Is it Safe to Use a Password Manager
So, is it safe to use a password manager? The short answer is yes – and you’ll find that the majority of security researchers would advocate the use of a password manager. In fact, one of the most important steps you can take to increase your cyber security, is to use a password manager.
We take a deeper look into how password managers work, how safe they are to use – and how they stand to benefit you.
The Tech Behind Password Managers
A password manager is essentially a piece of software that stores all your passwords and other private information in encrypted digital vaults under lock-and-key. Depending on the product, you can safely store identity information, addresses, payment information – such as credit card and bank account details – private notes, and more.
With key-encryption technology, the chain of decryption is near impossible. When using a cloud-based password manager, the encryption takes place on your end. Once the data is sent to the servers, it is done via heavily encrypted files, which means that the key to your vault is essentially never exposed.
You log-in and authenticate using your master password, and you’ll also be decrypting your vault using the master password, but here’s the kicker – a very strong hash function with innumerable iterations is used that essentially renders the information useless to brute force attacks during the process of uploading and retrieval. It sounds complex – and that’s because it is, which is a good thing.
Although you’ll be using your master password or passphrase to retrieve your encrypted vault, it is only used to authenticate communication with the server. At no point does it actually reveal what your master password is.
Password Managers Could Protect Against Prominent Threats
When it comes to account security, the most prominent threat is a ‘Brute Force’ attack. In short, hackers choose a target – either a stolen encrypted offline file, or an online site – and they then use a computer program that is designed to attempt access by running a combination of usernames against millions of possible password or passphrase combinations – until they strike gold.
Once they have this information, the unwitting victim becomes susceptible to all sorts of modern-day threats. This includes things such as ransomware – a type of malware from cryptovirology that essentially holds data hostage until a ransom is paid. Not only is user-access blocked, but they also threaten to make all sensitive information public.
It sounds like the kind of stuff you only hear about in movies, right? Wrong. Several ordinary and famous individuals – and even massive corporations – have fallen prey to ransomware attacks.
an intuitive interface and a simple billing system integrated.
Dashlane – Simplify password management
Recommended solution to manage all passwords in one place
Pros & Cons
Often lauded as one of the best password managers on the market, Dashlane seems to truly deliver on its promise.
How to Effectively Mitigate the Risk of Cyber Attacks
There are several systems and processes that you can follow and implement to protect yourself from identity theft and other cyber-related threats. Keeping your computer or mobile software up to date is essential, as many of these software updates include increased security measures. It is also imperative that you have 3rd party security software on your system to block dodgy connections, to periodically scan for viruses – and to offer firewall protection.
Other than that, it is crucial to protect yourself by having strong and unique passwords for every online account you have. This is where managing your passwords could become a task of behemoth proportions – and where utilizing a password manager can save you all the time and hassle.
Why Weak or Universal Passwords are Dangerous
Considering the dangers that online users are up against, it goes without saying that it is time to rethink security strategies. For one, if you’re still stuck in the ‘one password to rule them all’ mindset, realize that one successful bid at gaining access to a single account will leave you completely exposed. The same goes for weak passwords that are easy to crack by brute force.
Passwords that you should refrain from using include; slight variations of your universal password, recycling/modifying old passwords, walking passwords such as ‘123456’ or qwerty passwords, favourite sports teams and superheroes, places (such as where you were born, or live) and names (such as your family name, first crush, childhood pet.)
In order for passwords to be effective – and effectively un-hackable – you need a completely unique password for each account – and each password should have a bare minimum of eight characters (although we’d recommend more.) It is also highly advisable to include a combination of upper/lower case letters, special characters and numbers.
Password Managers are Safe, Effective & Convenient
A safe and secure password manager offers an elegant solution to both combat cyber risks – and to conveniently access all your accounts without ever needing to remember another mile-long password. With one master password or master passphrase, you’ll have safe storage off all your remaining passwords.
That said, there are numerous password managers available… and the key is to utilize a service that has been rigorously tried and tested – and that has undergone all the essential checks to make the cut to be featured as a top password manager.
With many products on the market, we thoroughly test and assess leading password managers and provide our readers with and in-depth look into each product with an unbiased review. We delve into what each product offers, how they function and what to expect in terms of user-experience.
Password Manager Multi-Factor Security Methods
The standard software encryption methods that are inherently incorporated into the products are generally considered failsafe. With cybercrime being a hot topic however, many password managers offer the option to integrate additional security protocols to further protect accounts.
The most common is the option to utilize Two Factor Authentication (2FA). This offers an additional layer of security whereby the user is required to authenticate their login by a second means of verification, over and above the username and password. It is generally done by means a one-time-pin (OTP) or a code that is sent to a linked device. Some password managers use specific apps, such as Google Authenticator or Authy, to provide 2FA as a service.
There are other, less frequently offered multi-factor authentication methods that some believe strengthens the 2FA process. This is commonly referred to as Universal 2nd Factor (U2F) authentication and involves a specialised removable USB device.
All things considered, these added layers of security should not necessarily be your deciding factor when looking for a good password manager. Software companies are committed and intent on building their platforms to offer a secure solution, irrespective of whether you opt to add multi-factor authentication methods to the mix.
Online User Trends and Statistics – We’re Account Hoarders
We’re undeniably dependent (and hooked) on using the internet as a platform to conduct our everyday tasks – with everything from banking and shopping, to streaming services, general communication and social media being accessed remotely from PC’s and mobile phones.
A study conducted in 2015 found that it is typical for a single email address in the US to be associated with 130 accounts – and at least 90 accounts for the rest of the world. Yep, we are online account hoarders. This shows the enormity of our online exposure – and how crucial it is to mitigate any potential dangers.
In addition to the obvious security threat, there is the matter of convenience. Studies indicate that of the overwhelming number of accounts associated with a single email address, the average user resets the passwords for 37 to 49 of these accounts.
The emails to reset your password often include sensitive data such as email addresses and usernames – and either a link to reset a password, or a new password in plain text. This is very unsafe practice as it essentially leaves you vulnerable to malicious parties who might be attempting to uncover your personal and account information by simply accessing your inbox.
Moreover, these user trends are seeing a steady annual incline of 14%, which means the stats are effectively doubling every 5 years. This steady rise in projections shows the ever-increasing issue of users hoarding online accounts. The resulting problem is that for every account that lays dormant, an opportunity arises for hackers to slip in under the radar, steal your confidential information… and inflict mayhem.
To learn more about how to effectively manage your secure passwords online, visit www.dashlane.com