Related
Former Staff Member
1 minute read time.
d0b3cae3c9e91a7c1eb8d9273ec9ad7b-huge-password.jpg


Recently a change in password requirements for the main IET website sparked an interesting debate about password security. One thing that came up was the use of password managers and there was a bit of a debate about their security.

 

I myself have a password manager. I resisted for a long time as I was worried about their security- keeping all your passwords in one place doesn’t seem like a great idea but after a lot of research and A LOT of having to reset passwords because I kept forgetting them, I decided to take the plunge and sign up for one.

 





In terms of convenience there is no contest – they are much easier for dealing with passwords. No longer do I have to worry about remembering my passwords for sites, or store them insecurely in my browser. Just a couple of clicks (or not even that sometimes) and I'm in.


However the worry still lingers the risk that password mangers, no matter how good they are, might be hacked, rendering the whole system useless.

 

What do you think on the subject? Do you have a password manager or are you steering clear? Are password managers worth it? Let me know in the comments below

 
Parents
  • It would be helpful if there was some third party evaluation of the underlying security of the various password managers.  Some are free and some paid for, and it is likely, but of course not certain, that the paid for ones may have taken more care in ensuring their own security.  In my own case I have ended up using a password manager because of the proliferation of passwords that are needed, in many cases for sites where there really isn’t that much need for strong security.  For the passwords that I really care most about then my approach is not to save the password itself in the manager but some hints from which I, but hopefully no one else, can recreate the password.  It is of course critically important that the password or pass phrase to access the password manager is really strong!  A home grown approach might be to use PGP or one of its open source variants to encrypt a document holding the passwords, but of course that does mean that when you decrypt and open the document temporary in the clear copies may be cached by Word etc.
Comment
  • It would be helpful if there was some third party evaluation of the underlying security of the various password managers.  Some are free and some paid for, and it is likely, but of course not certain, that the paid for ones may have taken more care in ensuring their own security.  In my own case I have ended up using a password manager because of the proliferation of passwords that are needed, in many cases for sites where there really isn’t that much need for strong security.  For the passwords that I really care most about then my approach is not to save the password itself in the manager but some hints from which I, but hopefully no one else, can recreate the password.  It is of course critically important that the password or pass phrase to access the password manager is really strong!  A home grown approach might be to use PGP or one of its open source variants to encrypt a document holding the passwords, but of course that does mean that when you decrypt and open the document temporary in the clear copies may be cached by Word etc.
Children
No Data

Join us to get the best from IET EngX.

Joining EngX lets you personalise your experience so you stay up to date on the topics that interest you, plus you’ll be able to make connections who are looking to collaborate, exchange ideas and more.

Join us Not now

Community Rules & Guidelines