply by pulling up the site’s login page.
Additionally, password managers employ robust encryption algorithms to ensure your information is safe guarded and only available to you. This is because password managers use a zero-knowledge architecture that encrypts and decrypts your data using the master password.
Furthermore, your master password is known only to you and is not saved on the password manager's servers. Even if a hacker gains access to your password manager, the attacker cannot read your passwords in plain text unless they know your master password. While anything on the internet is never 100% secured, these password managers try their best to lockdown your data to prevent any threats to your important information.
Pros of Using a Password Manager
Research has revealed that many people (particularly those under 34) have become careless with their passwords. Over 35% of people use the same password for most internet logins. Even worse? 42 percent of tech users have had their accounts stolen at least once due to this reason. It's easy to see why individuals may grow lazy about security. Considering how many password-protected programs you used ten years ago vs. now. Memorizing 20+ different, difficult, and safe passwords is no easy task.
A password manager safeguards your personal and professional information, making your online experience straightforward and hitch-free. Below we have highlighted six of the most significant password manager advantages.
1. Only Memorize 1 Password
Most password managers hide all of your other passwords behind your single “Master Password”. This master password is the only one you need to remember in order to access all of your other passwords.
Bonus Tip: it is recommended to change out this Master password every 3 months, but at least once a year to ensure your account remains as secure as possible.
2. Browser Extensions Enable Autofill Functions
Password managers make it extremely simple to access all of your accounts. As previously said, not only do you not need to memorize your account passwords the browser extensions enable you to automatically fill out the login form for every account you wish to access. You can access any account within your password manager fast and conveniently.
3. Can Auto Generate Strong Passwords
You can use password managers to automatically generate unique and complicated passwords for each of your accounts. Because you don't need to remember passwords other than your master password, you may use the password generator to create these complex and unique passwords. You can also personalize the password-generating process by specifying a character length and readability level.
4. Works Across Multiple Devices
You can use password managers across multiple devices. Simply download the browser extension or the mobile app. As a result, you can use your password manager to log in to all your accounts from your desktop, laptop, smartphone, or tablet. If you change a password within one extension/device, it will be automatically updated on the others. This makes switching between devices a breeze.
5. Internal Security Features
Most people use password management software for the sole purpose of increasing security and account protection. Password management users have greater protection over their internet credentials than non-password manager users. To protect you from hackers, reputable password managers (such as LastPass or Chrome Password Manager) use powerful encryption algorithms.
6. Secure Sharing
You can share passwords for joint accounts with relatives or coworkers. Of course, it is not suggested that you reveal your personal passwords, but for shared accounts, a password manager allows you to regulate who has access to passwords. Additionally, you can share account information, but set it up so that the person you share it with can’t actually see the password nor can they update the password. This adds yet another layer of security.
Bonus: Easy Access for Family Post Demise
In the unfortunate case of death, the remaining family is left to sort through the life of their lost loved one. Having had used a password manager the deceased would only need to leave behind 1 password to allow the family to handle all of their affairs. Adding the Master Password to your password manager to you will, will ensure your family will be able to access any important accounts they need to once you are gone.
Cons of Using a Password Manager
Now, all technology comes with some downfalls. So, let’s discuss the disadvantages of utilizing a password manager. The following are some of the drawbacks you may experience.
1. Single Point of Failure
Although password management software makes it easy to remember passwords, your master password could be a single point of failure. If a hacker obtains your master password, they may be able to enter your password vault and view all of your accounts.
Nevertheless, most password managers require Multi-Factor Authentication (aka. MFA or 2-factor authentication). This means, even with your master password the potential intruder will also need to have access to your MFA source. As a result, if given the option we always recommend utilizing 2-factor or multi-factor authentication when handling your password management. The master password is a double-edged sword that may work for, or against you. Hence, try your hardest to keep it between you and yourself only.
