Trouble remembering multiple passwords? These apps can help, but how safe are they?
While a browser-based password manager app helps, a dedicated one could be your best bet
Highlights
- How password managers (or apps) could help you "step up" from using the same credentials everywhere.
- Know the advantages and drawbacks, as well as potential hazards of storing passwords in your browser.
Dubai: Have you used the same passwords across various sites — social media, banking, online stores, work/personal email, chat apps, etc?
Have you written your passwords down on stickies or physical paper? And have you emailed your passwords for different accounts to yourself?
If you’ve done any of these, you’re not alone. Password reuse is considered an “epidemic”, and is fraught with danger. Why? It’s what experts consider as one of the “weak” lines of defence seen behind some data breaches.
Passwords: Important irritants
We can't underestimate the importance of strong passwords. They’re the gatekeepers to our online lives. They grant access to our emails, social media, digital finances, and more.
Yet they can be a source of exasperation. Passwords stand as both our shield and a source of frustration.
And with each new account comes the challenge of creating yet another password that needs to be unique, complex — and memorable.
Then you have an IT team who, as a matter of protocol, advise you against reusing passwords across platforms, or force you to change passwords every so often. They’re actually right. If one of your accounts gets breached, it can lead to a domino effect of compromised accounts.
Having strong passwords poses a paradox – the harder they are to crack, the harder they are to remember. As a result, many resort to writing them down, a practice that negates the purpose of security altogether.
What are good alternatives to passwords?
Alternative authentication methods include biometrics and hardware keys. These are already in use for a while, even as newer solutions or iterations emerge. In a nutshell, they promise to solve password woes. But until then, passwords remain a classic case of "can't live with it, can't live without it.”
Password managers: What are they?
In general, they are app-based digital tools that offer a secure and organised method for generating, storing, and managing passwords.
They store an encryption system to secure your usernames and passwords, for online accounts and services — usually with the use of a “master password”.
3 ways a password manager protects you
Data breaches
Data breaches are still fairly common. There were 20,030 data breaches recorded by the US-based data protection advocacy group privacyrights.org, from February 2006 to February 2022, the latest for which data is available. Malign forces in cyberspace abound: Crowdstrike, a cybersecurity tech company, in a 2023 report, named 33 new “adversaries” in 2022 addition to the 200+ adversaries identified as targeting organisations across the globe. It also reported a 95 per cent increase in cloud exploitation, 112 per cent increase in access broker advertisements on the "dark web”. It noted that average eCrime “breakout time” — the window during which an organisation can detect and prevent an incident (by identifying, then ejecting an intruder) from turning into a breach was 84 minutes in 2022.
Dangers of weak passwords
The importance of robust passwords cannot be overstated. [] A simple, easily guessable password exposes you to serious risks. Hackers use a variety of methods, from brute force attacks to “social engineering”, to crack passwords and gain unauthorised access to your accounts. [] Reusing passwords across multiple sites amplifies the danger, as a breach on one platform could potentially grant hackers access to all your accounts. [] Physical notes on stickies or on notebooks are susceptible to loss, theft, or damage. Furthermore, manually managing numerous passwords can become a cumbersome task as the number of accounts grows, leading to errors and confusion.
"Master password”: What is it? Do I need it?
A master password serves as a primary key to access various accounts and platforms simultaneously. This term finds common use in the realm of password managers. For instance, with a master password, your credentials are stored, and one of the browser extensions (like Chrome, Firefox, Safari) facilitates your logins, similar to how browser passwords are saved. Once you log with the master password, the manager takes care of the rest. Recalling your individual credentials becomes unnecessary.
Here's why password managers are a game-changer:
Secure sharing: Some password managers allow you to securely share passwords with trusted individuals, such as family members or colleagues, without revealing the actual password.
How to select the right password manager
We suggest some basics to look out for:
User-friendly interface: A user-friendly interface makes it easier to navigate and use the password manager effectively.
Offline Access: While online access is convenient, it's important that you can access your passwords even when you're offline.
Customer Support: Good customer support ensures you can quickly resolve any issues or queries you might have.
Are password managers compatible with all platforms?
Most are compatible with leading operating systems:
Note: It's best to double-check your device's compatiblity with the password manager you're opting for.
How much does a password manager cost?
Free: Decent ones are available for free (including browser-based ones)
Top-tier: Paid password managers like 1Password cost about $40 a year
Average cost: It is usually between $10 and $60 per year for single-use account.
Below is an indicative cost comparison of some Password Managers, according to Investopedia:
Are password managers safe? Upsides, downsides, risks
On your browser, there’s a built-in password manager. It is convenient to use, but experts warn this is trading convenience with security.
Many opt for this easy method to streamline the process of creating and recalling unique login credentials. One click and you're ready to access member-only sites or check balances. But, as with many things, there's more to this story.
The Upside: Pros of storing passwords in your browser
Built-in functionality: Browsers like Chrome, Edge and Safari come equipped with password management features. No need for extra software or compatibility concerns.
Cross-device sync: Use the same OS and browser on various devices? Your saved logins are accessible everywhere.
Auto-fill ease: Save time and avoid errors by letting the browser automatically populate login forms.
Password generation: Browsers suggest robust passwords with random characters, boosting security.
Downsides of browser-based password storage
Limited security: Browser password management is an add-on, not its core purpose. Password structures might be fixed, and there's often no encryption for all login data.
Single breach vulnerability: A breach exposes all stored passwords. Synced devices expand access points for hackers.
Migration issues: Switching browsers or platforms poses compatibility problems, often requiring manual data transfer.
How browser password managers create risks for companies
Enpass warns that browser-based password managers carry danger to companies or organisation Enpass, which offers both offline and online password management solutions, explained in a blog post: “With most browser-based password managers, your password security is tied to your device security. Anybody who can access your computer, tablet, or phone will get access to all of your passwords without having to supply additional information.”
With most browser-based password managers, your password security is tied to your device security. Anybody who can access your computer, tablet, or phone will get access to all of your passwords without having to supply additional information.
Downsides of storing passwords in your browser
Integrated browser password managers favour convenience over security. Moreover, ensuring secure password sharing can be a challenge, frequently resulting in reliance on physical notes.
There's a potential for employees to overlook logging out, thereby risking data exposure in cases of lost or compromised devices. Valuable assets like company information and customer data could be in jeopardy. Productivity can suffer due to misplaced passwords, and the inability to promptly revoke access may result in irreversible data loss.
So browser-based password management might seem convenient, but it poses unauthorised access and digital security risks. For corporate users, a dedicated password management tool if preferred.
Security is key
Today's information landscape demands a higher level of security, and password managers offer the key to achieving it.
While no system is entirely immune to security risks, using a reputable password manager is considered a more secure way to manage your passwords than other methods. In general, safekeeping information using strong multiple layers of protection, renders them more secure. With their ability to generate strong, unique passwords, encrypt your data, and streamline the login process, dedicated password managers provide a comprehensive solution to the challenges of online security. When applied or used correctly, they can greatly help your online security.
Sign up for the Daily Briefing
Get the latest news and updates straight to your inbox
