Do we need a password manager ?
by CIRT Team
The proliferation of technology has paved way for us to consume various services from ordering food online, to communicating with our loved once via social media. As all of the services we access via the internet are usually separate entities, we need to provide password for every website. Although many sites allows us to access their services using a common authentication mechanism like OAuth but they are not as popular as expected because of the growing privacy concerns which have refrained many users from using this feature.
From a security perspective, it is not advisable to use the same email and password combination for multiple websites. The primary reason behind this is, if a data breach occurs in one of those websites, all other accounts could be compromised. An attacker can gradually work their way in to other sensitive sites like bank account and social media. Such activity by an aggressor can cause significant discomfort and lead towards various complications. The outcome of using same email and password combination for every site could be severe if the user is unaware of a certain data breach and does not take any precautions.
Some users like to keep a spreadsheet or text file to keep track of their authentications for various sites. This method has its own flaw as well. If the user’s workstation becomes inoperable or even worse, stolen, all the precious data can either be destroyed or fall into the wrong hands. With such file at the attackers disposal, he or she will be able to control various aspects of a persons digital life.
Many other users also likes to keep their private information stored in a physical place like diary or notebook. Although considered quite safe because they are not digitally stored and have less dependency on electronic devices, it also have many potential downfalls like updating the information and portability. This is why most of us do not consider this method to store all of our credentials.
All of these problems are solved by password managers. They are a program with allows a user to store his or her password safely. As the access to this application will controlled by a single password, it should not be difficult for a person to remember one password to unlock the manager and use random passwords for every other websites. Such systems can now be installed on system, loaded in the browser and can even be accessed using mobile phone using app. The primary purpose of this application is to provide a mechanism by which a user can store password safely and retrieve easily.
Advanced features like autofill, autosave, password generator etc is also seen in many of these applications. Such features provide its users with a mechanism by which the user can easily fill login using a single click or save the entered password in the form.
In recent times, the cloud versions of password managers are gaining popularity because of their features and synchronization between multiple devices in different platforms. It is now possible to manage hundreds access to various sites easily because of cloud edition.
The security of the password manager is also being asked by many as all of the authentication data will be stored in a central location. Will the developer of that application view and can it be hacked? Undoubtedly, no system is considered fully secure and an attacker might gain access to the data stored in the server. Fortunately, all the passwords are encrypted using strong encryption algorithm prior to storing them on their servers. Thus even if the developer were to gain access to the data, they will view it as encrypted and without the decryption key, they are inoperable.
Moreover, two factor authentication is being used by many of these applications thus making it more difficult for an attacker to gain access to your password vault even if the password is compromised.
Regarding cost, basic features are usually free for most of them and for advanced services, subscription is required. There are also services which are available in the market including open source. Open source products allows you to look into the source code and check whether the developer has written down the codes which he have promised.
Each of the product has specific features suited for a particular need. You can read more about them in their website and name of some of the most popular password managers are given below:
1. Bitwarden
2. LastPass
3. Dashlane
Using a password manager is highly recommended because it not only makes your life easier but also secure.
Rezaur Rahman
Incident Handler, BGD e-GOV CIRT