Rick's Daily Tips

Your daily dose of practical, easy to follow tech tips!

  • Home
  • Rick’s Bio
  • Advertise
  • Privacy Policy
  • Rick’s Tip Jar
  • Get My Tech Tips Newsletter
You are here: Home / Tech News / Think password managers are safe? Truth be told, they’re quite dangerous.

Think password managers are safe? Truth be told, they’re quite dangerous.

Posted on February 12, 2018

495
SHARES
ShareTweetSubscribe

password-managerMany of the web’s most widely respected tech experts recommend using a password manager such as KeePass to store all of your online passwords. I don’t recommend them however, and after reading this post you will understand why.

A typical password manager will store all of your passwords in an encrypted database. In order to “open” the database to extract a needed password you’ll have to enter a master password.

This sounds like a great idea for storing and protecting a bunch of unique passwords without having to remember them all, and the concept is indeed a great one. But unfortunately it is seriously flawed. Here’s why: 

1 – If the master password ever falls into the wrong hands, ALL of your online accounts will be at risk since the offender will have access to ALL of your passwords.

2 – If your system becomes infected with malware, the security protections built in to your password manager can be rendered completely ineffective.

We’re all at risk from the first flaw. There are many ways that a master password can find its way into the hands of miscreants. After all, we are all human, and humans make mistakes.

That being said, I believe the dangers inherent in the second flaw pose a much greater risk.

Malware is rampant on today’s Internet, and it’s becoming more sophisticated all the time. While can go a long way towards keeping our machines malware free by diligently running malware scans and practicing safe computing habits, some malware can slip through despite our best efforts.

You don’t have to take my word for any of this because a perfect example was in the news a wile back. It’s a hacking tool called KeeFarce, and it steals passwords from users who use the aforementioned password manager KeePass.

Once it makes its way onto a computer’s hard drive, KeeFarce can extract the passwords stored by KeyPass directly from the machine’s memory. In other words, if your machine becomes infected with this malware, your KeyPass “protected” passwords immediately become vulnerable.

This is just one example that happens to be in the news at the moment. And just because you might happen to use a different password manager than KeePass, that doesn’t necessarily mean your passwords are safe.

Think about this for a moment: If KeyFarce will allow a hacker to steal passwords from the well-respected KeyPass utility, why wouldn’t a similar type of exploit work against other password managers? They all work in much the same way, so why wouldn’t they all be susceptible to the same types of attacks?

Bottom line: Even though the KeyFarce threat has long been mitigated, it just goes to show how vulnerable the users of password managers really are.

I recommend that you stop any password manager app that you might be using right away and write your passwords down on a sheet of paper for safekeeping. Then store that paper in a lockbox or a locked desk drawer.

Yes, there is always a chance that someone could enter your home and steal your passwords, but I believe you incur a much greater risk by storing your passwords on any computer that’s connected to the Internet.

Bonus tip: Click here to read about several dangerous scams that are currently making the rounds on social media and elsewhere online.


Like this tip? If so, I invite you to share it on social media. Just click one the handy buttons below.

495
SHARES
ShareTweetSubscribe




Popular…

How do I ask you a tech question?


Step-by-step guide to completely ridding your PC of viruses and other malware


10 reasons why I recommend buying tech gear from Amazon


Advertise

Guest Post Guidelines

Want to ask me a tech question?

Handy Tech Resources

Privacy Policy

Computer Tips
Smartphone Tips
Blogging Tips

Tech Q & A
Reviews
Tech News

Write for RicksDailyTips.com

Scam alerts
Downloads

Copyright © 2022 RicksDailyTips.com

Affiliate Disclaimer


Rick's Daily Tips is hosted by InMotion Hosting. Click here to find out why.