The MacUpdate blog
MacUpdate
Are password manager apps safe to use?

Are Password Managers Safe to Use? [2020 Edition]

by on

Share: Twitter Facebook
436 Views

Suppose you're one of those who have a hard time remembering their passwords and tend to opt for passwords such as 'iloveyou' and '123456' amidst the present-day threat landscape.

In that case, you might want to consider investing in a password manager. 

Quick Summary

  1. A password manager refers to an application specifically created to store and manage a user's online credentials. 

  2. Cybersecurity researchers have recently brought to light several significant bugs within popular applications, which could open up brand new avenues for hackers to exploit

  3. The workings behind reputable password managers are concerned; big names such as LastPass and Dashlane utilize zero-knowledge security protocols responsible for encrypting the user's master passwords via encrypting keys with zero knowledge of. 

  4. Mac users need to exercise a more significant amount of caution while selecting a password manager to use.

With nearly every website and app now requiring their users to remember an arsenal of usernames and passwords — how else are users supposed to remember an ever-growing number of passwords? The best thing they can do is to use password managers. But an important question is are password managers safe to use?

As perfect as the concept of password managers sounds on paper, there's still a fair share of vulnerabilities present within the technology. Perhaps the most pressing concern shared by several users happens when a user's vault, a storage box containing all your valuable passwords, is subjected to a data breach.

Furthemore, since we've already seen popular password managers such as LastPass face similar violations, the gray area that many users have started to associate with password managers only grows wider.

However, in an attempt to aid our readers, we've compiled an article that delves deep into password managers and determines whether or not password managers are safe to use. Before we can get into that, however, we'd like to bring our readers on password managers and how they do what they do.

What Exactly is a Password Manager?

A password manager refers to an application specifically created to store and manage a user's online credentials.

The dangerous frequency with which cyber attacks exploit passwords and break into organizations requires for everyone to exercise impeccable password hygiene — that is, to make their passwords as complicated as possible, and change them periodically.

As indicated above, in some cases, a password manager may also be responsible for generating passwords. These passwords are stored in an encrypted database protected via a master password that the user came up with.

Remembering a hoard of complicated phrases and passwords can prove a herculean task if it wasn't for password managers.

In most cases, password managers can not only remember even the most sophisticated of passwords, but they can also aid users in auto-generating complicated passwords by stringing together lowercase and uppercase letters, numbers, and random symbols.

Once you've gotten your password manager to formulate complicated passwords for you, you can store them in a 'vault,' which in turn is protected via a master password created by the user.

Password managers have been the modern (read: extremely dangerous) threat landscape in recent times. According to the 2019 Verizon Data Breach Investigations report, a whopping 80% of all data breaches are the result of compromised, reused, and weak passwords.

While it is daunting to think of all the damage that an insecure password can cause, perhaps the best route of action for users to take is to scrutinize and determine the legitimacy of the claims made by password managers. For starters, you can ask yourself how password managers work and what makes the technology as secure as it claims to be. 

How Does Password Managers Work?

As of today, despite the thousands of articles that pop up when you Google password managers, the technology isn't as popular as you'd expect it to. By some estimates, just one in ten Americans use a password manager, whereas only 3% use it as a frequent means of password entry. Moreover, the individuals who use these password managers only use it as a means of convenience, rather than for the security advantages they have to offer.

As far as the workings behind reputable password managers are concerned, big names such as LastPass and Dashlane utilize zero-knowledge security protocols responsible for encrypting the user's master passwords via encrypting keys that the company has zero knowledge of.

Typically, the encryption process consists of several rounds of authentication hashing — which is when an algorithm converts a string of text into a more extended series, making it extremely difficult for cybercriminals to decrypt.

Owing to the high-grade encryption that takes place within these password managers, hackers' chances of gaining access to master passwords are next to zero. However, malicious agents can still get their hands on other sensitive information that could expose other accounts and wreak damage.

To put this into perspective, one needs to look at the data breach against LastPass in 2015, which didn't reveal any master passwords, but email addresses and password reminders were still stolen.

Although the bits of information that got stolen in the LastPass breach might seem menial to some, these details can be manipulated. They could aid criminals in launching an arsenal of highly complex cyberattacks on people.

In most instances, these 'menial' credential information can result in phishing, spoofing attacks, and gaining access to the user's other accounts. 

Is It Advisable to Use Password Managers for macOS?

Although Mac computers are a relatively safer alternative to Windows, Linux, and Android devices, they are still susceptible to the complex vulnerabilities inhabiting the present-day threat landscape.

With cyberattacks such as data breaches now becoming a matter of normality, many Mac users may often find themselves wondering whether or not they should invest in a password manager.

As we’ve already mentioned above, a faulty password manager can cause more damage than good and result in the confidential passwords of multiple users ending up in the hands of malicious identities.

While it is true that only a select portion of all the available password managers take the promise of offering impeccable security seriously, Mac users need to exercise a more significant amount of caution while selecting a password manager to use.

As a general rule of thumb, relying on a secure password manager is the key to managing passwords securely while using Mac computers. It is important that it ensures impeccable quality in both storing and generating your new passwords. This is exactly the case when using such password managers as NordPass. More on that can be found here.

Password Managers — Lucrative Targets for Cybercriminals! 

As we've already mentioned above, despite the high-grade encryption that password managers have to offer, they can still prove to be deadly targets for hackers simply because they carry too much valuable 'stuff' within them.

Moreover, since several applications include the option of auto-filling forms, they also store users’ financial credentials, which is of the utmost importance to malicious agents. To put it simply, the best feature of a password manager might also be its weakest since it presents to hackers a golden opportunity to exploit as much sensitive information as they possibly can.

In addition to cyber criminals leveraging existing features within password managers, cybersecurity researchers have recently brought to light several significant bugs within popular applications, which could open up brand new avenues for hackers to exploit.

Moreover, with an increasing number of password managers now offering browser extensions that auto-fill forms, your password can be stolen right from under your nose, through your browser.

Parting Words

Now that we've gone over some of the most prevalent vulnerabilities present within password managers, we hope that this motivates our readers to become more vigilant in exercising password hygiene.

Although there isn't much reason to not use a password manager, we'd still suggest that our readers select the best password managers available to stay safe rather than sorry. 

Share: Twitter Facebook