Password Managers Are Vulnerable

28 109
Avatar for Unity
Written by
1 year ago

Passwords are indispensable in today's networked world.

In this networked world of the Internet, passwords are indispensable. Passwords are needed to login into any online accounts, such as your webmail, banks, credit cards, centralized cryptocurrency exchanges, and even the content publishing platforms, and so on.

Many people use the same password for all of their online accounts. It is sometimes called "reusing the same password" for many online accounts.

All the people who use the same single password for many online accounts, do it because it is difficult to remember many different passwords for different online accounts. If these people, who reuse the same password for many accounts, lose the password to hackers, they lose access to all their accounts in one go!


What is a password manager?

  • So, software professionals developed password managers, which are software applications that can generate very large streams of random text passwords.

  • These synthesized passwords can be encrypted and stored on the computer device, and or on an Internet cloud server by the password manager application software.

The password manager software provides a master password for the user to lock/unlock the encrypted passwords. Basically, users can access hundreds of online accounts by entering a single master password.

Thus, password managers provide users the much-required convenience of accessing hundreds of online accounts by a single master password.


Password managers are as vulnerable as reusing passwords.

  • As a long-time researcher of information security, I have a serious question about whether password manager software improves security or lowers security.

The proponents of password manager applications say that reusing the same password is too vulnerable because if the single password is compromised, all the online accounts are compromised for good.

  • But, the password manager applications secure multiple online accounts with a single master password. Is it not equivalent to reusing the same passwords for many online accounts?

  • The master password of a password manager will be an easy hole in the security bag or a single point of failure! If hackers can steal/hack the master password, they can access hundreds of online accounts of the user!

Are the sellers and proponents of password managers not seeing that they are committing the same mistake, i.e., reusing the same single master password to secure hundreds of online accounts?


Bringing it altogether

Password manager applications provide the convenience of accessing hundreds of online accounts with a single master password.

  • As security ability and convenience are inversely proportional, the convenience of password managers brings down the security of online authentication.

The password managers are equally vulnerable to reusing the same password for many accounts because they reuse single master passwords for many online accounts.

Password managers are prone to hacking!


Postscript

I proposed a solution to surmount this problem, without falling into the trap of "single point of failure" of password managers, and utilizing the power of human brain memory.

And, it does not require any licensing fees or installation of any software application. The password security solution is absolutely free.


Sponsor of this article:-

Image Source TheGuy – Follow him on Noise and Hive for more insights.


Cheers!

Unity (Debesh Choudhury)

Text Copyright © 2022 Debesh Choudhury — All Rights Reserved

Join me at  

OdyseeLinkedInTwitternoise.cashread.cashpublish0x, and Facebook

Lead Image:  I created GIF using my title texts, and photos by Towfiqu barbhuiya and regularguy.eth on Unsplash.

All other images are either drawn/created by myself or credited to the respective artists/sources.

Disclaimer: All texts are mine and original. Any similarity and resemblance to any other content are purely accidental. The article is not advice for life, career, business, or investment. Do your research before adopting any options.

Unite and Empower Humanity.

#passwords #cybersecurity

Aug 11, 2022

18
$ 4.61
$ 3.17 from @TheRandomRewarder
$ 0.91 from @TheGuy
$ 0.10 from @Ling01
+ 10
Sponsors of Unity
empty
Avatar for Unity
Written by
1 year ago

Comments

I totally agree with all your point out there , well I don't make use of password manager and this is also my first time hearing about something like this , thanks for the information dear

$ 0.01
1 year ago

Use different passwords for different online accounts.

$ 0.00
1 year ago

I love to use different password and saved them into hard notebook. They are easily available when I want to recover. Yeah you are right single master password is easy diet for hackers causing a lot of troubles later.

$ 0.01
1 year ago

Manage your passwords in whatever way you can securely keep them stored.

$ 0.00
1 year ago

The problem is that I have a bad memory, I am more conservative and I prefer to write down my passwords in a notebook dedicated to it hahaha. That good

$ 0.01
1 year ago

Do whatever you feel is correct and okay for you. But, take care of your passwords!

$ 0.00
1 year ago

I don't buy the idea of password manager too because Once it's hacked then everything go down...as you mentioned also. The best thing one can do is to miss up the two or three password for online accounts. Though it may posse difficulties when trying to login because it's going to be confusing on which one was used to register the Account.

$ 0.01
1 year ago

Good that you understood the problems of preserving passwords.

$ 0.00
1 year ago

That is very informative article. I have also been using one password for most of my online logins. Another using password manager is indeed same as compromising of someone's password (who have same password for multiple accounts), untill the password manager only keep these passwords on the same PC and not a backup somewhere else, and also it encrypts passwords combining the master password and PC Info of the same computer where is installed

$ 0.01
1 year ago

Be cautious about your online accounts. Keep the authentication credentials safe on your computer device.

$ 0.00
1 year ago

Hehehehe, I will try my level best my friend. Thanks

$ 0.00
1 year ago

Interesting to see that an expert like yourself is also sceptical.

I think it's the convenience of password managers that makes them so marketable. Personally I believe they are risky.

People should just learn and then practice good security techniques.

If all else fails, just use 'incorrect' as your password. If you put in a wrong entry, the website will simply tell you that 'your password is incorrect' and then you can easily log in again with the right answer.

$ 0.01
1 year ago

Good humor about "incorrect" passwords.

A group of (suspicious) cybersecurity companies speaks for password-less and biometrics, which again lower security than traditional text passwords/PINs. Whatever the mainstream tech world says, text passwords will stay for many more years.

I appreciate your time and frank comment.

$ 0.00
1 year ago

Yes. I like that brain memory. I use that before but due to many different passwords from different accounts I forgot some. So what I did now, I write it down in a red big notebook at home. And if I change password, I update the notebook with the date being updated.

$ 0.01
1 year ago

Good strategy. Paper wallets are the primary wallets that humans can use for cryptos or any other authentication purposes.

$ 0.00
1 year ago

top 10 anime betrayals https://i.imgur.com/YoY1I5K.png

$ 0.00
1 year ago

How does the attached link relate to the topic of the article?

$ 0.00
1 year ago

i finding it interesting both of you made an article about the same topic

$ 0.01
1 year ago

Okay, got it.

$ 0.00
1 year ago

I'm actually using password manager and I am doubting to use it from the very start because as you said, a hacker will only know one master password to access thousand passwords.

Yet, I am using it for password generator as well. Now, what do you think is the best way to be secured?

$ 0.01
1 year ago

The easiest way is using my quasi-two-factor authentication that uses "salt" from our brain memory, as referred to at the end of the article.

$ 0.00
1 year ago

Alright I will read it. Thanks for the tips!

$ 0.00
1 year ago

Sigh!!!! I easily forgot password even i saved all my password in Google chrome but if i forget to save in Google than I can't log in again other time

$ 0.00
1 year ago

Adopt a technique to preserve your passwords.

$ 0.00
1 year ago

I think they will pose the same danger as it exposes one to hack. Password manager uses one master key password while the reusing pattern password., also involves the use of a single password. This outright gives us a clue of having to face the same danger of account being compromised when we leak our masterkey

$ 0.00
1 year ago

Yes, that is what I wrote in this article!

$ 0.00
1 year ago

I appreciate the info

$ 0.00
1 year ago

I appreciate your valuable time.

$ 0.00
1 year ago