Search
  • Anil Lamba

Is Password Manager becoming a Hygiene? - Here's everything you should know about it

Password managers provide a simple way to store, manage and retrieve passwords for online accounts. It that stores your passwords in an encrypted vault that can only be unlocked with your single master password. While that sounds appealing, there’s one question left to answer before you entrust your online security to an app: Can it really be safe to save all your passwords into a single online place? Let’s dig into how safe these apps really are.




Why using a Password Manager is becoming a Hygiene? - Most of us know the rules for good password hygiene – make them complicated, don’t reuse them, change them often and most importantly using a different password for different accounts helps reducing the risk of being hacked. However, we either don’t follow these advice from security experts or remembering fiendishly complex passwords becomes a herculean task for us. According to a report by password manager app “Dashlane”, the average number of accounts registered to one email address in the U.S. is 130. Can you imagine keeping track of 130 unique passwords, whether in your mind or on a scrap of paper? The former sounds like a headache, while the latter can be stolen or misplaced.



On the other hand, A password manager will take a load off your mind, freeing up brain power for doing productive things rather than remembering a long list of passwords. It will not only do the remembering but can also generate the random strings of lowercase and uppercase letters, numbers and symbols required to protect your online accounts from hackers and scammers. Passwords are saved to an ‘encrypted-vault’ that is itself protected by a user-devised master password. In addition. If you’re creating a new account, your password manager will offer to generate a secure random password for you, so you don’t have to think about that, either. It can also be configured to automatically fill information like your address, name, and email address into web forms.



What Are Password Managers, Exactly? - At its core, it is a program that generates, encrypts and stores passwords in a database for your online accounts, so that you have a quick reference for every site you’re signed up for. To retrieve your passwords, you generally enter a master password that unlocks your stored information. However, modern password managers do far more. They automatically log you in to websites and applications, as well as store information. The encrypted (256-bit AES)information changes from program to program, but the core tenets of a modern password manager include passwords, PINs, credit card information, contact information, notes, answers to security questions, and more.


Here is a variety of other features which they offer: -


Browser extension - for easy access to your saved passwords while you’re browsing online.

Two-factor authentication - Strengthen your account’s security with a second piece of information that’s required to finish the login process.

Fingerprint support for mobile devices- You can sign in with just a touch of your finger.

Ability to store additional information, such as account recovery codes and answers to security questions.

Digital file storage – using which you can upload important records.

A Digital wallet - stores your account information, like credit card numbers, for a streamlined shopping experience.

Security alerts that notify you if the password manger thinks your online account has been compromised

Sharing features that let you securely share information with friends and family

You'll still want to take other security measures, such as setting lock screens on all your devices, using two-factor authentication on valued accounts, and only using computers that you trust.


Are they safe & convenient? - Popular cloud-based password managers such as Dashlane, LastPass, 1Password, Roboform and Sticky Password use zero-knowledge security protocols that encrypt users’ master passwords with an encryption key that is stored only on users’ devices (so that the companies have ‘zero knowledge’ of users’ passwords). This encryption includes thousands of rounds of authentication hashing, where an algorithm converts a string of text into a longer string, making it more difficult for hackers to crack the hashed text.


Stats shows - Just one in ten Americans use a password manager, and only three percent count it as their most frequent means of password entry. However, a large majority is still using the typical alternatives i.e. using the same password everywhere or storing them in a spreadsheet.


Password manager is a smarter alternative than to store your password in a file on your computer as they are heavily encrypted. In the event of a malware attack, the documents on your computer could be encrypted or stolen. Despite attacks on password managers in recent years, the security benefits of storing your passwords in an encrypted environment can outweigh some of the risks of keeping passwords on your computer or written down in a notebook.

They also offer a password-generator feature that can create strong passwords to help keep your accounts more secure and add two-factor authentication feature as an added layer of security.

From a simplicity and Versatility standpoint - When you use a password manager, you only need to remember a single master password. With that one password, you can gain access to the passwords and additional information you need to manage your online accounts. Many password managers have apps you can download, so you can use them on your mobile devices. Whether you’re using a desktop, laptop or smartphone, you can access your password manager.


How do password managers generate strong passwords? - Not only do password managers help securely house your passwords, but they can also generate passwords that are unique and complex, which makes them more difficult to crack or guess. To do this, password managers use encryption algorithms. These algorithms can be difficult to understand. What’s most important to know is that you should use a different generated password for each login to keep your information out of the hands of hackers.


