In this blog you can find 3 different articles about passwords and password safes. Starting with one about KeePass, one about LastPass and finally one comparing both of them with Bitwarden and pass. So let’s talk about how using them changes your daily life.
As the name of the article indicates: You forget your passwords. At least most of them.
The main reason you forget your passwords is probably that you no longer type them on a regular basis. When you store them in your password safe, you usually have some kind of browser extension that fills them into the pages or copy them directly to your clipboard using the function of your password safe, so you just need to paste them.
So not only you become faster with logging in, but you also save the typing.
More complex passwords
Another reason to forget your passwords is their complexity. If you use your password safe also to generate your passwords, they become really random and this way harder to remember. No more “birthday of my daughter”-passwords. Keep in mind, those generated passwords help to fight various problems at the same time. First of all, they are hard to guess. But they are also unsearchable. An important birth date, a name, combinations of other important events, people or things are all searchable in your daily life. Maybe you even publish them on your Facebook, Twitter or Mastodon page. And even when you don’t publish them, there is still someone who may uses social engineering to get them.
When you use generated passwords from your password safe: Good luck! You can’t tell someone a password by accident if you don’t know it yourself. Or at least, in the case of random passwords, it’s very unlikely that you do that.
The biggest benefit you and everyone around you has when you use a password safe: One compromised service doesn’t mean all services are compromised. This protects you from being impersonated but also others, since a compromised account in a forum you used years ago, doesn’t lead to you posting links to phishing sites on social media or sending email containing ransomeware.
When an attacker makes it, to steal the user database of a service you are using, he will (hopefully) only get the hashed1 passwords for this service. So you make sure that a successful attack against one database can’t be used to login to another page or service. And since you can easily have more than 50 different logins it becomes quite tricky to remember all of them. But you don’t need to, as you are using a password safe and it does this work for you.
The next step
So after celebrating all the security benefits we get by password safes, it doesn’t protect you from everything. Keep in mind, even with a safe password, the most common password reset option is by email. And as soon as your email account is compromised, your other accounts can easily fall into the attacker’s hands since the secure passwords can be reset. Same of course goes for your password safe itself. When it is compromised the attacker has access to all your accounts that are stored in it.
To protect you from that, make sure that at least your email account and your password safe are protected with more than just a username and a password. Use so-called Multi-Factor-Authentication (MFA). The idea is simple: You have a device - like your smartphone or a USB key - that you usually carry around with you. This acts as proof that the person who enters the password is actually you. To achieve that, smartphone apps usually called Authenticator generate a time-based 6 or 8-digit number that is only valid for 30, 60 or 90 seconds and based on a secret only you and the service know. In case of a USB key or so-called hardware token, it sends a cryptographic proof to the website or device you want to login to.
There are more and more pages2 offering MFA and this way allow you to improve your online security a lot.
Password safes are awesome and you can forget most of your passwords. Forgetting your passwords and let your password safe do its thing improves your security even more than just the fact of using a password safe in first place.
Not typing passwords removes the need of having short and easy to type passwords for your accounts, using random passwords makes them unpredictable and your accounts more resilient to social engineering and password guessing attacks. Finally unique passwords are protecting you from suffering on other accounts when one service gets hacked/breached.
But secure passwords alone are not enough. Use MFA wherever you can and keep an eye on your email account.
Pro tip: Remember the password of your email account. If you ever lose your password safe you need to be able to get access to your email account to reset the passwords for all your accounts. Having the password for your mail account in mind (or in a physical safe on a piece of paper) along with MFA becomes really handy.
Whenever this was useful or not, feel free to reach out to me and stay safe!
Password hashing is a process to generate an “irreversible” number based on your password. When you log in, a so-called hash-function is used to calculate such a hash from your password. When the stored hash and the hash from your entered password are the same, you will be authenticated. There are various such functions with some stronger, some weaker. You can find more details on Wikipedia. ↩