It becomes a hectic task to create and remember the password for different social and online accounts. You also have to have a unique password for each account(read why). These online services suggest and sometimes make it compulsory to fulfil the password conditions such as password must be greater than 8 characters, must contain at least one letter, one uppercase and lowercase alphabet and one special character. For example — [email protected]#. This makes things worse. Remembering these kinds of passwords is difficult.
To cope up with this problem, you have a great solution named “Password Manager”.
What is a password manager?
A password manager is a software or web application that generates strong, complex passwords, stores them in an encrypted format and retrieves them when needed. It manages all your account passwords efficiently and securely. You only have to set one master password to access all your passwords and other information stored in a password manager. Your master password is the key to unlocking all your passwords stored in password manager.
Types of Password Manager
A password manager can be categorized based on the type of storage, the encryption or other features it provides. Based on where the passwords are stored, password managers are of three types:
Most of the password managers provide software application to install on the end user’s device such as a personal computer, laptop, tablet or smartphone etc. The application can work offline while the database containing encrypted passwords is stored locally on the same device. However, some applications store their password database on their cloud storage and manage all the actions through the software application installed on the user’s device.
The biggest disadvantage of these password managers is the threat of losing passwords due to the damage caused to personal devices. The threat includes a compromised computer or a crashed hard drive etc. So it is important to backup your passwords to another secure physical device.
All the activities that you do on local software application can also be performed on the web-based password manager. The only difference is that it works online. Its a web-based version of an offline password manager.
The web-based password manager stores password on their own physical servers or cloud servers. This type of password manager eliminates the hassle to install any application on the system. The other feature is it is portable and can be used from anywhere as long as there is an internet connection with a web browser. Online password manager allows you to automatically log-in to accounts thus preventing you from possible keystroke logging attack as you don’t need to manually type in the password.
There is also no threat of losing passwords due to damages caused to devices. But the user has to trust the service provider and their servers, because of the fact of increase in hacking servers. You have to make sure that the company is using strong encryption standards for storing passwords.
Most of the popular web browsers have a built-in option to store and manage user passwords in their integrated password manager. However, they do not provide an option to encrypt passwords. So anyone with access to your computer can view your passwords.
However, some browser like Firefox and Chrome have a master password to lock and unlock the passwords. Chrome browser has enabled two-factor authentication in its Google Password Manager platform which provides extra security.
The problem with these password managers is with cross-compatibility. You can use them only on the desktop platform.
Token-based password managers provide a high level of security wherein a hardware device such as a smart card or a secure USB device is required to authenticate a user. So it provides multi-factor authentication. It is definitely more secure than just asking for a master password. Even though it is not recommended for non-technical users because of its high complexity.
Why you should use a password manager?
There are lots of benefits to using a password manager. I have listed below some points:
- Takes the hassle out of creating and remembering strong and unique passwords.
- Generates strong random passwords which are difficult to guess and cannot be cracked by a brute-force attack.
- Stores all your passwords in one place in the hash format by applying strong encryption algorithms.
- Provides you with a feature of logging in automatically. This eliminates cyber attacks such as phishing, keystroke logging and shoulder surfing.
- Portability — User can access password manager from anywhere in case of a web-based password manager.
Which one should I use?
It’s up to you. All the password manages more or less work in the same way and provides similar features. The question will be which type should I go for?
I strongly recommend not to use browser-based password managers as they have low security. You can use token-based password managers if you want very high security but if you are a normal user, I would suggest using either desktop-based or web-based.
There are many good password managers out there in the market which have a free version which does the work pretty well but you need to upgrade to paid version to get better features. Some of them are Dashlane, Lastpass, Keepass, 1Password etc.
Dashlane is a desktop-based password manager but allows you to use it from anywhere. LastPass synchronize your passwords across all devices. 1Password uses a combination of master password and secret key for multi-authentication to provide high security. Keepass is a free and open-source password manager who provides you full access to its source code. It is also portable. You can create its bootable USB stick and use it on any windows system.
Though advanced authentication mechanism such as biometric authentication has been introduced in everyday life, it has not completely replaced the password mechanism. And I don’t think they(passwords) will vanish in the near future. Hence, a password manager is a must for effectively managing your passwords and making hackers try harder to hack you.