I now see a lot more people using password managers and other people starting to generate random passwords for different services, but is storing passwords in a password manager a good idea?
Password managers work by storing the users password in a heavily encrypted form on either the users PC or an internet service. Keep in mind that storing passwords in an encrypted form on the web is an awful idea. If you are using a password manager that does this, please consider changing the password manager that you are using, once you have changed password manager, change all the passwords for web services that were used by the old password manager, as when you delete you account on a website for the old password manager, the company may “soft delete” your data. This is where the server keeps your data, but flags it as inactive, meaning that you cannot access it, but it is still there in the server.
The encryption algorithm that password managers should be using, is one that takes billions or trillions of years to crack without knowing the password or decryption key to unlock the data. Password managers should also encrypt the already encrypted passwords using a different encryption algorithm and a master key, that once again should take billions of years to unlock without knowing the correct password or decryption key.
Should we use password managers?
Yes, password managers are a great tool that allow people to create highly secure passwords that are entirely random, which are stored in a way that is practically impossible for an attacker to get access to. Password managers also reduce password reuse on different websites, which is a serious issue, as shown by this article.
I have previously said that password should never be stored in a plain text or encrypted form. My advice now is, don’t store passwords, but if you are going to store passwords, get a trustworthy and reputable company to do it for you. (Such as Google or Twitter).