Tech Talk Are Password Managers Secure? Shane Daniel, SVP Information Security Consultant/Regional Director and Terry Kuxhaus, Senior Information Security Consultant, SBS CyberSecurity, LLC The recent LastPass breach reminds us there is no way to stay 100% safe online and highlights some of the risks associated with using a central vault to store passwords and other secrets. However, password managers (PMs) remain the most secure way to protect passwords, even though they are not perfect. PMs allow you to store strong, unique passwords for all the dozens or hundreds of websites, web applications, and services a user utilizes regularly. Additionally, PMs: • Enable the user to log in without typing the password every time, protecting them from keyloggers • Allow users to utilize stronger passwords that don’t need to be written down • Encourage users to use different passwords for every account • Provide some protection against credential harvesting phishing emails, as they will not populate credentials into spoofed sites While keeping all your passwords in one location is an inherent risk with PMs, the trade-off is worth the risk. Most PMs utilize 256-bit Advanced Encryption Standards, zero trust (your master password is encrypted before leaving your device), and two-factor authentication (2FA) to protect password vaults. Types of Password Managers There are three types of PMs: device-based, cloud-based, and on-premise. Each class is an exercise in balancing the equation of security and convenience. For example: • Device-based solutions run locally on a device that limits sharing the password vault on multiple devices, do not detect weak or reused passwords, and do not have the security controls a commercial PM does. • Cloud solutions work with multiple devices and detect weak or reused passwords; however, your data is on someone else’s server. • On-premise solutions may appear to be the safest option, but they provide complications in maintaining in-house IT infrastructure and data backups which may increase the cost. 20
RkJQdWJsaXNoZXIy ODQxMjUw