What is Password Managers and Security
Password managers now from time to time debates will come up
about you know now at this point I want to acknowledge the many sources we can
delve into trying to understand whether password managers are good or bad we
first need to understand something about the security of passwords what makes a
password strong what makes it weak only after we've understood that can we add
password managers to the equation and see how it changes things up so yeah
let's begin by discussing what makes a password secure to understand that we
must first look at some of the ways in which passwords can be compromised first
and foremost the easiest method is to use a brute-force attack and what that
simply means is well you try every possible combination until you break through
that is in fact the most straightforward way to crack a password however this
is generally not practical because there are many combinations particularly
with a long password and they' take too long phone you can a fast computer to
crack however they're actually some techniques a hacker can use to sort of
optimize this process but these methods are based on assumptions about your
password for example a hacker can use a common passwords list this represents
one of the weakest passwords out there if you pick some of the popular words
that are used for passwords for example password another common technique is a
dictionary attack they'll try to see if your password contains dictionary words
that also you know reduces the possibilities that they have to search for and
that is why this is one optimization technique as well of course you can beat
both these techniques by using a password that is more or less random we've just
discussed basically assume that well the hacker hasn't stolen the password
directly from you you see as it turns out none of these techniques we've just
discussed is particularly easy to pull off because it involves a lot of trial
and error and sort of fighting with the encryption algorithm because these
algorithms are generally very rigorous and secure in fact they might find a
weaker link in this whole chain and that is you the user there are many
techniques in which they can try to steal your password without even going near
the algorithms one famous example of this is phishing phishing of course
involves sending you an email that appears legitimate and thus tricking you
into entering a password that they can actually intercept that of course means
that the attackers don't have to go to the site itself and try their luck
because you are willingly giving up your password this is just one of the many
techniques within the white umbrella called social engineering and yeah it's
actually a very white subject so it might come back to it at another time but
there are many ways to actually trick you into giving up your password
willingly Ida techniques they can use involve them watching you and sort of trying
to understand your habits and
using that to figure out what you might choose as a password alternatively another way is it just install malware on your computer for example if they install a key logger everything you type in gets captured and that's how they steal your password so with this understanding of all the different vulnerabilities let us now move on to password managers let's try to understand how they can make things better or what additional risks they pose first let's try to understand what a password manager is and in doing so try to understand what are some advantages it may confer first and foremost a password manager is simply an application that stores your passwords for you obviously a good password manager will encrypt this information so that it cannot be easily stolen so right off the bat we see the most fundamental advantage of a password manager and that is the fact that you don't have to remember all your passwords you just need to remember one and that is your master password to get into the password manager and from that you will see the rest of your passwords of course that is the most basic most modern password managers let you do a lot more for example they can generate secure passwords for you for all your websites they can store your passwords to the cloud so you will never you don't have the risk of losing them and they can even autofill forms for you other site advantages that a passive major may confer is that they may just encrypt any fault they can also help you change your passwords rapidly across all the sites you have registered and they can even implicitly protect you against phishing attacks because if you're on a fishing web page the form will not autofill so yeah they're actually a lot of advantages which is why many people agree that you should use a password manager many argue that you are the weakest link when it comes to you know managing your passwords particularly because it's very difficult to create a password that is strong that is unique across all the websites you use and is something that you can actually commit to memory I guess that is the unfortunate thing about being human which is why I think some people agree that using a password manager can help us mitigate some of this risk having looked at the advantages of password managers that has now shift our focus to the disadvantages the first and biggest complaints about password managers is the fact that you're putting all your eggs in one basket your password manager represents a single points of failure if you lose your master password it's equivalent to losing all your passwords if the service provider of a password manager actually gets breached somehow even though this is extremely unlikely you will also lose all your passwords in one fell swoop of course the simplest way to reduce this risk is to remember the most important of your passwords so that even if something happens you are still able to salvage the situation I guess all the complaints about password managers can be bought down to this one statement and that is you are at their mercy basically you can only be as secure as the password manager itself is and
unfortunately a lot of the time we are not really well equipped to figure out
whether a password manager is secure or not of course this generally isn't a
problem if you pick a reputable password manager read around and try to
understand you know what's available out there before making your pick this
allows us to wind down to our conclusion and I want to take this time to point
out a very important effect and that is that there is no such thing as absolute
perfect security ultimately all you can do is to manage risk as mentioned
sometimes the user is the weakest link in the chain which is why password
managers are recommended most of the time a password manager doesn't mean you
are absolutely secure but if in your use case they can give you a boost in
security then it's something you can consider using I think the most important
thing at the end of the day is for any user to understand what makes a password
strong or weak by understanding where the vulnerabilities are we can make more
informed decisions so yeah to reiterate basically you want to choose the
password that is strong in other words one that is complex memorable and also
not repeatedly used across multiple sites safeguard yourself against malware by
making sure that your computer is up to date and that you have good reputable
anti-malware software that is also up to date finally safeguard yourself
against social engineering attacks if you never ever give out your password to
anyone then chances are well you've minimized that risk keep an eye out on the
URL bar whatever you're entering your password so that you don't fall victim to
a phishing attack basically that's all there is for this particular article I
know we've gone a very long way we've talked about password managers we've
talked about you know good security in general but I think all of this is
important ultimately at the end of the day it is your decision whether or not
you want to use a password manager but ultimately if you understand what you're
doing well you'll be all right...
using that to figure out what you might choose as a password alternatively another way is it just install malware on your computer for example if they install a key logger everything you type in gets captured and that's how they steal your password so with this understanding of all the different vulnerabilities let us now move on to password managers let's try to understand how they can make things better or what additional risks they pose first let's try to understand what a password manager is and in doing so try to understand what are some advantages it may confer first and foremost a password manager is simply an application that stores your passwords for you obviously a good password manager will encrypt this information so that it cannot be easily stolen so right off the bat we see the most fundamental advantage of a password manager and that is the fact that you don't have to remember all your passwords you just need to remember one and that is your master password to get into the password manager and from that you will see the rest of your passwords of course that is the most basic most modern password managers let you do a lot more for example they can generate secure passwords for you for all your websites they can store your passwords to the cloud so you will never you don't have the risk of losing them and they can even autofill forms for you other site advantages that a passive major may confer is that they may just encrypt any fault they can also help you change your passwords rapidly across all the sites you have registered and they can even implicitly protect you against phishing attacks because if you're on a fishing web page the form will not autofill so yeah they're actually a lot of advantages which is why many people agree that you should use a password manager many argue that you are the weakest link when it comes to you know managing your passwords particularly because it's very difficult to create a password that is strong that is unique across all the websites you use and is something that you can actually commit to memory I guess that is the unfortunate thing about being human which is why I think some people agree that using a password manager can help us mitigate some of this risk having looked at the advantages of password managers that has now shift our focus to the disadvantages the first and biggest complaints about password managers is the fact that you're putting all your eggs in one basket your password manager represents a single points of failure if you lose your master password it's equivalent to losing all your passwords if the service provider of a password manager actually gets breached somehow even though this is extremely unlikely you will also lose all your passwords in one fell swoop of course the simplest way to reduce this risk is to remember the most important of your passwords so that even if something happens you are still able to salvage the situation I guess all the complaints about password managers can be bought down to this one statement and that is you are at their mercy basically you can only be as secure as the password manager itself is and
No comments:
Post a Comment