Evolution Of Password Management - Let Someone Else Remember Your Password

In the previous part, I've told you that secure password are really complicated and not easy to remember.

This is where password managers come in handy. You only need to remember one strong password (called master password) and all the others are saved in an encrypted form. When you need one of them, you insert the master password and and the name of the service et voilà, your successful logon is just a copy n’ paste away.

Password managers are available both as programs and as online services. In both cases you have to trust the tool you are using (in particular, the encryption algorithm), and its creators.

Applications

There are many tools out there that you can use. Some are around since many years so probably they have been tested a lot also by security researchers. A good choice, in my opinion, would be an app that can run on multiple platform. This is because is very likely that you need one instance running on your PC and another on your smartphone.

The synchronization between the two should not happen through the cloud but via Bluetooth or direct connection. In this way you are pretty sure that the database with all your password will not be (easily) stolen.

[The basic solution is to put your passwords into a plain text file and scramble it with a good encryption program. This is quite naif but it works.]

Online Services

In this case, the most important thing is the security of the infrastructure. Online services may be subject to hacking (that ends up with your passwords be stolen or deleted) or DoS attacks (that may make your passwords inaccessible for some time).

Another thing to consider is the technique named phishing (I've described it in this post): not only bank login pages can be faked but also online password managers. Some of these attacks may be really difficult to detect. In this example, an attacker created a pixel perfect version of the login screen of the popular password manager LastPass.

Other posts in this series


Cover image taken from Pixabay licensed under the Creative Commons Public Domain Dedication license.

Luca Sommacal

Luca Sommacal

Italian developer (mainly in C for embedded platforms), Linux learner, addicted to rock music, history, science and few other things. Follow me on Twitter

comments powered by Disqus