User login

Password Managers and You

Mar
31
 

Password management software one of the most important pieces of technology that you most people don’t use. At the most basic level a password manager will store sensitive data like passwords and credit card numbers in a virtual wallet that you can access with a single master password. It will then use that data to automatically fill out the forms on websites that you designate, saving you time and freeing you from having to memorize countless passwords.

Because your password manager will auto fill in your information in at sites you have selected you get some protection against phishing, if the data you expect to see filled in is missing it means you probably have been redirected to a phony site. 

It turns out humans are good at patterns and bad at randomness, pretty much any password you can come up with naturally that you can remember easily will have weaknesses that makes it easier for a program to guess it. Password managers will actually generate your passwords for you, and since you don’t need to remember these you can have unique passwords like 7yr+8sg;V2.NZvfG!FTzT{+~4R4dTD generated for each site you use. 


I recommend people use KeePass, it has consistently been rated one of the top password managers, and of those few it is the only one that is open source. Open source is more secure than proprietary systems. No matter what there are going to be smart people trying to break into the system, and it turns out that you are always better off having lots of smart users keeping an eye on things in public rather than a small group behind closed doors.

Once you start using a password manager you are now putting all your eggs in one basket (unless you were reusing your password, in which case you were anyways) so it makes sense to make sure that your master password as strong as possible. It’s ok if it is a little tricky to remember since now it’s the only password you need. I suggest using the Diceware method to create a six or seven word password. Once you have the password DO write it down on a piece of paper, you are probably going to need the help to memorize it. Conventional wisdom says not to write it down but realistically anyone that is digitally trying to access your files will not have access you your physical notes while anyone who mugs you or breaks into your work/home has little interest in your digital belongings. If you are dealing with information important enough that someone might go after it physically then you should either consult an expert or be one yourself, not just going off what you read on a random internet article. 

KeePass is a purely local manager where the the data is never synced or stored anywhere online. You can put it on a thumb drive and take that from machine to machine or if you are not to worried about it being online you can use Dropbox to sync it across devices. If you prefer a cloud based manager LastPass is the way to go, it has all the features you would want, is reasonably priced, and is pretty responsable. They had what potentially could have been a breach in 2011 and handled it quickly, transparently, and well.

Apart from password managers you should have HTTPS enabled, HTTPS Everywhere is a good tool for this,  it’s easy to use and can protect you from a lot of malicious activities while browsing the internet. If you want more security and are willing to deal with a bit more work it is worth looking into encrypting your hard drive with something like Veracrypt and sending your internet traffic through a VPN or Tor