2. Only Available while Online
Most password management software only works when connected to the internet or cellular service. Several are inaccessible to users when not connected to the internet, which might hinder certain operations. In the world of the cloud these management software’s rank supreme. But for those looking for password managers that enable offline storage there are some out there for you like Password Safe and Keeper
3. Applications Get Discontinued
Just like in the brick-and-mortar world, businesses shut down. But when a software technology company shuts down you could loose all of your non-memorized passwords. The hope is that the end user (you) would be warned before shutdown so you could transfer or write down all of your passwords to mitigate any loss.
4. The Creating Company Can Still Get Hacked
Cyberattacks have targeted even well-known password management solutions. LastPass, KeePass, Keeper, and OneLogin have all been victims of cyber-attacks that exposed their users' email addresses, passwords, and other information.
Security flaws discovered through in-depth examinations were used to educate developers working on password managers and others on how to prevent such scenarios in the future.
The Last Pass Hack
Hackers exposed LastPass customer data in December 2022 due to the aftermath of a previous announcement in August.
The Hack
The progression of the vulnerability after an event about four months previous in August 2022 implies that LastPass failed to limit the breach and its ramifications.
In late November 2022, LastPass CEO Toubba stated that "some portions of our clients' information" had been obtained by a threat actor. Yet, the corporation did not disclose the entire breadth of the exposed data until three weeks later.
According to CEO Karim Toubba's blog post, an unknown threat actor accessed and stole a cloud-based backup of client vault data, including encrypted passwords, usernames, and form-filled data.
The Security
"These encrypted fields stay private using 256-bit AES encryption and can only be decoded using our zero-knowledge architecture with a unique encryption key obtained from each user's master password," Toubba explained. According to Toubba, LastPass does not keep or retain the master password on any servers therefore any information the hackers got are highly encrypted and almost impossible to ascertain without the users Master Password.
Recommended Action
LastPass said there are no current procedures to be needed for current LastPass customers and that its security protocols have kept everyone's data protected behind their master passwords.
The backup of client vault data includes unencrypted data such as website URLs that customers visit using the password manager, company names, billing addresses, email addresses, phone numbers, and the IP address from which customers use LastPass.
If LastPass' default master password settings, such as a minimum of 12 characters, are followed, "there are no advised measures that you need to do at this moment," according to Toubba. Toubba estimated that guessing a master password using commonly accessible password-cracking equipment would take "millions of years" with standard settings.
A threat actor, on the other hand, may try brute force to guess master passwords and target consumers with phishing assaults or credential stuffing. Around 33 million registered users and 100,000 business clients utilize LastPass. Are you one? If so, it wouldn’t hurt to update your master password, but as the CEO said currently there are no post-hack security measures to be taken.
Protecting Yourself from the Cons
Password managers significantly improve internet security by preventing scammers from accessing your data and accounts. A password manager is really useful, no matter who you are. But, there are several precautions you may take to protect yourself against its susceptibility and potential downfalls.
Use Multi-Factor Authentication
Regrettably, not all password managers demand multi-factor or two-factor authentication. This creates a significant danger for infrequent internet users who only rely on a password manager for the safety of their entire passwords. Understanding how 2-factor authentication provides considerably greater account security and safety is crucial. As a result, we recommend using 2FA on all your critical accounts, such as your password manager, bank accounts, and emails.
Change your Master Password Often
If you already have a long, unique passphrase for your master password, you'll be relieved that you don't have to update it frequently. You are already following best practices, and your master password is highly secure against common cybersecurity risks.
On the flip-side changing passwords too frequently has been shown to result in the use of weak passwords. When individuals have to create new passwords all the time, they start making them simpler to ensure they can remember them. As a result, it is recommended to change your master password twice a year. However, everyone knows it sucks to change your password so if you are confident in the length and uniqueness of your password then the interval is solely up to you.
Keep a Hard Copy Locked Away
Passwords scribbled on a sticky sheet or notepad are a safe password management method for the average computer user. For most, there is a slim chance that cybercriminals will break into your home just to steal your password book.
However, if you decide to keep a hard copy it is best to add another security layer, similar to MFA, but this time literally. Keeping your hardcopy locked up in a safe or reinforced filing cabinet will add an additional layer that a burglar would have to take to get at your password list.