1 minute read time.
d0b3cae3c9e91a7c1eb8d9273ec9ad7b-huge-password.jpg


Recently a change in password requirements for the main IET website sparked an interesting debate about password security. One thing that came up was the use of password managers and there was a bit of a debate about their security.

 

I myself have a password manager. I resisted for a long time as I was worried about their security- keeping all your passwords in one place doesn’t seem like a great idea but after a lot of research and A LOT of having to reset passwords because I kept forgetting them, I decided to take the plunge and sign up for one.

 





In terms of convenience there is no contest – they are much easier for dealing with passwords. No longer do I have to worry about remembering my passwords for sites, or store them insecurely in my browser. Just a couple of clicks (or not even that sometimes) and I'm in.


However the worry still lingers the risk that password mangers, no matter how good they are, might be hacked, rendering the whole system useless.

 

What do you think on the subject? Do you have a password manager or are you steering clear? Are password managers worth it? Let me know in the comments below

 
  • Sounds like you have a good system Robin Clive-Matthews‍ :) Making sure not all passwords are stored in the same place (especially the important ones) is a good tip
  • For my own personal use I tend to store most passwords in Chrome, because it's the browser I now use most of the time, and it syncs the passwords and other form data across all my devices really well. I do not store passwords for email in Chrome however, as email is the "key to the kingdom" - if somebody has access to your email they can then reset pretty much any other password. I have multi-factor auth enabled for email too (including my Google account, and thus Chrome's password store), just to make it as safe as possible. I also don't store passwords for online banking in the browser - luckily I only have a couple that I need to remember!


    At work we're currently using KeePass, which seems pretty good, and you can't beat the price. I'm currently evaluating and will probably switch over to an internally hosted product called Team Password Manager. I like the ability to grant access to groups of passwords to different users, and the auditing is great.
  • Thank you for your comment, Bill Boumphrey‍ With 300 passwords, you'd need a password manager! Agree that any sort of password management depends on the type of encryption used.


    As Alex Barrett‍ said the post was triggered by the recent change in the IET's policy and a related thread on the main page of the forum. I was reading the thread and noticed there were a few comments about password managers that I thought warranted their own thread.
  • The discussion was started becuase the rules recently changed, and caught a lot of us by surprise. Nowadays we are used to 'serious' passwords but these new rules are extraordinary.
  • Thanks for your comment Mayowa Okorie‍ you make some very good points!


    Good question on how secure are the third party apps and the browsers - I've been doing some reading on it and ultimately it's very hard for the 'regular joe' to know just how secure any of these managers are, we just have to go by reputation which can make it very difficult