By the end of 2021, 69% of the population would
welcome the purchase of a password manager, even
though one in five people would already be using
it, according to Security.org.
If this is true, it's not hard to understand why
so many cyber attacks are successful!
It is easy to understand the risk of such use
when you know what a password manager is and how
it works.
WHAT IS A PASSWORD MANAGER ?
There are several definitions of a password
manager. We can talk about a computer program
that allows users to store, generate and manage
their passwords, about an encrypted digital safe
that store all your passwords, but the best
definition must be sought from the objective
pursued by the companies that create them and
promote their use.
The underlying idea is to allow a user to have
at any time and in any place all the passwords
he uses by memorizing or retaining only one, the
one which gives him access to all his passwords,
i.e. the password manager.
WHERE DOES THE IDEA OF CREATING A PASSWORD
MANAGER COME FROM?
The main reason would be that users who rely on
memory share similar passwords across multiple
platforms or do not create passwords strong
enough to withstand a half-hour brute force
attack on their identity by a cybercriminal.
As a result, those who rely on their memory to
conduct their online activities would be twice
as likely to have their identity or credentials
attacked by cyber security threats.
The following table shows in percentage terms
the different means that are generally used to
save passwords.
HOW DOES IT WORK?
Some password managers generate random
passwords, made up of an unusual combination of
anything accessible on a keyboard. They then
assign these passwords to each of the user's
online platforms, so that no single key can open
all the locks. The safes also remember these
passwords, so the user does not need to write
them down. Just keep your phone safe and your
safe under a local password (1).
Other password managers record the username and
password that is used when first logging in to a
website or service and, on subsequent logins,
will automatically fill in the login credentials
with the recorded login information.
Usually the passwords can be accessed from
anywhere through the manager app or its browser
extension (2).
RISKS:
The main risk is that the password manager is
hacked, which is not just a thought. History
shows that this has already happened and that
the credentials of users of this password
manager have been compromised.
This is how the hack of Passwordstate's update
mechanism allowed hackers to potentially steal
data (stored passwords, the ones for firewalls,
VPNs, switches, local accounts and servers) from
29,000 companies! (3)
Also, many LastPass users have reported that
their master passwords have been compromised
after receiving email warnings that someone
tried to use them to log into their accounts
from unknown locations. The email notifications
also state that the login attempts were blocked
because they were made from unknown locations
around the world (4).
A study by security.org of 1,077 people of all
ages, genders and sexualities found that one in
five people used a password manager, which
equates to about 45 million people in the US. Of
these, one in three people have had some part of
their identity or online credentials stolen in a
cyber security breach, which is very serious (5)
OUR ADVICE:
The best advice we can give is to assume that
security in general and IT security in
particular is priceless in the sense that it is
better to go to the trouble of creating and
managing hard to crack passwords than to resort
to the ease of having them generated by a third
party.
The golden rule of IT security is to keep
control of your password creation and
management, and not to entrust them to a
password management company that uses the cloud,
which is highly susceptible to attack.
You can always keep your passwords on a separate
piece of paper or outside of any internet
connection. You can also use PT SYDECO's
SydeCloud service which is an online file
sharing service. Its server is hosted on your
premises, protected by the ARCHANGEL integrated
protection system. In addition, all
communication is protected by a VPN whose server
is a component of the integrated protection
system. No third party services are used, so any
risk of external interference is eliminated.
However, you should always bear in mind that the
password you create should be a long string of
upper and lower case letters, numbers,
punctuation marks and non-alphanumeric
characters so that it is difficult for someone
else to guess and you do not have to change it
periodically.
TIP:
Think of a sentence consisting of at least 4
words, each written in a different language,
with some characters replaced by non-alphabetic
ones.
An example:
1st step: Create a sentence of a minimum of 4
words that you will easily remember: "I speak
four languages"
2nd step: translate 3 of these words, each in
another language: “Je bicara куатре ennimi” and
3rd step: change some characters BUT do not
allocate the same value to the same character if
it appears several times in the sentence.
.png)
