Password Manager - Advantages

Advantages

The advantage of password-based access controls is that they are easily incorporated in most software using APIs available in many software products, they require no extensive computer/server modifications, and that users are already familiar with the use of passwords. While passwords can be fairly secure, the weakness is how users choose and manage them, by using:

  • simple passwords - short in length, that use words found in dictionaries, or don't mix in different character types (numbers, punctuation, upper/lower case), or are otherwise easily guessable
  • passwords others can find - on sticky notes on monitors, in a notepad by the computer, in a document in computer, whiteboard reminders, smart device storage in clear text, etc.
  • the same password - using the same password for multiple sites, never changing account passwords, etc.
  • shared passwords - users telling others passwords, sending unencrypted emails with password information, contractors using same password for all their accounts, etc.
  • administrative account logins where limited logins would suffice, or
  • administrators who allow users with the same role to use the same password.

It is typical to make at least one of these mistakes. This makes it very easy for hackers, crackers, malware and cyber thieves to break into individual accounts, corporations of all sizes, government agencies, institutions, etc. It is protecting against these vulnerabilities that makes password managers so important.

Password managers come in five often-combined flavors:

  • Desktop - desktop/laptop software storing passwords on a computer hard drive.
  • Portable - portable software storing passwords and program on a mobile device, such as a PDA, smart phone, or as a portable application on a USB memory stick.
  • Token - credentials are protected using a security token, thus typically offering multi-factor authentication by combining "something you have" (smart card or USB stick), "something you know" (PIN or password) and/or "something you are" (biometrics - such as a fingerprint, hand, retina, or face scanner).
  • Web-based - Online password manager where passwords are viewed and copied to/from a provider's website.
  • Cloud-based - Online password manager where credentials are stored on a service provider's servers on the Internet, but handled by password management software running on the client's machine.
  • Stateless - Passwords are generated on the fly from a master passphrase and a tag using a key derivation function.

Password managers can also be used as a defense against phishing and pharming. Unlike human beings, a password manager program can also incorporate an automated login script that first compares the current site's URL to the stored site's URL. If the two don't match then the password manager does not automatically fill in the login fields. This is intended as a safeguard against visual imitations and look-alike websites. With this built-in advantage, the use of a password manager is beneficial even if the user only has a few passwords to remember. While not all password managers can automatically handle the more complex login procedures imposed by many banking websites, many of the newer password managers handle complex passwords, multi-page fill-ins, and multi-factor authentication prior.

Password managers can protect against keyloggers or keystroke logging malware. When using a multi-factor authentication password manager that automatically fills in logon fields, the user does not have to type any user names or passwords for the keylogger to pick up. While a keylogger may pick up the PIN to authenticate into the smart card token, for example, without the smart card itself (something you have) the PIN does the user no good. However, password managers cannot protect against Man-in-the-browser attacks, where malware on the user's device performs operations (e.g. on a banking website) while the user is logged in while hiding the malicious activity from the user.

Read more about this topic:  Password Manager

Famous quotes containing the word advantages:

    Men hear gladly of the power of blood or race. Every body likes to know that his advantages cannot be attributed to air, soil, sea, or to local wealth, as mines and quarries, nor to laws and traditions, nor to fortune, but to superior brain, as it makes the praise more personal to him.
    Ralph Waldo Emerson (1803–1882)

    To become aware in time when young of the advantages of age; to maintain the advantages of youth in old age: both are pure fortune.
    Johann Wolfgang Von Goethe (1749–1832)

    The respect for human rights is one of the most significant advantages of a free and democratic nation in the peaceful struggle for influence, and we should use this good weapon as effectively as possible.
    Jimmy Carter (James Earl Carter, Jr.)