Anyone living in the modern world has a sizeable online presence. A person would usually have at least an email to mark their presence in the virtual world. Furthermore, you have online banking, social media accounts, online subscriptions, e-commerce transactions, and more.
What do all these online accounts mean? Passwords.
Juggling various online accounts only means two things for an average person: constantly forgetting their passwords or using an insecure password-for-all. That’s where password managers come in.
But, with a simple hack away from identity theft, can you trust password managers? Are password managers safe?
Why Do You Need a Password Manager?
If you have not heard of password managers, think of it as a book of your passwords protected by a master password that you only know. The master password is typically strong and in most cases, longer than your typical password.
Most, if not all, password managers will force you to use a unique master password. It is a common trade-off to protect the rest of your passwords.
Naturally, password managers minimize the hassle of remembering strong passwords. However, beyond managing your passwords, it also protects you in several ways.
First, password managers generate strong and unique passwords using letters, numbers, and symbols. And, because you only need to remember the master password, individual passwords need not be memorable. That is, the password manager can generate a long string of random letters, numbers, and symbols. Having such passwords prevents you from becoming a target of phishing attacks.
Second, the sheer number of online accounts that you have, such as bank accounts, social media, emails, and more can sometimes force you to reuse passwords. Or worse, you have the same password for all of your online accounts. It opens you to greater risks of identity theft! Password managers often have browser extensions that automatically enters individual passwords in each of your accounts without having to remember all of them.
Lastly, if you are in crowded or public places, it is easy for eavesdroppers to snoop while you are typing your password. Using a password manager removes the need to type your password every time you need access to your online accounts.
Are Password Managers Safe?
As with using any other software, there are several risks in using password managers. Knowing the risks will lessen the possibilities of those happening to you.
There is an inherent danger of “putting your eggs in one basket.” In this case, having all your passwords protected by one master password. One mistake will expose all of your online accounts to hackers. That is why password managers will always encourage you to create strong and unique master passwords.
Forgetting your master password may lead to unnecessary hassle. You are unlikely to remember individual passwords generated by the password manager. In the case that you forget the master password, you may lose access to your online accounts. While you can reset the passwords in each account, what if you cannot access your recovery email to do so?
A malware attack on your password manager can reveal all your passwords. If a malicious software gains access to your password manager, then it will have the ability to copy all saved passwords. It is especially dangerous if you have the passwords for your bank portals, emails, and other online accounts in the password manager.
Is LastPass or Dashlane Safe?
The scenarios above are real dangers that you should be aware of when using password managers. However, trusting a third-party application comes with its own risks. Most password managers offer synchronization across various devices such as your computers and mobile devices.
It means the password managers will have to upload your passwords to their servers. While popular services protect your data when transmitting between your computer and their servers, the real danger is the vulnerability of these servers.
It is important to examine real password managers such as LastPass or Dashlane to determine if your passwords are really protected in their servers.
LastPass claims to operate a zero-knowledge security model. That means even LastPass cannot access your data stored on their servers. The LastPass application encrypts your passwords using AES-256 encryption before it is synced to the servers. This method also protects you from man-in-the-middle attacks. In its history, LastPass only experienced a single security incident which was resolved right away without compromising any user data. What happens if they get hacked? You can read more about it here.
On the other hand, Dashlane summarizes its security measures in five key points:
- Your master password is never stored on their servers;
- Dashlane requires complex and unique master password which is only known by you;
- It claims to use the strongest encryption to keep your data secured;
- Dashlane stores your data with Amazon Web Services (AWS) which employs Amazon’s 24-7-365 protection and detection services on top of its native security methods;
- The Dashlane security system is continuously audited by paid professionals and white-hat hackers to ensure that no vulnerabilities exist.
For more information about how Dashlane handles security breaches, you can read more here.
Are Password Manager Browser Extensions Secure?
Just like any other browser extensions, password manager plugins are at risk, especially when accessing websites with existing malware. Most password managers offer browser extensions that can generate passwords on the fly, autofill forms, one-click login mechanisms, and more.
However, this selling point of most password managers is also a gateway to its vulnerabilities. Malicious entities can take advantage of design issues, faulty input validation, and several more flaws. And, they have done so in the past.
While it is continuously improving in terms of security, browser extensions remain to be the weak spot for most password managers.
Should You Stop Using Password Managers?
Your security relies on the type of password manager that you will use. Just as mentioned, you may want to avoid browser extensions that can be compromised really fast. Instead, use desktop password managers where you can copy-paste your passwords. It is a small sacrifice that you can do to avoid getting hacked.
Additionally, most popular browsers have improved the security of their native password managers. Google Chrome, Firefox, and Safari have continuously improved password protection throughout the years. These password managers are nice options for non-critical online accounts. That means you should still avoid using them for your online banking portals!
LastPass and Dashlane are actually viable choices. They employ several layers of machine-level and server-level security mechanisms. However, you should note that even with these protections, you should never let your guard down when you are online.
Secure Computer Means Secure Passwords
Think of password managers as just another layer to protect your data. Overall protection of your computer should still be on top of your list. Even with the most sophisticated security measures, your password manager can do nothing if your computer is infiltrated with malware.
Therefore, the best protection that you can do is to protect your computer from hackers by installing an effective anti-malware application such as MalwareFox. It reduces risks by keeping your browsers clean. That means you can safely use those password manager browser extensions. Also, it stops threats from adware, rootkits, spyware, and more even before they can start infiltrating your device.
Password managers are nifty applications to manage your countless online credentials. It helps you avoid resorting to weak passwords or worse, using the same password for all your online accounts. However, remember that you are putting all your passwords in one place. That means you have to be extra careful in creating, remembering, and storing your master password. One misstep and you could find yourself in deep trouble.
1 thought on “Are Password Managers Safe?”
Very informative comments. Thank you.
However I am still undecided.