Password managers aren't perfect, here's what you need to know


April 26, 2019

It seems we are constantly being asked to make new accounts and new passwords online. These websites often ask for specific password requirements. It’s not surprising that many people struggle to remember all of those uppercase letters, numbers, and special characters. This is why turning to password managers can seem like an ideal solution.

What are password managers?

Password managers are programs that store and encrypt your log-in information. Using these means you only need to remember the password for your password manager. You no longer have to worry about all of your individual passwords. They are also more secure than having your browser remember your passwords, which allows anyone using your computer access to your accounts. In most cases, password managers increase your computer security. However, merely choosing to use a password manager doesn’t make your data and personal information safe.

Password managers can't guarantee complete security, but some are more secure than others. A password manager from a company with cloud-based information storage could lead to hackers gaining access to your passwords. If the company has access to your passwords or information, it means hackers can target both the company and your information. Password managers that store all information locally are more secure than cloud-based systems. However, they are often harder to use, less convenient and don’t sync across multiple devices.

Dual-Factor Authentication

Another important security feature is a dual-factor authentication. Simply put, dual-factor authentication is an extra layer of security that ensures anyone trying to gain access to an online account, is actually who they say they are.

This is accomplished by asking a person to confirm their identity in multiple ways. In most cases, the first step is asking a user to enter their username and a password. Then, instead of immediately gaining access, the person has to provide another piece of information. This second factor could be any one of the following:

With dual-factor authentication as a security measure, a potential compromise of one factor won’t unlock an account. So, even if your password is stolen or your mobile is lost, the chances that someone will have your second-factor information is highly unlikely. When coupled with a password manager, it will be almost impossible for anyone that shouldn't be logging into your password manager, to actually gain access to it.

Examples of security breaches

In recent years, companies such as OneLogin and LastPass have been hacked. With cybercriminals potentially gaining access to the passwords of thousands of OneLogin customers. Keeper, which is a password manager that came bundled with some Windows 10 machines, also included a bug that made saved passwords vulnerable to theft. 

Using a password manager is a better option than using weak passwords or reusing the same password across sites and platforms, but it’s important to realize that any system has vulnerabilities. In order to minimize risks, change your master password regularly, monitor communications from your password manager, choose a manager that stores data locally, and keep your computer account itself secured with a strong password. Being aware of the potential pitfalls in using a password manager makes it much easier to take a proactive approach to your computer security. 

Contact Appsonnet today to find out what we can do for your business and technology.
Email Sales or call 1.416.362.8867