No user can remember complex passwords, but password management systems can easily accommodate many combinations of any letters, numbers, and special characters. Password managers for managing access data and passwords are therefore an important security measure in the online world.
What is a password manager?
No one should have to remember complex passwords anymore. Password managers or password safes are available for this purpose. These store access data in an encrypted database, either online or offline. New approaches even do without these databases and regenerate the access data as needed.
Each system has advantages and disadvantages, be it in operation, convenience, or security. Nevertheless, the use of a password manager is worthwhile as soon as you use more than two or three passwords (which should be the case for most IT professionals). We provide an overview of various programs in the article “Popular password managers at a glance“.
Password managers in the cloud are one thing above all: convenient. No matter which system, whether mobile or desktop, passwords are always up-to-date and available everywhere. Cloud managers usually work with encrypted databases. These are synchronized between the respective end devices.
Normally, they are only decrypted on site; the cloud service should never have access to the data. However, this requires enormous trust in the respective cloud service provider. The cloud systems mostly work via browser plug-ins, so they are mainly suitable for use with web services. Well-known approaches are LastPass, Dashlane, or Encryptr.
Locally installed solutions
The combination of cloud and password storage seems irritating to many people. No problem, there are enough alternatives that can be installed locally. This has the advantage that the database with access data never leaves your own computer – unless you want it to. Because the disadvantage is that you have to take care of the synchronization on other systems yourself.
One option is to synchronize the password database via cloud services such as Dropbox (but this then brings up the security issue again). Local solutions are ideal if you are active on one or a few systems. Additionally, they are good to use for local credentials, such as SSH keys or local access. You probably already have a solution in place: many browsers have integrated management for accessing data.
For additional security, you should always set a master password here. Examples of these solutions are KeePass or 1Password for Mac OS.
Password generators are an interesting alternative to classic password managers. The big advantage is that these solutions do not store passwords in plain text, either in the cloud or locally. Instead, they regenerate the credentials from known information over and over again. For this purpose, a combination of metadata (such as access data or URL of the service) and a password is used.
From this information, the programs can generate the same password over and over again as needed. Since these solutions do not store any data locally, they are well equipped against attacks from malware or hackers. The disadvantage is that (currently) automatic logins are not possible. Solutions with this approach are Lesspass, Forgiva, or Visionary.
Let’s not kid ourselves, password managers belong in the arsenal of every reasonably security-conscious computer user. No one can remember complex passwords, password management systems can accommodate combinations of any letters, numbers, and special characters. The most different solutions offer advantages and disadvantages, ideally, you should try different programs to see which one fits best into your everyday life.