How to choose the best password manager?
Although we are living in an age of biometrics and other means of personal authentication, most of us still rely on passwords to keep our data safe. The rise of spear phishing in recent years has proven that no account is fully secure as cybercriminals hoard old passwords and probe weak security measures for flaws. That is why cybersecurity experts agree that your passwords should form a random streak of characters capable of withstanding attacks from hackers. However, strong passwords are often devoid of any logic and almost impossible to remember.
That’s where a password manager comes in. Whether you are looking for the best Android password manager or planning to use PCs and Macs, our advice is to get acquainted with how the system works.
There are two password manager models. The first is based on “local” encryption limited exclusively to your device. All of the encryption and decryption are conducted on your computer or mobile phone. The other way to keep your passwords safe is by using cloud-based technology, which helps you sync all your credentials regardless of the device you are using.
Password managers that offer their services on the cloud are usually bound by the so-called zero-knowledge policy. This method involves storing an encrypted copy of your vault on their servers, while the original is stored in your device. Password management providers guarantee complete privacy regarding your master password, which is unknown even to them and is never sent directly over the internet. The decryption process is conducted locally by using the client’s master password.
This is especially comforting in case of a breach. When selecting software, keep in mind that the best password manager is the one that keeps your master password protected even from the software itself.
However, in order for this system to work, it needs to be protected from both ends. This requires two-factor authentication. The process involves your master password and a temporary password you recieve on your mobile or other devices. The code you receive is for one-time-use only, leaving no room for third-party interference. This prevents potential attackers from using your master password if they should somehow get a hold of it.
Although you might think all these measures eliminate the threat completely, a more sophisticated cyber-attack still poses a danger to your most valuable credentials. Theoretically, malware infection can still jeopardize a user’s active password manager and access online accounts using a local browser if the auto-login option is activated.
To avoid potential breaches, look for a password manager that includes an application that logs you off after a certain time of inactivity. For instance, if a browser is left open for several hours, you increase the likelihood of someone accessing your passwords. Consider this precaution as another layer of security.
Another thing to avoid is skipping the second authentication step when trying to access the software from a device you flagged as trusted. You should always comply with the second step authentication to prevent attackers from taking control of your device.
It’s important to keep in mind that hackers select their targets based on existing security measures or the lack thereof. Motives for cybercrime vary and are often centered on collecting vast amounts of data on as many users as possible. So, manage your passwords wisely.