Password managers key function is to provide a personal database of your online credentials. Modern password managers come with many functions often including, automatic strong password generation, multi-device sync and will notify you about insecure or re-used passwords.
As well as convenience, a good password manager will bring many advantages to the user’s online security.
One of the biggest threats to online accounts is insecure and reused passwords. Many individuals will use the same password across multiple sites. If an attacker was to gain this password, they could use it to log in to other sites this password was used on.
The advice to use password managers may appear confusing, as the advice for password management has always been to never write passwords down.
Password managers are specifically designed for the purpose and include the necessary precautions to assure that passwords are secured. This includes encryption of records, with an unrecoverable decryption key and enforced multifactor authentication.
Encryption of records means that all of the data stored is scrambled, so if it was to be intercepted or accessed by an attacker it would be meaningless. The key to unscramble, known as decryption, should not be accessible by anyone except the account holder of the password manager and if it is lost it should be unrecoverable.
Multifactor authentication is the requirement of multiple methods of identification before a user can log in. The most common implementation of this is requiring a knowledge factor (typically a username and password) and a possession factor (such as a text message code on your mobile phone).
This makes them far more secure than storing data in a document or on a piece of paper.
However, password managers are a prime target for attackers due to the highly sensitive information that they are guaranteed to have stored.
A recent attack against a popular security suite provider that provides password management as well as additional features, such as device protection, cloud backup and parental controls saw an unusually large volume of failed attempts. This often indicates an attack. An internal investigation into this attack found that a number of the customer’s accounts had been compromised with a potential leak of passwords. It is believed that the cause of this attack was accounts without multifactor authentication enabled and reusing insecure passwords.
Despite the high consequences of a breach to password managers, they are still recommended by Cyber Wise and many other experts.
If you do decide to use a password manager for yourself or your business it is critical that you choose a secure and effective solution. If you would like to discuss this with our experts, please click here.