Password Manager Series Part IV
By Bob Deakin
When can we call passwords a thing of the past? Not soon enough. As I detailed in the first three parts of my series, password managers are still recommended by most security sources. Still, steps must be taken with each website visit to access your vault, which doesn’t suit everyone, including myself. In the business world, many password managers can be integrated into existing security stacks, creating a more seamless user experience.
The most popular password managers today, though not the most recommended, are those built into Google and Apple. Meanwhile, among the most popular dedicated PMs are LastPass, 1Password, NordPass, Dashlane and Keeper, which appear at the top of most lists.
Mother of All Breaches
Last week, the Mother of All Breaches (MOAB) was broadcast throughout the cyberworld. Reportedly, 26 million records containing user data from LinkedIn, Tencent, Twitter (X), Weibo, and others were leaked. The Cybernews research team believes the MOAB owner could be a malicious actor, data broker, or an entity looking for large amounts of data.
“The dataset is extremely dangerous as threat actors could leverage the aggregated data for a wide range of attacks, including identity theft, sophisticated phishing schemes, targeted cyberattacks, and unauthorized access to personal and sensitive accounts,” researchers said.
The MOAB includes records from previously known breaches, and Cybernews offers a Leak Checker for those looking further. Passwords generated by PMs aren’t immune to breaches but make you a more difficult target, increasing your privacy.
The Virtues of Password Managers
In September 2023, 1Password announced that it exceeded $250 million in annual revenue, with B2B revenue increasing 50 percent year-over-year and comprising two-thirds of its revenue. 1Password (starting at $36 per year) is often cited for its easy-to-manage dashboard, security practices, strong encryption, and flexibility on multiple platforms. It claims more than 15 million users with business customers including GitLab, IBM, Malwarebytes, Slack, Starbucks, Under Armour, and the University of Notre Dame.
Bitwarden is widely regarded as the best free password manager. On that note, the recent New York Times (Max Eddy) Best Password Managers story compared it to 1Password:
“The free version of Bitwarden offers the core features you need in a password manager, including the ability to sync as many passwords as you want across as many devices as you own, support for software multi-factor (or two-factor) authentication, and sharing between two people with separate logins using a two-person organization. Bitwarden works on the same devices as 1Password, so you can use it with any computer, phone, tablet, or browser.”
Passwordless
Since passwords have become the butt of jokes, passkeys are gaining favor, although websites are slow to embrace change. Passkeys are stored on the user's device, reducing risk of interception. With a passkey, the user is prompted to provide personal identifiers, biometric data, or both. A fingerprint scan, facial recognition, or physical token can match pre-registered biometric data or the passkey in the user's account. Once confirmed, access is granted.
Passkeys also have their detractors. Smart cards or USB tokens must be programmed, and specialized hardware is needed for biometric sensors. In addition, stored biometric data, like passwords, can be compromised. Setting up these systems requires more complexity than passwords and rejection rates are more prevalent. More so, adopting these systems meets with the age-old resistance of familiarity with the old (password) system.
Nonetheless, Apple, Google and Microsoft have instituted biometric passkey technologies, opening the door for the rest to follow.
Familiarity Breeds Contempt
Should I use a password manager or not? That is the question. All sources checked for my series recommended them, if for no reason other than using a secure password. I’ve tried most that I referenced, at home and in the office. I also spent years creating my own systems to save passwords, involving time and keystrokes.
Like changing interfaces, platforms, careers or habits, practice breeds familiarity, but familiarity shouldn’t breed contempt. Change is good. Step out of your comfort zone. The password manager is your friend, even if you don’t like seeing him so often.
###
What Are People Paying for Password Managers?
A Security.org study from 2023 shows 63 percent of Americans use a free password manager while 20 percent pay less than $20 annually.
