How many accounts do you have on different websites and online services? Including those you do not even remember you once signed up for? It is not an easy question to answer as we often create accounts online, wherever our need to access the service overrides concerns of sharing personal information. A few keystrokes, a click on the confirmation email link and we are done, a new account is created, along with a new password to remember. This ease of creating online accounts grants quick access to the service or information we seek, however, as a side-effect, it also ends up giving birth to a new password. This password adds up to the number of passwords to remember, or creating a new one on your next login if you forget it. Amid the struggle of ever growing list of passwords, people are increasingly employing a password manager to generate, protect and recall their passwords.
If you go through the website of any password manager program, they are found to be making big claims about their security and features. But are these little software vaults are as secure as they claim or they are just trading off convenience with security? Let’s find out.
Why passwords are complicating us?
In recent years, increasing numbers of data security breaches have left organizations concerned about security of their data and user accounts. Technology is ubiquitous and has its reach to criminals as well, who use it as a weapon. As the technology advances, cyber-attacks for stealing information or taking a system down are getting more and more sophisticated as well as intense. Businesses around the world have suffered losses and damages to their brand reputation because of the data security breaches. It made them to take steps that somewhere compromised with user friendliness of their services. When 9/11 took place, civil liberties were adversely affected. People had to go through thorough screening before passing any security perimeter. When data security incidents became frequent, online liberties also affected. Organizations pushed strict password policies that required users to add a certain level of complexity to their passwords. It made them hard to remember and left users struggling at login screen with forgotten passwords.
Password complexity leads to forgotten passwords and eventually password rest requests. Organizations leverage security questions or password reset email link to enable users to reset their passwords. Preset security questions often ask for information that may be shared among friends or relatives, like birth place, date of birth, mother’s maiden name, etc. It compromises the original idea of security by imposing password complexity as anyone with answers to security questions can change the password and access the user account. Complications associated with creating a new password for a forgotten one are even more time consuming than creating a password while signing up for a new account. Some websites do not even let you use last three passwords you used for the same account. All this leads to a feeling of stress called Password Fatigue.
However, Password complexity policies do improve security as complex passwords are hard to crack, but they also leave users struggling to gain access to their own account and hamper the overall experience.
Passwords managers come to rescue
Choosing security over convenience is good, but not good enough. Complex passwords put additional stress on users every time they login, so users are increasingly adopting password managers to generate complex passwords and invoke them at the login screen. Password manager is a program that can generate, store and retrieve complex passwords for you. They are offered as online service as well as locally installable programs. However, they are now mostly used by people for logging in to websites and smartphone apps. Password Managers dramatically reduces all the pain associated with remembering complex passwords and login screens start appearing friendly.
Creating complex passwords also gets a click away with password managers, no more need to grind words and making stupid combinations. With password managers, your digital life suddenly starts feeling more peaceful, but wait. If this peace comes at the price of security, it will not last long.
Are password managers as secure as they claim?
Fortunately, creators of most password managers take security very seriously. They know that a breach to this digital vault will reveal all other passwords that can expose sensitive, personal and financial information. It can drain money out of bank accounts or can even pose a threat to the national security. So this tiny, yet powerful tool cannot afford to be insecure.
He stands behind the security of password managers, and we cannot say he is wrong. Like many other password manager, Dashlane uses AES-256 encryption and many other methods to protect its service and user data. LastPass, another popular password manger claims to provide top notch security like AES-256 bit encryption with PBKDF2 SHA-256 and salted hashes to ensure complete security in the cloud. Local-only encryption, private master password and transport layer encryption are other security measures taken up by companies behind popular password manager programs in the market.
How do password managers work?
Password managers often come in different forms, depending on where the service will be used. They are may be offered as a browser extensions, installable application for PCs, or as a smartphone app. Extensions are available across the popular browsers like Google chrome, Microsoft edge, Mozilla Firefox, Safari, Opera, etc. Password Manager apps are also available across popular PC/mobile platforms like Windows, Linux, Mac OS, iOS, Android, Windows Mobile, etc.
Browser extensions come in handy when logging in to a website. They offer password auto-fill options right on password textbox on login screen and have ability to generate passwords with customizable complexity while signing up for a service or online account. Users can choose to include lowercase or uppercase characters, numbers and special characters for their new password right on the sign up screen. After selecting option, hitting generate button generates the password, which is saved if used for signing up for the account. This password gets auto-filled every time the user needs to login to his/her account.
Browser extensions are great for generating / auto-filling passwords on website, but they offer no help while logging in to app versions of same website or online service. That’s where password manger apps come to rescue. They provide functionality to generate, auto-fill and save passwords when signing up or logging in to apps, on smartphones. That is not it, password manager apps can also login to sites with the built-in browsers as mobile browsers may not have to extension / add-on ability.
Fingerprints save password managers from passwords
Password Managers need higher level of security. They contain passwords of all your accounts, including accounts where your money is. Most password managers offer to set a master password or PIN for their password manager app / extension security, however this generates a new password to get rid of the rest. Using password for password manager security sounds like using violence to establish peace. Password based security may be adequate for a password manager but it offers a meagre user experience and disagrees with the basic idea of using a password manager. Fortunately, there is something that can save password manager from password based security: The Fingerprint Biometrics.
Fingerprint biometrics for the security of a password manager program can enhance user experience and security at the same time. Unlike passwords or PINs, it leverages a user’s unique friction ridge pattern to establish and confirm his/her identity, which cannot be forgotten, forged or guessed. Fingerprint authentication for password manager provides the top level security, which is used in high security application like border control and forensics. Since more and more mobile devices are now equipped with a fingerprint sensor, it can be used to authenticate identity on a password manager app. Many banking and financial service providers have already integrated fingerprint authentication functionality within their mobile apps. Trust of financial institutions and government applications eliminates all doubts on fingerprint based security for password managers.
Complex passwords complicate the user experience. Time wasted at login screens could be utilized in the actual purpose of logging in to the service, but complex passwords leave no choice for users. Most current password managers use encryption as well as other methods to safeguard their service from potential threats. Password managers improve digital hygiene as well. While people may think that creating an online account will not make any difference in their lives, it actually results in digital clutter. Unwanted mails out of your subscription stuff your inbox, whether you like it or not. Password managers have now become inevitable owing to the ever more increasing numbers of passwords in our lives. Fingerprint biometrics can help password managers to eliminate that last password they use for their own security.