Related
Former Staff Member
1 minute read time.
d0b3cae3c9e91a7c1eb8d9273ec9ad7b-huge-password.jpg


Recently a change in password requirements for the main IET website sparked an interesting debate about password security. One thing that came up was the use of password managers and there was a bit of a debate about their security.

 

I myself have a password manager. I resisted for a long time as I was worried about their security- keeping all your passwords in one place doesn’t seem like a great idea but after a lot of research and A LOT of having to reset passwords because I kept forgetting them, I decided to take the plunge and sign up for one.

 





In terms of convenience there is no contest – they are much easier for dealing with passwords. No longer do I have to worry about remembering my passwords for sites, or store them insecurely in my browser. Just a couple of clicks (or not even that sometimes) and I'm in.


However the worry still lingers the risk that password mangers, no matter how good they are, might be hacked, rendering the whole system useless.

 

What do you think on the subject? Do you have a password manager or are you steering clear? Are password managers worth it? Let me know in the comments below

 
  • Thanks for your comment Ronald Derrick McLeod‍ I've never really thought of the Forgotten Password link as a form of password management; most sites now with passwords have pretty good/secure ways to reset your password, but I must admit, I find it frustrating to keep resetting passwords (which I was doing a lot before I signed up for the password manager!!)
  • Former Community Member
    Former Community Member
    I think "password management" has been around (us) for quite some time, actually many years, although some greater and some to a lesser degree.  These types may not be so obvious as we go through our everyday tasks.  Example: apple "password key" and google popups asking to save the password. 


    The most obvious is the nesting of password access through susequent email accounts and the "forgot password function".  You know when you use a secondary account to retrive your password.  I think most of the public email accounts use this security feature and its all around us in one form or another.


    As far as seeking out a third part password manager.  I would not
  • Alex Barrett‍  and David Houssein‍ Agree, it would be really good to hear from some experts of the matter

    Graham Turner‍ agree. I did a fair bit of research online before I took the plunge and most of the stuff I read was positive, but I'm not sure how much of it was truly impartial or actual detailed research into the issue


    Thanks for sharing tips on saving password hints for certain sites - may use that method. Interesting to hear how password managers can be used in different ways
  • It would be helpful if there was some third party evaluation of the underlying security of the various password managers.  Some are free and some paid for, and it is likely, but of course not certain, that the paid for ones may have taken more care in ensuring their own security.  In my own case I have ended up using a password manager because of the proliferation of passwords that are needed, in many cases for sites where there really isn’t that much need for strong security.  For the passwords that I really care most about then my approach is not to save the password itself in the manager but some hints from which I, but hopefully no one else, can recreate the password.  It is of course critically important that the password or pass phrase to access the password manager is really strong!  A home grown approach might be to use PGP or one of its open source variants to encrypt a document holding the passwords, but of course that does mean that when you decrypt and open the document temporary in the clear copies may be cached by Word etc.
  • Former Community Member
    Former Community Member
    I've never trusted one, but I think that's because I've never really bothered to read up properly. Maybe I'd change my mind with some expert steer from somebody I trust.

Join us to get the best from IET EngX.

Joining EngX lets you personalise your experience so you stay up to date on the topics that interest you, plus you’ll be able to make connections who are looking to collaborate, exchange ideas and more.

Join us Not now

Community Rules & Guidelines