You may remember our blog -Top 5 most common passwords – do yours appear in the list? - which outlined some big no nos when choosing a new password (if you haven't read it yet, we recommend that you do). As some of our clients use password managers (PM), we thought we would build on that by providing you with the pros and cons of using one.
Pros:
- Humans can be unreliable as they can come up with bad passwords, forget their password, or are genuinely disinterested in security. With a PM there is no need to worry about remembering all your different passwords.
- Using the same credentials for each account is dangerous as it creates one point of failure.
- Good password managers encrypt all your personal data in case someone hacks the PM software directly; the hacker might get your passwords but they won’t know who the passwords belong to.
- PMs can keep you up to date with the latest breaches and advise you if any accounts may have been affected/hacked.
- Can use offline password manager (not stored on the web/not a web browser plugin).
Cons:
- Single point of failure - if someone gets hold of your master password, they have all your passwords.
- Password manager programs are a target for hackers.
- It's not easy to login using multiple devices.
- If the main password is used/typed/saved on a computer with malware, your main password can compromise all your other passwords controlled by the PM - all your passwords are only as secure as your master password.
- Not all PM's are adequately encrypted which can render the whole process of setting one up useless.
Perhaps the simplest advice we can give, is to have two factor authentication when possible. Two factor authentication is a two step verification that along with your password and username, requires another level of authentication. Hence, if someone gets hold of your password, they won't be able to proceed without entering the next level of authentication. e.g. Google Authenticator.
Also, always make sure that your email password is secure and changed often. Computers are always at risk of malware and at the end of the day, all password recoveries go to your email. If your email is compromised, a hacker can get access to all your accounts by doing a simple password recovery. The only place you should have it written down, if at all, is on a piece of paper kept at a safe location.
Another good idea we’ve come across is to have two notebooks. In one notebook, put your account data and a corresponding serial number. In the second notebook next to the serial number, write down the corresponding password. Always make sure the second notebook is kept in a safe place, in case you forget one of your passwords.
It’s important to mention thatthere are no silver bullets. No password is ever 100% secure but there are definitely ways that you can make it harder for hackers to get hold of your password. Common sense goes a long way. Not opening any suspicious links or emails from people you don't know is always a good start, and making sure your operating system is always up to date with the latest security updates is crucial in many cases.
FAQs
One of the significant pros of a password management system is that all passwords are stored in one place. But the flipside is that password managers can become a single point of failure. If a password manager itself is hacked, an organization is potentially at an even bigger risk than if just one password was leaked.
What are the pros and cons of a password manager? ›
One of the significant pros of a password management system is that all passwords are stored in one place. But the flipside is that password managers can become a single point of failure. If a password manager itself is hacked, an organization is potentially at an even bigger risk than if just one password was leaked.
What are the advantages and disadvantages of passwords? ›
Passwords can be shared: sharing passwords is very easy to do, whereas you can't share someone's real face. Passwords can be guessed: while passwords are at risk from brute force attacks and social engineering, simply guessing is often effective too—no wonder, when “123456” was the most popular password of 2020!
What is a weakness of password managers? ›
Poorly-protected managers:
Password managers can be a security threat if they do not encrypt their data. Hackers know that compromising a password manager is like getting the keys to the castle. Because of this a strong encryption must be in place to prevent access to your saved passwords.
What is the danger of password manager? ›
However, that doesn't mean they are foolproof. Password managers might make you more likely to use strong passwords, but they also create a single point of failure. If a threat actor manages to compromise your password manager, they can gain access to all of your passwords at once.
What are the benefits of password management? ›
A password manager (or a web browser) can store all your passwords securely, so you don't have to worry about remembering them. This allows you to use unique, strong passwords for all your important accounts (rather than using the same password for all of them, which you should never do).
What are the disadvantages of passwords? ›
Disadvantages of Password-Based Authentication
- Weak Passwords: Users often select weak passwords, making them susceptible to guesswork or cracking.
- Password Reuse: The practice of reusing passwords across multiple accounts increases the risk of security breaches.
Despite its many features, the Google Password Manager has various drawbacks that can't be avoided. It's not nearly as secure as other password managers since it doesn't use zero-knowledge encryption. With this type of security, data is encrypted and decrypted at the device level, not on the server.
What are the disadvantages of a strong password? ›
The Drawbacks
Beyond a certain point, a complex password can be difficult to crack if the number of possible combinations is extremely high, but it can also be too complex to be useful to users. This isn't just an issue with very long passwords, but with any increase in complexity requirements.
What are the disadvantages of changing passwords? ›
By duplicating credentials, they can access additional accounts and expose even more data. Another problem is that when users are forced to create complex passwords, they find them hard to remember. As a result, they write them down or store them where they can be seen or stolen.
Unfortunately, password managers have been hacked before. OneLogin was hacked in 2017, and LastPass was breached in 2022. In March 2023, LastPass issued a statement that the breach resulted in unauthorized users gaining unencrypted access to customers' vault data, including information like usernames and passwords.
Which password manager has never been hacked? ›
There are several password managers with better security, as LastPass has been breached. 1Password is an option as it has never been breached, and NordPass is also known for its strong security features.
Are password managers easily hacked? ›
The quick answer is “yes.” Password managers can be hacked. But while cybercriminals may get "in" it doesn't mean they will get your vault password or other information. The information in your password manager is encrypted.
Are password managers 100% safe? ›
Even the best password manager isn't perfect. No matter how well it has been designed, there's no such thing as 100% security so you should focus on minimizing the risks. One of the biggest flaws in a password manager's security architecture is you, the user.
Are password managers better than using your own? ›
Are password managers safe? Absolutely. But they are only as effective as the person who is using them. If you use “ABC123” as the password for all of your accounts and turn off multifactor authentication, then it doesn't matter how secure your vault is—someone is going to guess that password eventually.
Are password managers a single point of failure? ›
Single point of failure: Since password managers store all the user's passwords in one place, they become a single point of failure. If a hacker gains access to the password manager, they can potentially gain access to all the user's accounts.
What is the one catch with password managers? ›
Single point of failure - if someone gets hold of your master password, they have all your passwords. Password manager programs are a target for hackers.
Is it better to use a password manager or your own password? ›
Since no human can memorize unique passwords for dozens if not hundreds of accounts, security experts have long recommended the use of a password manager, a service that helps you generate and store long, unique passwords for all of your online accounts. Password managers operate across browsers and devices.
Is it a good idea to use a password manager? ›
We've done all the research on why you should be using a password manager to keep everything organized, and keep yourself safe online. It's some of the best money you can spend, save from investing in a VPN. Password managers, like 1Password, are made with the express purpose of keeping all your passwords safe.
Which password managers are hacked? ›
Some of the most popular password managers were found to be vulnerable to an AutoSpill exploit. These included 1Password, LastPass, Enpass, Keeper, and Keepass2Android. When a JavaScript injection method was enabled, DashLane and Google Smart Lock were also susceptible to the credential-stealing attack.
