Pass on password managers

Share

By Matt Bentley

Password managers, as the name suggests, store and manage your online passwords for the various accounts you have across the internet. I find them less satisfactory than my favourite method, Writing Things Down.

In the hands of a skilled user, password managers take the effort and stress out of dealing with the gazillion passwords and usernames/email addresses we tend to store with our various trusted internet services. But they come at a cost to the regular user.

Password managers generate a different password for each website. This is good and absolutely something that everyone should do. If someone breaks into, say, your Facebook account, the first thing they will do is grab your email address from the Facebook account and then try the Facebook password for your email. And then they’ll usually lock you out of both.

But let’s look at the way password managers generate passwords. They tend to generate non-memorable strings of numbers and letters that are effectively non-guessable in a rudimentary way. This is good, but it also makes those passwords impossible to guess for the end user, should they ever lose their access to the password manager, which is bad.

Password managers generally integrate into a web browser, thereby bypassing your need to run a special program to use them. This is good. However this also means that if you’re using someone else’s computer, or a public computer, you can’t use the password manager without logging into the password manager’s website and accessing your passwords that way. This is bad.

Lastly, password managers and their hosts, while significantly improved over previous years, are not infallible. It wasn’t so long ago that one of them (Lastpass) got hacked and the master passwords for a whole mess of accounts got stolen. This didn’t rely on knowledge of the users’ passwords, just some basic internet security flaws.

In short, if you know what you’re doing and are more technically savvy, password managers like Lastpass and Dashlane can be a godsend, particularly if you’re logging into a ton of websites. But for the casual home user, they are probably overkill and have significant downsides. You’re almost invariably better off following basic security measures as follows:

  • a. make a different password for each website
  • b. make long passwords that are easy for you to guess, but not anyone else
  • c. Write Passwords Down in an alphabetised notebook with the name of the website, the username/email address associated with the account, and a date
  • d. enable 2-factor (cellphone) authentication on every account you can.
  • Matt Bentley is the repair guy at Bentley Home PC Support. Need help with your internet security? Phone Matt at 0211348576 or email: info@homepcsupport.co.nz 

Leave a Reply

Your email address will not be published.