The Problem with Password Managers
Get the latest in privacy tips and news with Cloaked’s team of tech experts, engineers, and security professionals.
In 1961, the first computer passwords were created by Fernando Corbato to moderate the use of MIT computer systems.
By 1962, a researcher by the name of Allen Scheer, fed up with the computer time constraints, had figured out a rudimentary hack that allowed him to “game” the system and increase his weekly access.
The moral of the story? As soon as we figure out a new way to ensure our personal security, someone will find a way to break it.
While many password managers have avoided mass attacks, there have been enough data breaches to warrant a closer look at how password managers work, and just how effective they really are at protecting our info.
Password Managers — let’s take a look under the hood.
Nowadays, the average person has 80+ passwords, with some exceeding more than 150 when involving work and school accounts. Considering that the average person’s working memory can only hold onto about 7 words at a time, it’s understandable that we would look for a better way to manage our online access.
Enter the password manager.
Password managers act as a single repository for passwords and account credentials. You can store autofill details, change passwords, and manage some account aspects all in one place.
However, not all password managers are created equal.
At the risk of oversimplifying the technological diversity, we’re going to explore only three types of password managers.
The first is broadly known as the browser-based password manager. These are the systems that come automatically attached to browsers or software that’s downloaded to your computer or network.
Think Microsoft’s password management system (which can extend to the edge browser and products like Office) or Google’s “built-in” password manager.
Next, we can consider the closed system password manager. These are usually applied when using a professional intranet (a closed network that can’t be accessed outside of the organization) that deals with sensitive information.
Any time you’ve had to access a school or library computer system that stored a password unique to their facility, you’ve likely used a closed system password manager.
Last, we’ll talk about password management applications (apps). A password management app is a type of downloadable software that uses encryption to store your credentials safely and securely (most of the time).
Apps have quickly become the most widely used password management systems. The key is to do your due diligence before choosing one. Using an app to manage your passwords is a long-term relationship, so make sure that the software is secure, user-friendly, and versatile.
Are password managers really secure?
All password managers use encryption either locally (on a specific machine or network) or through their own servers. The advantage to using a password management app is that the server can recognize your login credentials and work across all of your devices. If you lose your phone or laptop, you don’t risk losing your passwords along with them.
For the most part, password managers tend to be relatively safe. However, a 2018 study conducted by the University of York, England, found that Dashlane, LastPass, Keeper, RoboForm and 1Password all had weaknesses that could be exploited to expose private info.
After these findings, many of the aforementioned password management companies strengthened their security to account for holes. But the study proved that where there’s a will (along with a skilled hacker), there’s often a way.
Fortunately, with many of the updates, even if a hacker is able to gain access to saved information in a password manager, the credentials will remain encrypted — making it even more difficult to break through privacy defenses.
Another thing to consider is the security of devices themselves. If you haven’t taken advantage of biometric security, 2FA, pins, and additional measures on each device, then you risk having passwords compromised should the device be stolen or even borrowed.
What can you do to improve your personal security?
There are some simple actions you can take that will have a significant impact on the security of your passwords and personal info.
- Choose a secure password manager that allows you to store credentials, generate new passwords, manage auto-fill data, and control communication channels all in one place
- Don’t use the same password for different accounts
- Use longer passwords (at least 13 characters) that include special characters and numbers
- Take advantage of random password generators included in your password managers
- Change passwords every 4–6 weeks
- Don’t use common themes for passwords
- Refrain from sharing passwords, and if you must, change the password as soon as possible
- Don’t write passwords down on hardcopy or list them in a computer file
- Make sure that your device is difficult to access by taking advantage of all possible security features
Stay informed with Cloaked!
Just follow us on Medium, send us some love on Facebook, and find us on Twitter under the username: @keepitcloaked
If you’d like to sign up to participate in a future beta testing cohort, we’d love to have you! Just click here to join our waitlist and let the fun begin — no joke, we really are fun!