We have discussed individuals’ repeating passwords or just using ridiculously dangerous ones so often that one may be inclined to shrug and let digital nature take its course. However, there is one instance where technology has provided a solution to a human problem: password managers. Of course, before entrusting an app with all your login credentials, you may wonder: are password managers secure?
What is the mechanism through which password managers operate?
The password manager operates in a pretty straightforward way. It is a program or browser add-on that detects when you input login information into a website or app. If you want to store it and are asked to do so, the data is encrypted and sent to the app’s password vault for later use. The user may then use that information to log in easily wherever and whenever they are, as long as they remember how to use the password manager.
What level of security do password managers provide?
While nothing is completely secure online, a decent password manager (read: a paid membership with positive ratings) will have a slew of security measures in place to keep your data safe and secure. What they have to work with is as follows:
Encryption
Password managers protect your data using the industry-standard AES-256 method, which no machine in existence is capable of cracking within a lifetime.
Zero-knowledge
This implies that before the password is sent to the vault, it is encrypted. If the server is compromised, the hackers will discover an unreadable mess. Meanwhile, some services just keep passwords on your device, which is slightly more secure but much less handy.
Only a single password
This section discusses the human component of the equation. If you had to remember just one password, you could probably memorize any random string of letters, numbers, and punctuation marks. This is much more difficult to do when each website and app requires a unique password. By requiring just the password manager’s login, the temptation to be lazy and simply set the password to “12345678” is reduced.
Passwords that are secure
A machine is capable of creating a better password than you are and storing an infinite number of such passwords. Thus, when it comes to logins, all of your accounts will have the same degree of security.
Two-factor authentication
By requiring you to validate your login on another device, 2FA improves the security of your accounts. This makes it more difficult for anybody who obtains your password manager’s password to get access.
Biometrics
Why not make 2FA even more difficult to break and manipulate by adding a second lock to your password manager using your fingerprint?
Threat surveillance
Certain password managers even alert users when their passwords have been compromised, encouraging them to update them.
Is it possible to hack the password manager?
Technically, a password manager might be compromised in some manner. However, as previously said, encryption renders this useless.
It is much simpler to compromise someone through phishing. For instance, you may be duped into installing keylogger malware on your device, which will record your password manager’s master password. Similarly, a hacker posing as a helpful expert for the creator of your password manager may dupe you into disclosing your login credentials (once more for the people in the back: no real company will ever ask you for your login and password).
Given that phishing is something that can only be avoided by diligence, I would argue that password managers are pretty secure.
What constitutes a secure password manager?
By and large, a decent password manager will need a premium membership and a large number of positive ratings. Several recent notables include the following:
- NordPass
- LastPass
- 1Password
Of course, we always encourage you to do your research before diving in!
The password manager must be relied upon
We are not suddenly going to have fewer websites and applications to log into. That is why it is critical to continue using strong passwords. To do this, seek the assistance of a password manager to safeguard and encrypt such logins. Additionally, try NordVPN to encrypt your internet activity.