Can You Trust the Security of Password Managers?
Today, you need a login for almost everything you do online beyond simple browsing. As a result, you’re likely to have multiple usernames and passwords to sustain your digital life. And to remember all those complex passwords, you use a password manager.
Can you trust the security of your password manager, what are the risks of using a password manager, and how can you enhance its security? Let’s find out.
How a Password Manager Secures Your Passwords
A password manager keeps your passwords encrypted in the password vault. You need to submit your master password to unlock your vault and decrypt your saved passwords.
Most password managers employ AES-256 bit encryption, which is military-grade encryption. The encryption key (that is often derived from your master password) to decrypt your vault is saved in the memory only while the app the unlocked. And once your vault is locked, the data from the memory is deleted.
All reputable password managers use zero-knowledge architecture, meaning your passwords will be encrypted before they leave your device. As a result, no one can read your passwords when they’re on the server of a password manager, even the service provider.
Many password managers allow users to set two-factor authentication to add an extra layer of security to their password vaults.
Also, reputable password manager companies regularly scan your login details for known data breaches. You will be notified if your password is found in any data breach. In addition, you can also run various reports to check the health of your stored passwords.
For example, some password managers allow you to check if you are using the same password for multiple accounts. You can also check if your password vault has weak passwords that you should change immediately. A few password managers also have a feature to share passwords securely with other users.
Autofilling feature of password managers can keep your passwords safe in the event of a Keylogger attack, for the autofilling feature rules out the need for typing passwords.
The Risks of Using a Password Manager
In the digital world, nothing is entirely safe. The same is true for password managers.
Here are common reasons why password managers are not safe:
- Password managers store passwords, secure notes, credit card details, or other sensitive data in one place. So security breaches can have severe implications.
- Though all good password managers allow users to back up their password vaults, not everyone does that. So, in the absence of your vault backup, you can lose access to your saved logins if the server of your password manager breaks down.
- It is not mandatory to use two-factor authentication. Your password database is less safe if you’re not using 2FA. Someone can easily gain access to your vault if they happen to know your master password.
- If your device is infected with a Keylogger, the threat actor may know your master password when you type it. Then, they can log in to your password manager and steal the logins of your online accounts.
- You can forget your master password, which often means losing access to all your accounts.
Last but least, not all password managers are created equal. There are secure password managers, and some password managers offer weaker encryption and fewer security features.
For example, browser-based password managers can’t detect weak or reused passwords.
Is the Security of Password Managers Questionable?
LastPass and OneLogin were hacked in the past. So a question comes–should people trust password managers? The answer is: yes.
Most security issues associated with using a password manager exist because of user behavior. For example, a user may not use a strong master password or enable 2FA, weakening the security of their password manager.
Only a few security issues arise from password managers themselves, and you can overcome those issues by using a good password manager.
There are certain features to look for in a password manager to be on the safer side. Pick a password manager that stores encrypted versions of passwords and follows a zero-knowledge policy. Also, check if your chosen password manager gets audited by reputed independent security firms as well as security researchers to confirm its security.
If your budget allows, you should use a paid password manager instead of a free one. This is because a paid plan offers advanced features to enhance security.
Exploring open-source password managers is a smart decision as they are generally safer than closed-source password managers.
How to Fortify Your Password Manager
The following are four tips to harden the security of your password manager.
1. Create a Strong Master Password
Your master password is the key to all saved logins. So be sure to create a complex yet easy-to-remember password.
If you create a hack-proof master password that you cannot remember, you are likely to save it on your system so that you can easily copy and paste it in your password manager. But saving a master password on a device is poor cybersecurity practice as hackers can steal your password in the event of a remote access trojan attack.
Therefore, it is imperative that you should create a complex master password that you can remember. Using a nursery rhyme, your favorite quote from a movie, and industry lingo can help you create an unbreakable password that you can easily remember.
2. Enable Biometric Authentication
Biometric authentication is more secure than a password or PIN. Most password managers these days allow users to enable biometric authentication to access password vaults. So enable it to enhance the security of your password manager.
A good thing is password managers now can use biometrics available on your device or operating system. This means Windows Hello for Windows devices, Face ID or Touch ID for Apple devices, and facial or fingerprint recognition on Android devices can be set up to unlock your password manager.
Once you enable biometric authentication, you don’t have to enter your master password to access your password vault.
3. Implement Two-Factor Authentication
Turning on two-factor authentication (2FA) will prevent threat actors from accessing your password manager on their devices if they have managed to get hold of your master password. So you must enable 2FA on your password manager.
If your password manager provides you with options to choose from email, SMS, or the authenticator app for 2FA, select the authenticator app option as it offers higher security.
4. Use a Good Antivirus Program
Installing a good antivirus on your device doesn’t strengthen your password manager’s security directly. But a powerful antivirus program protects your system from common types of malware attacks that can steal your master password.
For example, an antivirus program can block a Keylogger attack, which can potentially steal your master password when you type it to access your password manager.
A powerful antivirus program can also prevent phishing emails from reaching your inbox, keeping your master password safe from phishing campaigns designed to steal it.
Secure Your Password Manager to Stay Safe
You can trust the security of a password manager if you choose a reputed password manager company and harden its security. Make sure you pick the best password manager and enhance its security by creating a strong master password and implementing two-factor authentication.
Also, learn to organize your password manager to use it effortlessly.