Computer Security

Computer Security: Password Managers

This is the second post in a multi-part series on computer security essentials. I am not a computer security expert but there’s some basic computer security essentials that a surprising number of people don’t understand. The aim of this series is to raise awareness of these. I will be covering password vaults, two factor authentication, devices and local encryption.

As mentioned in my last post on passwords, it’s important to use a different password for every service you use and to have long and cryptic randomly generated passwords.

Our human brains can’t remember the sheer quantity and complexity of passwords you’ll need for day-to-day use so this is where password managers come in handy. A password manager is software that serves two main purposes: to generate long and complex passwords for you, and to store them so you don’t need to remember them. You password manager database needs to be encrypted and you should use a passphrase based password that you can remember but is very long so it’s hard to guess. I talked yesterday about high entropy passphrase based passwords.

The two most popular password managers are LastPass and 1Password – their names both imply that your password manager ‘master’ password is the only or last password you’ll ever need to remember.

I’ve used both of these password managers; I found LastPass to be more affordable and 1Password to have a more polished user experience but YMMV. The thing I like about 1Password is their family plan which makes it easy to share vaults across family members and administer family members accounts. This is why I currently use 1Password.

Both of these password managers integrate well with browsers and mobile operating systems to able you to quickly pre-fill password information when required. 1Password on iOS has a Safari extension which populates logon forms so you don’t need to use a special app or browser.

Both services have a cloud option to store your data which makes accessing it on your devices easy, but using a cloud service is less secure than just storing this data locally and syncing it to devices over local wifi which 1Password allows. 1Password has an account key which is used to access your data on new devices whereas LastPass optionally allows multi-factor authentication to access your passwords which you should use. I will cover multi-factor authentication in my next post.

If you don’t currently use a password manager I would recommend you start using one of the two I mentioned straight away and begin storing all your passwords in it. You can use the ‘generate secure password’ feature of each app to change your passwords as you add them to ensure every password you use is different and secure.

What’s your experience with password managers?

5 replies on “Computer Security: Password Managers”

Great article – password security is something that most people know a bit about but few take seriously enough. I’ve used LastPass for years without complaint. It works well on the Windows desktop and Android systems I use. I’ve used it on OS X systems in the past too without complaint. I can’t speak as to 1Password, but I’ve heard good things about it too.

I use LastPass for +5 years and I’m pretty happy with it. All my passwords are random with at least 16 chars since I started using it. I use as a Chrome Extension, it gets out of the way and just works, it’s free, and (seems) secure.
I say “seems” because it hosts your passwords on the cloud. Keep in mind they are all hashed using your master password as seed. Also “the internet” raged when LogMeIn acquired them. No trouble so far, fingers crossed!

KeePass seems more secure in the way dialex11 described – no clouds. I use KeePassX on Linux and Keepass2Android on my smartphone. They are synced via webdav, but one can choose different strategy. There are also some browser extensions to fill forms automatically, but I don’t feel a need for this. And the main thing, KeePass ecosystem is all open source, though maybe not so polished as LastPass & friends.

KeePass is a great option also, it’s just not as family friendly for me since I want to have all my family using a password manager and make it as easy (and secure) as possible.

Leave a Reply

Your email address will not be published. Required fields are marked *