[Reading time: 3 minutes]
This week, I’ve been talking about the LastPass security breach. If you’re a LastPass user, I have recommended numerous steps that you need to take to minimise the impact of this breach.
But this does raise a valid question.
If you have stored all of your passwords in a password manager, and you now need to go through the painful process of resetting these passwords, there’s no avoiding the fact that this is going to take a lot of time.
So, the obvious question is: Wouldn’t it have been more secure to store these passwords somewhere else, where cyber criminals couldn’t easily gain access, thus avoiding this headache in the first place?
In other words…
Isn’t the use of a password manager bad for your cybersecurity?
I understand why you would say this IF:
- You are a LastPass user AND
- Your LastPass master password is not particularly long & complex AND
- Your important accounts are not protected with Multi-Factor Authentication (OR) this protection can be bypassed because of some of the points I raised yesterday.
BUT…
Most of us are not in this position most of the time.
And most of the other popular password managers are proven to be secure – For example, the encryption applied by many makes it harder for the bad guys to access anything of value, even if they get their hands on a copy of your password vault.
More importantly, for every alternative to a password manager, I would question whether they are really more secure:
Let’s discuss the alternatives:
- You use short and easy-to-remember passwords.
If they’re easy for you to remember because they are short, they’re probably easy for the bad guys to figure out. - You come up with a password scheme or pattern that you apply across all of your accounts.
I bet this pattern is not as unbreakable as you think it is. - You reuse the same or similar passwords across multiple sites, so you have fewer passwords to remember.
If one of these passwords is breached, the bad guys will find it easier to figure out your other passwords. - You write down all of your passwords in a notepad.
If this notepad is kept in a secure location, then it may well be very secure.
But I bet that you eventually need to bring it with you wherever you go. Or, you fall back on some the previous approaches to help you remember some of your passwords when you do not have the notepad with you.
As a result, that notepad is not as secure as it could be.
And don’t forget – It could be lost or stolen. And that notepad isn’t encrypted.
Let’s not forget the unique benefits of a password manager either:
- You no longer need to remember lots of passwords.
You just need to remember one. - You no longer need to think up new passwords.
The password manager will generate a secure one for you. - You are less likely to enter your password into a fake site.
The password manager’s auto-fill functionality won’t work as the URL of the fake site will not match the URL of the real site.
There’s no avoiding the fact that passwords are a pain in the a. Fortunately, they will soon be a thing of the past.
The future is passwordless – All of the main technology providers (Apple, Microsoft, Google, etc) are taking significant steps to help us to secure our accounts without the need for hundreds of passwords.
But until that future arrives, a password manager is still the most effective way to manage your passwords.