password managers
There’s a modern solution to the password conundrum — via "password managers", also known as password apps. While browsers have built-in password managers, which are fraught with inherent weaknesses, the field of dedicated password apps is vast and can be confusing. Image Credit: Vijith Pulikkal | Gulf News

Highlights

  • How password managers (or apps) could help you "step up" from using the same credentials everywhere.
  • Know the advantages and drawbacks, as well as potential hazards of storing passwords in your browser.

Dubai: Have you used the same passwords across various sites — social media, banking, online stores, work/personal email, chat apps, etc?

Have you written your passwords down on stickies or physical paper? And have you emailed your passwords for different accounts to yourself?

Hate passwords? You're in luck - Google is sidelining them
Password managers are designed to securely store and manage your login credentials. In the face of digital overload, relying on memory, sticky notes, or weak passwords are over.

If you’ve done any of these, you’re not alone. Password reuse is considered an “epidemic”, and is fraught with danger.  Why? It’s what experts consider as one of the “weak” lines of defence seen behind some data breaches.

Passwords: Important irritants

We can't underestimate the importance of strong passwords. They’re the gatekeepers to our online lives. They grant access to our emails, social media, digital finances, and more.

Yet they can be a source of exasperation. Passwords stand as both our shield and a source of frustration.

And with each new account comes the challenge of creating yet another password that needs to be unique, complex — and memorable.

Then you have an IT team who, as a matter of protocol, advise you against reusing passwords across platforms, or force you to change passwords every so often. They’re actually right. If one of your accounts gets breached, it can lead to a domino effect of compromised accounts.

Having strong passwords poses a paradox – the harder they are to crack, the harder they are to remember. As a result, many resort to writing them down, a practice that negates the purpose of security altogether.

What are good alternatives to passwords?

Alternative authentication methods include biometrics and hardware keys. These are already in use for a while, even as newer solutions or iterations emerge. In a nutshell, they promise to solve password woes. But until then, passwords remain a classic case of "can't live with it, can't live without it.”

Password managers: What are they?

In general, they are app-based digital tools that offer a secure and organised method for generating, storing, and managing passwords.

They store an encryption system to secure your usernames and passwords, for online accounts and services — usually with the use of a “master password”.

3 ways a password manager protects you

  • Password generation: These apps help users generate strong and unique passwords for each of their accounts and then store these passwords in an encrypted database.
  • Password storage: You can then access your stored passwords with a master password — or other forms of authentication.
  • Layers of protection: Password managers help provide multiple layers of protection that render them more secure than other approaches to password management, like as using the same passwords across various sites or noting them on physical paper.
Data breaches
Data breaches are still fairly common. There were 20,030 data breaches recorded by the US-based data protection advocacy group privacyrights.org, from February 2006 to February 2022, the latest for which data is available.

Malign forces in cyberspace abound: Crowdstrike, a cybersecurity tech company, in a 2023 report, named 33 new “adversaries” in 2022 addition to the 200+ adversaries identified as targeting organisations across the globe.

It also reported a 95 per cent increase in cloud exploitation, 112 per cent increase in access broker advertisements on the "dark web”. It noted that average eCrime “breakout time” — the window during which an organisation can detect and prevent an incident (by identifying, then ejecting an intruder) from turning into a breach was 84 minutes in 2022.
Password
When utilising a password manager, you essentially need to commit one set of login details—the master password—to gain entry to the manager itself.
Dangers of weak passwords
The importance of robust passwords cannot be overstated.

[] A simple, easily guessable password exposes you to serious risks. Hackers use a variety of methods, from brute force attacks to “social engineering”, to crack passwords and gain unauthorised access to your accounts.

[] Reusing passwords across multiple sites amplifies the danger, as a breach on one platform could potentially grant hackers access to all your accounts.

[] Physical notes on stickies or on notebooks are susceptible to loss, theft, or damage. Furthermore, manually managing numerous passwords can become a cumbersome task as the number of accounts grows, leading to errors and confusion.
password managers
The practice of writing down passwords on sticky notes or in a physical notebook — is riddled with vulnerabilities. Sticky notes can be easily misplaced or seen by others, compromising the security of your accounts. Image Credit: Gulf News
"Master password”: What is it? Do I need it?
A master password serves as a primary key to access various accounts and platforms simultaneously. This term finds common use in the realm of password managers.

For instance, with a master password, your credentials are stored, and one of the browser extensions (like Chrome, Firefox, Safari) facilitates your logins, similar to how browser passwords are saved.

Once you log with the master password, the manager takes care of the rest. Recalling your individual credentials becomes unnecessary.

Here's why password managers are a game-changer:

Strong, unique passwords: Password managers can generate complex, unique passwords for each of your accounts. These passwords are virtually impossible to guess, enhancing your account security significantly.


Centralised storage: With a password manager, you only need to remember one master password. This master password grants you access to the password manager's vault, where all your other passwords are securely stored.


