Password hacker

This is a follow-up on “What is a strong password” You might want to read this one first.

You decided that, in addition to MFA (LINK), having one long (32 characters!) randomly generated password per site/system is a secure way to go. But, you need to store those somewhere. This is where password managers come in.

Before you pick one, it is worth noting that password managers have their failings: First, they are single points of failures. Second, they are prime targets for attacks. And finally, they depend on technology that can introduce bugs or not be available when you need it.

However, those are minor disadvantages compared to the risks of not using one. You get stronger passwords, a convenient way to store credentials and access those on different devices, and potentially share secrets with colleagues, friends, or family. The latter can be considered a disadvantage as well! However, something like the passphrase to sign your software release should be shared (or at least known) by several members of your team.

The main things to look out for are:

  1. Encryption: The password manager should use strong encryption to protect your data. Look for password managers that use AES-256 or other industry-standard encryption algorithms. Another key feature is that you must have full control of the keys. If your provider can access your keys, they are not secure.

  2. Zero-knowledge architecture: A zero-knowledge architecture means that the password manager does not have access to your master password or your stored passwords. This ensures that your data is only accessible to you. This helps reduce the impact of any future data breach at the provider.

  3. Multi-factor authentication: Multi-factor authentication adds an extra layer of security to your password manager. Look for password managers that offer options such as biometric authentication, SMS or email verification, or hardware tokens.

  4. Reputation and reviews: Research the reputation and reviews of the password manager before deciding. Look for password managers that have a proven track record of security and reliability. Look out for their breach reports: what happened, what did they do about it, and how are they ensuring nothing like that happens again. Of course, something else will happen.

  5. Compatibility: The password manager should be compatible with all the devices and platforms you use. This ensures that you can access your passwords wherever you are. No password manager should require an internet connection to work.

Please do note that password managers are just one of many layers to make authentication and authorisation secure. If you are keen to know more, please book a call with us.