Freely subscribe to our NEWSLETTER

If this is true, it’s not hard to understand why so many cyber attacks are successful!

It is easy to understand the risk of such use when you know what a password manager is and how it works.

WHAT IS A PASSWORD MANAGER ?

There are several definitions of a password manager. We can talk about a computer program that allows users to store, generate and manage their passwords, about an encrypted digital safe that store all your passwords, but the best definition must be sought from the objective pursued by the companies that create them and promote their use.

The underlying idea is to allow a user to have at any time and in any place all the passwords he uses by memorizing or retaining only one, the one which gives him access to all his passwords, i.e. the password manager.

WHERE DOES THE IDEA OF CREATING A PASSWORD MANAGER COME FROM?

The main reason would be that users who rely on memory share similar passwords across multiple platforms or do not create passwords strong enough to withstand a half-hour brute force attack on their identity by a cybercriminal.

As a result, those who rely on their memory to conduct their online activities would be twice as likely to have their identity or credentials attacked by cyber security threats.

The following table shows in percentage terms the different means that are generally used to save passwords.

HOW DOES IT WORK?

Some password managers generate random passwords, made up of an unusual combination of anything accessible on a keyboard. They then assign these passwords to each of the user’s online platforms, so that no single key can open all the locks. The safes also remember these passwords, so the user does not need to write them down. Just keep your phone safe and your safe under a local password (1).

Other password managers record the username and password that is used when first logging in to a website or service and, on subsequent logins, will automatically fill in the login credentials with the recorded login information.

Usually the passwords can be accessed from anywhere through the manager app or its browser extension (2).

RISKS:

The main risk is that the password manager is hacked, which is not just a thought. History shows that this has already happened and that the credentials of users of this password manager have been compromised.

This is how the hack of Passwordstate’s update mechanism allowed hackers to potentially steal data (stored passwords, the ones for firewalls, VPNs, switches, local accounts and servers) from 29,000 companies! (3)

Also, many LastPass users have reported that their master passwords have been compromised after receiving email warnings that someone tried to use them to log into their accounts from unknown locations. The email notifications also state that the login attempts were blocked because they were made from unknown locations around the world (4).

A study by security.org of 1,077 people of all ages, genders and sexualities found that one in five people used a password manager, which equates to about 45 million people in the US. Of these, one in three people have had some part of their identity or online credentials stolen in a cyber security breach, which is very serious (5)

OUR ADVICE:

The best advice we can give is to assume that security in general and IT security in particular is priceless in the sense that it is better to go to the trouble of creating and managing hard to crack passwords than to resort to the ease of having them generated by a third party.

The golden rule of IT security is to keep control of your password creation and management, and not to entrust them to a password management company that uses the cloud, which is highly susceptible to attack.

You can always keep your passwords on a separate piece of paper or outside of any internet connection. You can also use PT SYDECO’s SydeCloud service which is an online file sharing service. Its server is hosted on your premises, protected by the ARCHANGEL integrated protection system. In addition, all communication is protected by a VPN whose server is a component of the integrated protection system. No third party services are used, so any risk of external interference is eliminated.

However, you should always bear in mind that the password you create should be a long string of upper and lower case letters, numbers, punctuation marks and non-alphanumeric characters so that it is difficult for someone else to guess and you do not have to change it periodically.

TIP:

Think of a sentence consisting of at least 4 words, each written in a different language, with some characters replaced by non-alphabetic ones.

An example:

1st step: Create a sentence of a minimum of 4 words that you will easily remember: "I speak four languages"
2nd step: translate 3 of these words, each in another language: “Je bicara куатре ennimi” and
3rd step: change some characters BUT do not allocate the same value to the same character if it appears several times in the sentence.

(1) https://securite.developpez.com/actu/329858/69-pourcent-de-la-population-se-montre-desormais-favorable-a-l-achat-de-son-propre-coffre-fort-de-mots-de-passe-tandis-qu-une-personne-sur-cinq-en-fait-deja-usage-selon-Security-org/
(2) https://www.cnet.com/tech/services-and-software/best-password-manager/
(3)https://www.developpez.com/actu/314599/Un-gestionnaire-de-mots-de-passe-a-permis-a-des-pirates-de-voler-potentiellement-les-donnees-de-29-000-entreprises-suite-a-un-piratage-du-mecanisme-de-mise-a-jour-de-Passwordstate/
(4)https://securite.developpez.com/actu/329841/Les-utilisateurs-de-LastPass-ont-averti-que-leurs-mots-de-passe-principaux-etaient-compromis-mais-le-gestionnaire-de-mots-de-passe-affirme-qu-il-n-y-a-aucune-preuve-d-une-violation-de-donnees/
(5)https://www.security.org/digital-safety/password-manager-annual-report/