Password Management Today

With the growth of internet web services and mobile apps, password management has become a real issue that a user should be concerned about. This has especially become so since now we are consumers of a lot of web services where the very first step is to create an user account which hopefully no one else can log into.

The basic problem of password management can be broken down into the following questions:

  • What password should I pick for which website ?
  • How should I store/retrieve my passwords ?

There are some solutions to tackle this problem.

Solution 1:

Use the same password for every website.

Pros:

  1. Easy to remember even with growing number of websites.
  2. Use your brain only and do it efficiently (there’s just one).

Cons:

  1. Big security risk.

Solution 2:

Choose a methodology that can be easily remembered for generating password for different websites. For e.g., add 007 after the website url.

Pros:

  1. Easy to remember even with growing number of websites.
  2. No single point of security risk, the methodology needs to be discovered by someone trying to attack you.
  3. Use your brain only. Remember depending on how complicated the steps of the methodology are, efficiency of the password computation can vary.

Cons:

  1. The security risk depends on the sophistication of the methodology.
  2. The manual process of computing the password limits the methodology or else trades off with the computation time. You don’t want to sit down with a pain and paper to compute your password :-).

Solution 3 (Takeaway for this post):

Use a password manager. There are lots of them out there.

Pros:

  1. Managing passwords is not your problem.
  2. Can pick very strong passwords.
  3. No correlated passwords.

Cons:

  1. Have to trust the password manager program

A browser comes with the simplest password manager since it saves your password if you want it to. A word of caution here, always use a master password for your browser to manage your password so that no one else can view your saved passwords without entering the master password. You also want the passwords to be saved on your computer in an encrypted file so that others cannot read it which any decent password manager would do. There are lots of password management tools out there. Use them. Generate a strong password if your password manager does not support password generation. Here are some ways to do it on Linux/MacOS or Windows. A password manager can also backup your saved passwords in the cloud to save you from machine failures. Preferably choose one which does that. Never compromise on encryption. The cloud is less trusted than your computer. If you still think you do not need a password manager, read this. Now that I am done sermonizing, looking back I used to do password management by hand by saving my passwords in a file and then encrypting them using a GPG key and storing them on git server. And then I stumbled up Pass. It does the same things but better. Try it if you a power user or just want to know how the infrastructure works without doing all of it :-).

This is not smart. Get smarter !!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s