Password Manager Series Part II
By Bob Deakin
At times I need a manager for my password manager. Since all websites are different in regards to security, the password manager does not work the same with each. They might not autofill some like they do others, and the PM may not always recognize the password field. It may also interfere with your browser settings, which can be confusing if you have multiple sources trying to save the same password.
Get all that? There are more specific technical reasons to explain each challenge encountered, but I don’t have 5,000 words to spend on this blog. Suffice to say, you must get used to your password manager’s features and how they work with your favorite websites.
Log Into Your Vault and You’re All Set: Not So Fast
It’s not as simple as letting your password manager choose new encrypted passwords for your secure websites. Once you have that hot new password, you must go to those sites and enter it. Easy, right?
Not all websites have the same security guard. Some require that you use a symbol in your password. Your password manager may not include a symbol in its magic passwords. Or it might take a few shots at generating a new one that does. No big deal, but that’s another step of the dozens you might need to make to change the passwords on your favorite secure sites.
(Credit Chris Slane)
I Need a Manager For My Password Manager
Merely changing a password on the website of a bank or credit card (same thing) isn’t always easy. If you’re not using your phone already, keep it handy. You’re going to receive lots of verification codes. Perhaps you’re single and rent an apartment: Probably a simple conversion for the few sites you use. What if you own a home or two, finance a car and have children? You might have 40 secure sites that you access on a regular basis.
I don’t need to belabor the point, just saying you almost need a manager for your password manager. One PM site instructions even suggest putting all of your passwords on an Excel sheet to make the process easier. It would take less time to sew your name into each pair of pants you wear.
What About Your Browser’s Password Manager?
Google and Apple’s built-in password managers prompt you to use each whenever you enter a password if you allow it in your settings. The issue isn’t whether they are secure, it’s what security measures are in place.
In a Wired article, Evan Johnson, a systems engineer at CloudFlare offered the following:
“The cryptography details and implementation details should at least be documented somewhere, but they’re not. Chrome says ‘Your passwords are always encrypted,’ but this doesn't say a whole lot,” says Johnson.
Apples to Oranges, Bananas to Plantains
NordPass CTO Tomas Smalakys said in a PC Mag article by Neil J. Rubenking that data stored in browsers isn’t protected as a third-party’s PM is.
“Hackers use social engineering methods to trick internet users into downloading new extensions that can easily extract data stored on a browser,” he said. “While there is nothing wrong with cloud storage of passwords, a company must ensure that users' data is encrypted before it's stored in the cloud. Therefore, internet users should choose a service provider that guarantees end-to-end encryption.”
“Google's password manager doesn't use zero-knowledge encryption,” stated Keeper CTO Craig Lurey in the same story. “In essence, Google can see everything you save. They have an ‘optional’ feature to enable on-device encryption of passwords, but even when enabled, the key to decrypt the information is stored on the device.”
I’ll break down some of the most popular password managers in Part III.
I should be flattered so many people want my password. But I know what the hacker’s motivation is: It’s the things you can’t have that you want the most.
###