Safe Computing

Password Manager Tool

Having strong passwords is all well and good, but remembering or typing them is a serious issue. And most people don't create good passwords, even if they think they do.

A solution to remembering a password is to use a password manager, a program that allows users to create, store, and manage complex passwords for local applications and online services.

Benefits of using a password manager

Creating

A password manager will help you create strong passwords that are superior to what humans come up with and harder to crack. This allows you to not have to worry if it is a strong enough password as it is randomly generated and is not associated with your personal information such as birthdays or pets' names.

STORING

Remembering a unique strong password is difficult at best and near impossible if you have a lot of accounts, but a good password manager can help by storing your passwords behind one password.   When you need to use a password that has been stored, you simply unlock the password manager and it will put your password into a clipboard for you to paste into the password field.  Some tools will even automatically enter them for you.

Managing

Passwords can be hard to keep up with, especially with all the accounts you may have. Password managers will remind you to update your password and they will notify you if any of your passwords are potentially compromised. The tool also allows easy access to all the passwords you have so you aren't locked out of your accounts.

Selecting a Password Manager

If you are new to the idea of using a password manager, it can be daunting to pick the right one for you and your computer system.  Below are some things to consider when looking into password managers:

  • Where are the passwords stored? For security, they should always be stored encrypted locally on your computer.
  • What sort of encryption is used? It needs to be a peer-reviewed encryption method such as Twofish or AES.
  • When a password is decrypted for use, where does it reside? Unless special care is taken, extracting to memory can still result in the password being written to disk unencrypted.
  • Does the password manager relock itself? If the password manager is always unlocked that decreases the protection it affords.
  • Where will you use the password manager? Many password managers will allow you to store and access your passwords from computers, browsers, and smartphones.

 

Recommended Managers

Windows - Bitwarden and Password Safe

Mac - Bitwarden and Keychain

TIPS FOR CREATING A SOLID MASTER PASSWORD

To set up a password manager you will need to specify a master password, one that will unlock its encrypted store of passwords. In a chicken-and-egg problem, you cannot use the password manager to store its own password and yet this needs to be the strongest password of all as it gives access to all others. So how can this problem be resolved?

  • Create as good of a password as you can remember. Remembering the password is key.
  • Making it as long as possible helps to compensate for the weakness of a memorable password. Instead of thinking of it as a password instead consider it a passphrase.