Many of the web’s most widely respected tech experts recommend using a password manager such as KeePass to store all of your online passwords. I don’t recommend them however, and after reading this post you will understand why.
A typical password manager will store all of your passwords in an encrypted database. In order to “open” the database to extract a needed password you’ll have to enter a master password.
This sounds like a great idea for storing and protecting a bunch of unique passwords without having to remember them all, and the concept is indeed a great one. But unfortunately it is seriously flawed. Here’s why:
1 – If the master password ever falls into the wrong hands, ALL of your online accounts will be at risk since the offender will have access to ALL of your passwords.
2 – If your system becomes infected with malware, the security protections built in to your password manager can be rendered completely ineffective.
We’re all at risk from the first flaw. There are many ways that a master password can find its way into the hands of miscreants. After all, we are all human, and humans make mistakes.
That being said, I believe the dangers inherent in the second flaw pose a much greater risk.
Malware is rampant on today’s Internet, and it’s becoming more sophisticated all the time. While can go a long way towards keeping our machines malware free by diligently running malware scans and practicing safe computing habits, some malware can slip through despite our best efforts.
You don’t have to take my word for any of this because a perfect example was in the news a wile back. It’s a hacking tool called KeeFarce, and it steals passwords from users who use the aforementioned password manager KeePass.
Once it makes its way onto a computer’s hard drive, KeeFarce can extract the passwords stored by KeyPass directly from the machine’s memory. In other words, if your machine becomes infected with this malware, your KeyPass “protected” passwords immediately become vulnerable.
This is just one example that happens to be in the news at the moment. And just because you might happen to use a different password manager than KeePass, that doesn’t necessarily mean your passwords are safe.
Think about this for a moment: If KeyFarce will allow a hacker to steal passwords from the well-respected KeyPass utility, why wouldn’t a similar type of exploit work against other password managers? They all work in much the same way, so why wouldn’t they all be susceptible to the same types of attacks?
Bottom line: Even though the KeyFarce threat has long been mitigated, it just goes to show how vulnerable the users of password managers really are.
I recommend that you stop any password manager app that you might be using right away and write your passwords down on a sheet of paper for safekeeping. Then store that paper in a lockbox or a locked desk drawer.
Yes, there is always a chance that someone could enter your home and steal your passwords, but I believe you incur a much greater risk by storing your passwords on any computer that’s connected to the Internet.
Bonus tip: Click here to read about several dangerous scams that are currently making the rounds on social media and elsewhere online.
Like this tip? If so, I invite you to share it on social media. Just click one the handy buttons below.
