Your IT Consultant

Should You Use a Password Manager?

September 16, 2014

Like a lot of security professionals, I believe that you should use complex passwords and a different password for each login. The problem is…how do you remember all of those unique passwords for each and every login? The password manager is your friend. You need some sort of secure, encrypted password vault to store all of those login credentials. But are those password managers safe?

Noted security professional Bruce Schneier thinks so. That doesn’t mean that every password manager is secure in its design. There may be some inherent design flaws with the encryption schemes used to secure the password vault. There are documented design flaws with products like 1Password that you need to consider. Generally, if you use a strong locking password for access to the password vault, you’ll be in safe territory. Frankly, I wouldn’t use 1Password as there are many alternate solutions available that don’t have design flaws. Web products such as LastPass or the standalone application eWallet are good alternatives. No matter what product you use, you should be using a password manager to store your login credentials secured with a strong unlocking password or passphrase.

E-mail:   Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
http://www.senseient.com