*Are Password Managers Safe?

TechViews News   …..

Every time we hear about another data breach in a major company we hear the same plea, ‘change your password’. By now the average Internet user has multiple online accounts for shopping, banking, health care, and other sites that require you to log in. There are also those passwords that are necessary for logging in and using email.

The vast majority of people use the same, or similar, passwords for most or all of those accounts. And why not? It’s almost impossible to keep track of a large number of passwords, much less remember them.

And so, the Password Manager was developed. It’s a small piece of software that takes your login information for any account, and generates a unique, secure password just for that account.

That password is stored inside that password manager software for recall whenever you log into an account, and automatically fills in the password and other information necessary for you to access all your online accounts. The beauty of this is that you only need a master password to log into the password manager and the software handles the rest.

What a time saving tool right? Well, not so fast.

But what if you lose or forget your master password? Then most likely everything stored in your password manager is lost. Or if your password manager is stored in the cloud, like LastPass or Dashlane, and those online servers get hacked? You could lose everything again.

Maybe you use a local password manager like KeePass that stores your passwords in your computer? If you have a power outage and your computer crashes resulting in total data loss, you are probably going to be at a loss there as well. Not to mention any sort of data breach where everything is stolen. Yup, there as well.

But some people have been hesitant to trust such a service to protect the keys for their entire digital lives – and rightly so. LastPass, one of the leading password managers, recently discovered a security flaw with its program that could have let hackers steal passwords. The “major architectural problem” was discovered by a security researcher at Google and forced LastPass to urge users to be careful using its service.

It isn’t the first time a credential management firm has suffered a problem of this scale. 1Password, another manager, was criticised in 2015 for leaking users’ bookmarks.

The news led some experts to warn users against password managers. “LastPass isn’t alone: KeeperDashlane and even 1Password have had severe vulnerabilities that allowed attackers to steal all of the passwords in a user’s account without their knowledge,” said Sean Cassidy, chief technology officer of Defence Storm.

“Browser-based password manager extensions should no longer be used because they are fundamentally risky and have the potential to have all of your credentials stolen without your knowledge by a random malicious website you visit or by malicious advertising.”

Despite fears, most experts in the field agree that password managers are still the safest way to secure online accounts. “I really, really hope this doesn’t put people off using password managers,” said Professor Alan Woodward, a cyber security expert at the University of Surrey, responding to the LastPass news. “In this day and age we have so many passwords and they need to be strong so you can’t remember them.

“Ideally we’ll start to move onto other forms of authentication like biometrics. Bur for now password managers are still the best option.”

He added that the benefits of password managers outweigh the risks, but that software is vulnerable and users should be careful when choosing their service.

When researching the best password manager, users are advised to check reviews and details about the companies behind the services.

“You really need to know that there’s a substantial organisation behind it, because there are a lot of free managers out there that are run by a man and his dog,” said Professor Woodward. “You really need to do a bit of due dilligence, don’t just pick the first one you see because it’s free.”

In addition to using a password manager, Professor Woodward advised that people should, where possible, turn on two-factor authentication. “People find it inconvenient, but convenience can often be the enemy of security,” he said. “You need to accept now that there are so many breaches that that extra step is really worth the effort.”