The average Internet user has over 100 online accounts, according to Dashlane. Who on earth can keep track of that many accounts? No one really. That’s why millions of people use password managers to keep their passwords encrypted and organized. Typically, password managers are apps that encrypt and store your passwords in the cloud or locally on your computer, requiring you to use just one secure password to access all your passwords. Convenient, right? So what’s the problem?
Password managers are the ultimate honeypot for hackers who can easily steal an identity by accessing every password in one place. They can access banking and credit card accounts, email accounts and even a company account login that provides access to a corporate server. Many password managers are small firms that offer a free version and may have limited resources to invest in software upgrades and security patches. This makes them easy targets for hackers.
Recently, LastPass, a popular password manager, learned about a “Unique and Highly Sophisticated” security vulnerability from a Google employee who also tweeted about it after showering. A series of angry tweets followed, complete with awkward shower jokes and anger about this public “outing.”
If that wasn’t embarrassing enough, last week, a German research report found at least 26 flaws within nine major password managers running on Android devices. LastPass was also featured in the report. The bugs varied: in some cases, the password managers did not encrypt the passwords and instead stored them using plain text. In others, a master key was hard-coded, the information was leaked to the vendor, or security questions could be bypassed. Source
Even the federal government is concerned about password security. The National Cyber Security Alliance launched a “Lockdown your Login” campaign to educate Americans about better ways to protect their login passwords. There’s even a theme song. Suggestions include using a physical security key device that is required when logging into your devices, requiring biometric data like a fingerprint when logging in and enabling two-factor authentication with Facebook, Instagram and Google.
None of these tools are foolproof. Your brain (at least today) is the safest password manager. Try to create passwords that use combinations of words, digits and symbols that have meaning to you but not to others. If you must use a password manager, be diligent in finding a reputable provider and update your software regularly to install the latest security patches.