Every algorithm-generated password includes a combination of upper and lowercase letters, symbols, and numbers, which are unpredictable. When you generate a new password through a password manager, you’ll have the option to make it as lengthy and diverse as you like, without the need to remember it yourself.


The best password manager features - To start cleaning up your password act, your password manager should meet these screening criteria.


Ease of use - It should save passwords from apps and sites seamlessly, including passwords from your browser(s).

Password health check - Does it rate passwords and update weak ones?

Biometric log-in - Convenient, secure smartphone log-ins are a big deal.

Two-factor authentication - This system requires an additional offline code along with the master password, so even if your password gets compromised, other passwords remain safe.

Digital wallet - Can your digital wallet feature securely store credit card details and, even better, facilitate express checkout?

Online backup - The system should back up your information, so passwords can be restored in the event of a lost or stolen device.

Sync across devices - The manager should let you access passwords on both work and home computers, as well as your smartphone.

Able to VPN service for your computer and smartphone to encrypt all of your data when using internet-based services over public Wi-Fi.

Platform-wide availability – Available for MAC, Windows, Linux, IOS and Android.

Key tips to using a password manager safely - So far, the picture may be looking pretty grim for password security and most experts recommend using one. “While it’s impossible to be completely immune from the most advanced threats, However, selecting the right password manager & using the following key steps can help users to protect their credentials from the majority of attacks that they may face -



Choose a password manager without master password recovery

Use Two-factor authentication

Turn off auto-fill

Use strong passwords

Make sure your all passwords are unique

Keep your software up to date

Be wary of downloads and browser extensions.


Here are some of the best password managers based on my experiences -


Dashlane - Dashlane’s feature set may not differentiate itself from other software on our roundup, but the program’s interface has grown impressively over the years. It’s incredibly intuitive and simple, bolstered by two-factor authentication and the ability to change a host of passwords spanning multiple sites with just a few clicks. The fact that Dashlane’s memory footprint gets smaller with every update is only a plus, as is its ability to securely store pivotal notes and share encrypted passwords with emergency contacts in case you have trouble with your account.


LastPass - LastPass is a fantastic password manager, and it’s free so long as you don’t mind getting by without the full suite of premium features. Once you’ve set up your master password, LastPass allows you to import all of your saved login credentials — usernames and passwords — from Firefox, Chrome, Edge, Opera, and Safari.


Roboform - Roboform is a very traditional password manager, with features that will probably look familiar to you. It generates passwords, saves them, encrypts with AES256 bit encryption, and syncs across multiple devices. It also has an updated interface that’s great for newcomers and those who may not use the internet as often — older generations in particular may find it more intuitive thanks to clear sections for logins, applications, contacts, and more.


1Password - Another extremely popular and reliable password manager is 1Password. Featuring a strong password generator, as well as username and password storage (including secure sharing), it excels when it comes to its intuitive user interface and the built-in “watchtower” service designed to notify you of ongoing website breaches. The software’s digital wallet also allows you to securely save everything from your logins and credit card information to sticky notes and network passwords.


Sticky Password - Designed by former execs behind the free antivirus software AVG, Sticky Password seamlessly encrypts and stores passwords and fills out a large variety of forms, recognizing fields such as job titles and company names and handling a range of online accounts. Its browser extension is available for most of the browsers. The dashboard displays all your accounts and passwords, with weak passwords highlighted for updating. A secure memos feature lets you write down other sensitive passwords and membership numbers. The premium version backs up passwords online and syncs all your devices.



Conclusion –

“Password managers are not a magic pill, but for most users they'll offer a much better combination of security and convenience than they have without them. Everyone should be using one in the online climate of the modern era. It keeps you secure, while freeing headspace from which password goes to which account and these programs have evolved enough that you can even store other personal data inside.

It can also save you time by streamlining the management of your accounts as all your data is stored in one location. A password manager is a first step in securing yourself online. However, there is more to do. Keep watching my upcoming articles.



References -

https://www.makeuseof.com/tag/password-managers-keep-passwords-safe/https://www.howtogeek.com/141500/why-you-should-use-a-password-manager-and-how-to-get-started/https://www.consumerreports.org/digital-security/everything-you-need-to-know-about-password-managers/https://www.digitaltrends.com/computing/best-password-managers/https://www.techlicious.com/guide/best-password-managers/

2 views
 

Dr.Anil Lamba

  • LinkedIn
  • Facebook
  • Twitter

©2019 by Cybersecresearch.org. | Dr. Anil Lamba | Cyber Security Expert