Password Managers and Their Security Flaws: What You Have to Know
Passwords are probably on many people’s lists of the most annoying things about the Internet, along with intrusive ads and clickbait article titles. As an average Internet user has accounts on dozens of websites and services, many of which are of critical importance, most people find it literally impossible to have a unique password for each of them. Meanwhile, using a single password for multiple accounts is one of the words things you can do security-wise. If hackers get access to personal data from a single leak, you basically give out your entire online existence on a silver platter. Password managers offer an effective solution to this problem, allowing you to create and use any number of strong passwords without having to memorize them.
As long as you remember a single master password, you have your entire online presence protected. However, it would be wrong to think that using such a tool makes you 100 percent invulnerable to hacking attempts.
Password Managers Are Not Infallible
Password managers are programs. Programs are created by people. And, as we all know, people are prone to mistakes. Every year sees at least a couple reports about vulnerabilities found in managers, and some of these vulnerabilities are pretty serious – like storing passwords, even the master password, in computer’s memory after the program enters a locked state.
If a hacker has access to your computer, he can relatively easily get access to them and compromise your security. These vulnerabilities were addressed soon after they were discovered – but we can be pretty sure that this is not the last time something like this happens.
So, There Is No Point in Using Password Managers?
One may think that if password managers do not guarantee your safety, there is no sense in using them. After all, if a security measure does not work, what is the point of wasting your time and often money to implement it? However, it is a rather skewed viewpoint.
Yes, password managers have vulnerabilities – but the same can be said about any other software we use. Browsers store your passwords. Hackers can get access to what you type in a word processor via a keylogger.
There Is No Such Thing as Absolute Security
The thing is, the only way to guarantee one’s absolute safety while using the Internet is not to use it at all. A dedicated hacker can break through the security measures set by even the most paranoid user or company. However, in the absolute majority of cases, cybercriminals do not target individual persons or companies. Their attacks are like a sweep-net – they cast a net and see what gets into it.
Usually, to compromise your security to the degree that gives them access to your computer, you have to do something: open an email attachment, execute a file that installs malware on your computer, use unprotected Wi-Fi, leave your computer unattended. If you habitually do something like this, no amount of additional security will guarantee your safety.
Online Security Is Not About Guaranteeing Complete Security
The purpose of implementing cybersecurity measures, both for individuals and for companies, is not to ensure 100 percent invulnerability to attacks. It is not to be the lowest hanging fruit. If hacking you is too much trouble, cybercriminals will focus on those who are easier to deal with – in this case, those who do not use managers and keep reusing their passwords.
You can analyze what different managers have to offer and choose the one that you believe to be the safest (e.g., this Nordpass review suggests that it is currently devoid of many flaws found in other password managers), but in the long run, using any of them significantly decreases your likelihood of getting hacked.
Password managers do not guarantee complete safety, and using them is certainly not a good reason to believe that you are entirely invulnerable for cyberattacks. However, they are a much better alternative to reusing your passwords or writing them down on a sheet of paper. If you combine their use with other cybersecurity measures suggested by both the experts in the field and your own common sense (like using antivirus software, firewall and VPN, not opening attachments in suspicious emails and not downloading executables from dubious sources), it will be more than enough to protect you from most dangers that lurk online.