Password managers are generally regarded as relatively safe, but are they secure ?.
Many in the information security domain would argue that it’s more risky to rely on writing down the password or simply committing it to memory than using a password manager.
This due to the fact that password managers offer encrypted solutions for creating and storing strong passwords that help keep your data more secure. They provide you with useful tools that are usually designed around best practices for password management.
This makes it easy for the user to develop and use good password management practices, while changing bad password management habits such as using no password all, or using something like “12345”, or storing your password underneath your keyboard or the worst yet leaving it taped to your computer screen.
PASSWORD MANAGER ENCRYPTION
All password managers secure your data using some type of encryption algorithm.
One of the most popular encryption algorithm is the (AES 256) Advanced Encryption Standard 256. (AES) 256 is a virtually unbreakable symmetric encryption algorithm that uses a 256-bit key to convert your plain text or data into a cipher.
No matter which encryption standard is used, the basic encryption process is still the same; that is, using a mathematical formula to scramble and unscramble your information so only you, the person with the key or password will gain access to the data.
WHAT IS A CIPHER
Ciphers, also called encryption algorithms, are systems for encrypting and decrypting data. A cipher converts the original message, called plaintext, into ciphertext, “a random string of characters”.
HOW DO PASSWORD MANAGERS WORK
Password managers provide the user with a secure space to store and retrieve their passwords.
When you’re using a password-manager and you need to access your account, you simply enter the master password into the password-manager. The password-manager then makes the password for the account you’re trying to access available so it can be copied and pasted, or typed into where it’s needed so the user can gain access to that account.
Some password managers support biometric authentication such as swiping with your finger, multifactor authentication using a pin provided by apps such as Google authenticator, or a device such as RSA-secureid for added layers of security.
Biometric authentication allow the user access to their data while denying hacking devices such as key-loggers the ability to capture your keystrokes as you type in your password.
Multi-factor to authentication requires the user to provide two types of identification before they can gain access to their account. This is usually in the form of a password and a pin.
The RSA-secureid device is a purpose built device that provides a pin, similar to Google’s authenticator, as part of the Multi-factor authentication process. The difference between the two is that Google’s authenticator is free and RSA-secureid is not.