Is it safe to use a password manager?

Is it safe to use password manager?

Short answer is, it depends.

Some of the reasons to start using a password manager are listed below:

  • We have too many accounts on the internet, keeping track of accounts becomes difficult
  • Having many accounts brings the
  • If the same password is used across all sites, then you are exposing yourself to password spray attacks.
  • Your passwords cannot have a pattern, because once someone finds it out they can use it to guess your other passwords. For instance, if your password pattern is sitename.somechars, for every site you change the sitename and somechars remain the same, then guessing your password becomes easy.

The best way to protect your accounts on websites is to:

  • Use passphrases, e.g. “I like to drive my 911 after dinner”
  • Random passwords, that are more than 12 characters long (If you are on a windows system, passwords greater than 12 characters ensure passwords are not cached, search the internet for Lanmanager and password caching)

Now the question is how do you track this?

Let’s say that you decide to write them in a book. Now the book becomes a single point of failure. Since we are on the move all the time, you will have to carry the book everywhere you go and ensure that you don’t lose the book.

This is where password managers come in handy. Almost all password managers have a cloud version, which means you can access your passwords from anywhere. In order to protect the passwords, you have to ensure that you use a password longer than 12 characters, and this is where passphrases are best used. Then you couple this with multifactor authentication (MFA), which gives you the best protection.

Almost all good password managers offer the following:

  • Passwords are encrypted when stored
  • The passphrase is only known by you, and the whole file is encrypted using this passphrase.
  • It can only be unlocked by you, using the passphrase and an MFA
  • Advises you if the passwords that you have created are similar to the ones on the dark web
  • If the passwords are weak
  • Allows you to change passwords for applications

You can add another layer of protection to your accounts on each website by enabling Multifactor Authentication (MFA) using Text, Microsoft Authenticator, Google Authenticator, etc just in case your password manager account gets compromised.

There is always a fine balance between usability and security, it all depends on your risk appetite. If you favour more security then you have to be willing to jump through more hoops to get to where you want to be, however it will cost you convenience and time. On the other hand, if you favour usability, it comes at a cost of getting compromised.

When you are using the internet, you have to be always ready to get compromised, it not a matter of “if” but really “when”.

If you want to be safe, unplug yourself from the internet!

If you need advice or discuss you information security needs , please book an appointment by visiting our site