That’s a question we all should start to ponder. In this day and age, when a large and established company such as Adobe can get hacked, are any of our passwords safe?
If Adobe had been storing their customers’ banking and shopping passwords, the 38 million people affected by the hack would have been in serious trouble.
But that doesn’t mean you shouldn’t use a password manager. Without one, you’re likely to use the same password over and over again, and pick passwords that are easy to remember and, therefore, easy to guess. That’s dangerous, too.
What it does mean is that you need the right kind of password manager.
Quick definition: a password manager is a programme that keeps your passwords and other login information in an encrypted database. That way, you only have to remember one password – the one that opens the password manager.
I strongly recommend against any cloud-based password management service – especially if that service can access your database. If the service can recover your forgotten password manager’s password, or if it can turn over your passwords to your next of kin, that company has access to your passwords, and can be hacked.
Instead, use a local programme on your computer. That way, the encryption stays close to home. It’s not on the Internet, and even if someone did get ahold of your data file, it would be useless without the password.
That is if you follow these instructions:
First, the programme has to be well and honestly written, without serious bugs or an intentional backdoor. And that means sticking with established, open-source programmes like Password Safe andKeePass. With open source, anyone can read the program’s code – or at least anyone with the technical ability to understand it. And that makes it more secure.
I know it sounds counterintuitive. If anyone can study how the programme is built, why couldn’t someone hack it? Because the code is not the key; the password – which only you have – is the key. With open source, bugs and backdoors become common knowledge quickly, and everyone would know that the program isn’t safe. As security expert Bruce Schneier put it, “In the cryptography world, we consider open source necessary for good security; we have for decades.”
Secondly, a crook may be able to guess your password, or find it in a brute force attack. For protection, use a strong password.
Related Articles
