Password Managers - Part 2 of 2
This article is a continuation from Part 1. click here if you would like to go back and read Part 1.
The importance of using different passwords for each site
If you re-use a password on multiple accounts, even if your password is long and complicated, all it takes is one account getting compromised to make all your other accounts vulnerable. Password compromises are quite common these days. If an attacker gets access to your password through an insecure, innocuous website, they can then use it to pivot to more sensitive ones, like your bank, tax, or online health care accounts.
Quick and recommended read: "Why Is It So Important to Use a Different Password on Every Site"
What are Password Managers?
- Password Managers are software applications that can be used to create, store, and manage a large number of passwords in an encrypted format. These passwords are saved either in the local memory of the user’s system or in cloud storage.
- They help save time by automatically enter login details into the forms with just one click
- The automatic form filling feature fills in the login information for a particular URL whenever it loads, and thus reduces manual errors and protects systems from hacker attacks such as keylogging (action of recording the keys struck on a keyboard, typically covertly) or from some phishing sites.
- Some of the types of password managers are: Web-browser based, cloud-based, portable, desktop, and stateless
LastPass: Chipkin's Recommended Password Manager
LastPass is the most popular password management and freemium software, irrespective of the huge competitors out in the market. It provides an excellent balance of options and features rich with multiplatform support. You can access this software on multiple devices that have Windows, macOS, Linux, Android, iOS, Windows mobile, and has plugins for Chrome, Firefox, Safari, Opera, and Microsoft Edge.
Features
- Unlimited passwords storage
- Credit monitoring
- Password generator
- Secure note storage
- Notifications when a site you have an account with has been hacked
- One-to-one sharing and a "challenge" to test their own security situation
- Tools to autofill forms
- Streamline online shopping, and more…
LastPass stores your data on its own servers in the cloud as well as on your device. Fortunately, LastPass secures your data with AES-256-bit encryption and salted hashes. Your data is encrypted and decrypted on your device, so the data stored with LastPass is in a readable state only on your device(s). Two-factor authentication is available to both free and premium users of LastPass. Premium subscribers gain hardware two-factor options like Fingerprint Authentication (via Windows Biometric Framework), Yubikey Multifactor Authentication and Sesame Multifactor Authentication. As of June 2018, Yubikey NFC-based authentication is supported on iOS as well as Android. LastPass Premium costs $24 a year for a single user, or $48 a year for a family plan that supports up to six users.
Google's Password Manager
Google,or, more specifically, Chrome, has had a makeshift password manager for a while now. You’ve probably seen it before: any time you enter a password into a site, Chrome will ask if you want to save that password for later. Now, the whole system has been upgraded and rolled into Google’s Smart Lock feature. If that name sounds familiar, it’s probably because you’ve used it on your Android phone. Smart Lock originally allowed you to unlock your Android phone if you had it paired with a trusted Bluetooth device (like a smartwatch) or were in a trusted location (like your home).
Features
- You can manage your passwords from the web (protected by Google’s standard two-factor authentication)
- You can now save (some) app passwords
- Auto Sign-In bypasses app sign in entirely
- Your Google account is your master key
Drawbacks
- Giving all your passwords to Google
- Storing your most sensitive data in closed-source software
- Smart Lock has no integrated UI to generate a random password when signing up for a new website
- It cannot be used for long multi-line plain text secrets such as cryptographic key pairs.
- It is optimized for Google’s Android and Chrome and becomes less convenient if you are willing to switch to iOS or Firefox.
Other Password Managers
Besides just LastPass and Google, you have a wide selection of other password managers to choose from. These other options may be better suited for your needs than the ones that have been listed above. We encourage you to do your own research and decide on the best one to suit your needs. Some of the notable ones are DashLane, Zoho Vault, and Keeper. These all vary on price, customer support, password strength checker, # of available passwords, unsecure login notifications, and more.
References
- https://www.techopedia.com/definition/31435/password-manager
- http://raidersec.blogspot.com/2013/06/how-browsers-store-your-passwords-and.html
- https://www.sagedatasecurity.com/blog/what-makes-a-strong-password-and-six-steps-to-create-one https://www.getsafeonline.org/protecting-yourself/passwords/
- https://askleo.com/why-is-it-so-important-to-use-a-different-password-on-every-site/ https://www.tomsguide.com/us/lastpass,review-3775.html
- https://in.pcmag.com/lastpass/36459/review/lastpass https://lifehacker.com/googles-new-smart-lock-is-the-password-manager-for-the-1710352668
- https://www.thewindowsclub.com/google-password-manager https://lifehacker.com/5529133/five-best-password-managers/a>
- https://in.pcmag.com/password-managers/36444/guide/the-best-password-managers-of-2018
