Which password manager should you choose?

Callum FloumeSecurityLeave a Comment

Do you find yourself having to click the "Forgot Password" link often? The brain can only remember so much and each individual has different retention levels at which they can memorise and store information.

If you use computers frequently it is likely you have a few passwords to remember. Assuming you use a different password for each service you use (which you should) this list is ever growing with the increasing amount of online accounts you have and use.

For some people it can prove difficult to remember the right password for the right service. To solve this issue many people will use various methods to send and store passwords.

Existing methods of storing passwords

Personal passwords should stay private and should only be shared with those who you want to see them. Some of the password storage methods people use are simply not safe and leave them vulnerable to having their passwords discovered and used. So lets go over a couple of storage methods I have seen used and explain the vulnerabilities of them:

1. Storing passwords in spreadsheets

Unprotected spreadsheets are up up there with the worst methods of storing passwords. Saving a spreadsheet without a password means it is left un-encrypted and can be viewed by anyone who gets hold of that file. There are all sorts of trojan programs that will “sniff” for documents like these on your computer once it is infected. They will then send documents back to the virus’ creator and leave you at the mercy of them.

Password protected spreadsheets are much better however they have two main factors that define how strong they are… What version of Office you use and how strong your password to the spreadsheet is. Older versions of Microsoft Office use weaker encryption than the latest versions and as such are much easier to crack. If you are using an old version of office and using a weak password, it is likely your password can be broken and the spreadsheet can be decrypted.

I would consider using spreadsheet documents an unsafe method of storage for passwords however if you absolutely have to use them then make sure you have a recent version of Microsoft Office and you use a strong pass-phrase.

2. Using paper in a safe

Passwords written on a piece of paper and put in a safe is probably the most secure (in terms of cyber security) way of recording such information. There is no network access to it and without knowing the pass code to the safe it is unlikely, without a great deal of effort, you will gain access.

However this method has several downsides, a couple of them for example are… It is very difficult to allow frequent access to passwords by people who perhaps not authorised to use the safe. It is also very difficult to update the passwords on a regular basis. Also if there was a fire and your safe isn’t fire-proof then all of your precious passwords will perish along with the safe.

Using a piece of paper is ideal for maybe one or two passwords however it is not a viable method for storing many passwords.

3. Emailing Passwords

I see this method used a LOT. People send each other passwords to shared accounts or to temporarily login, often they use email. SMTP (Simple Mail Transfer Protocol) is the way in which most emails are sent and it is very vulnerable! Say for example you was to go to a coffee shop and use your laptop to access the internet. There are many ways I can try and compromise your information however the two most common and successful methods are “Man-In-The-Middle” attacks and “Packet Sniffing“.

I am not going to go into detail about how each of these attacks work however it is important to know that all it takes is for you to connect to the wrong router or for the right router to be misconfigured and your email traffic is no longer private.

I would strongly recommend using a VPN (Virtual Private Network) when connecting to public Wi-Fi points. Providing you use a good VPN provider your data will be encrypted and safe from public eyes. Please do not use emails to send passwords, you don’t know who is watching.

The alternative?

The aim of this article is not just to advise you of methods you shouldn’t use but also provide an alternative, more secure, way. That alternative is using what is called a “password manager”. A simple Google search will show you there are many of different password management services out there. Some are online based and some are offline.

The basic concept of a password manager is to store your passwords in a “vault” which normally takes the form of a highly encrypted file. You only have to remember one password that will decrypt your vault and allow you access to your passwords.

This method is secure due to the nature of the encryption used on the vaults. It would take a very long time (around 3.31E56 years with a supercomputer) to crack the AES-256 bit key used by most password managers.

My recommendation

The password manager that I recommend most to anyone is 1Password. It has great apps for almost every platform: iOS, Mac, Windows, Android. You can set up your account and sync your vault between all of your devices using a cloud syncing system such as Dropbox. Using 1Password will ensure your passwords are stored safely and securely and can be synchronized across devices.