Password
Instead of using a browser-based password manager, a dedicated password manager for individuals and businesses alike offers enhanced protection and control.

Encrypted protection: Password managers use advanced encryption techniques to protect your stored passwords. Even if a hacker gains access to the encrypted data, they won't be able to decipher it without the master password.


Auto-fill convenience: Most password managers offer browser extensions that can automatically fill in login details for you. This not only saves time but also ensures you're using the correct, secure credentials every time.


Cross-platform accessibility: Password managers are often available on various devices and platforms, ensuring that your passwords are accessible whenever and wherever you need them.


Secure sharing: Some password managers allow you to securely share passwords with trusted individuals, such as family members or colleagues, without revealing the actual password.

How to select the right password manager

password managers
Image Credit: Vijith Pulikkal | Gulf News

We suggest some basics to look out for:

Strong encryption: Ensure that the password manager uses robust encryption algorithms to protect your data.


Multi-factor authentication (MFA): MFA adds an extra layer of security by requiring an additional authentication method, such as a fingerprint or a text message code, along with your master password.


User-friendly interface: A user-friendly interface makes it easier to navigate and use the password manager effectively.

Offline Access: While online access is convenient, it's important that you can access your passwords even when you're offline.

Customer Support: Good customer support ensures you can quickly resolve any issues or queries you might have.

Are password managers compatible with all platforms?

Most are compatible with leading operating systems:

  • Android
  • iOS
  • Windows
  • Mac
  • Linux

Note: It's best to double-check your device's compatiblity with the password manager you're opting for.

How much does a password manager cost?

Free: Decent ones are available for free (including browser-based ones)

Top-tier: Paid password managers like 1Password cost about $40 a year

Average cost: It is usually between $10 and $60 per year for single-use account.

Below is an indicative cost comparison of some Password Managers, according to Investopedia:

  • LastPass | $0 (basic) or $3-$4/month for Personal plan
  • Dashlane | $59.99-$89.99/year
  • LogMeOnce | $2.50 to $4.99/month
  • Bitwarden | $0 (basic) or $10/year (premium)

Are password managers safe? Upsides, downsides, risks

On your browser, there’s a built-in password manager. It is convenient to use, but experts warn this is trading convenience with security.

Many opt for this easy method to streamline the process of creating and recalling unique login credentials. One click and you're ready to access member-only sites or check balances. But, as with many things, there's more to this story.

password managers
Even with a password manager, it is still best to use strong PINs or biometric locks on your devices to prevent unauthorised access. Image Credit: Screengrab

The Upside: Pros of storing passwords in your browser

Built-in functionality: Browsers like Chrome, Edge and Safari come equipped with password management features. No need for extra software or compatibility concerns.

Cross-device sync: Use the same OS and browser on various devices? Your saved logins are accessible everywhere.

Auto-fill ease: Save time and avoid errors by letting the browser automatically populate login forms.

Password generation: Browsers suggest robust passwords with random characters, boosting security.


This “password generation” feature can create a deceptive sense of safety, leading to the browser's trap.

Downsides of browser-based password storage

Limited security: Browser password management is an add-on, not its core purpose. Password structures might be fixed, and there's often no encryption for all login data.

Single breach vulnerability: A breach exposes all stored passwords. Synced devices expand access points for hackers.

Migration issues: Switching browsers or platforms poses compatibility problems, often requiring manual data transfer.

How browser password managers create risks for companies

Enpass warns that browser-based password managers carry danger to companies or organisation Enpass, which offers both offline and online password management solutions, explained in a blog post: “With most browser-based password managers, your password security is tied to your device security. Anybody who can access your computer, tablet, or phone will get access to all of your passwords without having to supply additional information.”

With most browser-based password managers, your password security is tied to your device security. Anybody who can access your computer, tablet, or phone will get access to all of your passwords without having to supply additional information.

password
With most browser-based password managers, your password security is tied to your device security. Anybody who can access your computer, tablet, or phone will get access to all of your passwords without having to supply additional information.

Downsides of storing passwords in your browser

Integrated browser password managers favour convenience over security. Moreover, ensuring secure password sharing can be a challenge, frequently resulting in reliance on physical notes.

There's a potential for employees to overlook logging out, thereby risking data exposure in cases of lost or compromised devices. Valuable assets like company information and customer data could be in jeopardy. Productivity can suffer due to misplaced passwords, and the inability to promptly revoke access may result in irreversible data loss.

So browser-based password management might seem convenient, but it poses unauthorised access and digital security risks. For corporate users, a dedicated password management tool if preferred.

Security is key

Today's information landscape demands a higher level of security, and password managers offer the key to achieving it.

While no system is entirely immune to security risks, using a reputable password manager is considered a more secure way to manage your passwords than other methods. In general, safekeeping information using strong multiple layers of protection, renders them more secure. With their ability to generate strong, unique passwords, encrypt your data, and streamline the login process, dedicated password managers provide a comprehensive solution to the challenges of online security. When applied or used correctly, they can greatly help your online security.