When an online service suffers a data breach – as recently happened to eHarmony, LinkedIn, Evernote and Yahoo – there’s a risk that an intruder will discover your password and gain access to your account. That danger is multiplied if the compromised password has been used across multiple sites.
Passwords present an online dilemma; seemingly every service you use online requires a password, and for those passwords to be secure, they have to be complex. However, unless you’re blessed with savant levels of memory, it’s impossible to remember half a dozen mixed-case, alphanumeric, special-character inclusive, lengthy random keys – so it’s no surprise that people resort to reusing passwords.
This is where password managers come in – they do the remembering for you. But how do you pick the right one? What questions should you be asking of such applications, and is such an approach actually secure?
How safe are password vaults?
It’s been argued that using a password manager is “putting all your security eggs in one basket” – and with good reason: if you keep all your login data in one place, then any hacker successful in compromising it has been handed the keys to your online kingdom. At first glance, this may seem like an instant deal breaker. From a risk perspective, it requires a breach of only one service to have a domino effect on every other service you use.
Yet the actual risk of compromise is far less than if you reuse one password across multiple sites. In this scenario, you’re relying on dozens of sites keeping your data safe. It takes only one of them to suffer a breach and all the others are compromised as a result. Regular readers of PC Pro will be only too aware of how many popular internet services have suffered breaches over the past couple of years, with password databases being high on the list.
To read more and to see recoomendations click here.