If you are keen to keep your data safe then one of the easiest steps to take is use a password manager, and there are many benefits for doing so. Key among them is the opportunity to generate unique passwords within the app itself for any and all of your services and accounts, automatically storing them in a secure vault.
The convenience of remembering just one password and leaving it to an app to remember the rest is indispensable, the limits imposed by the human brain simply disappear. At the same time, however, it's good to bear in mind one aspect: you are trusting one app – and its developers – to store your personal info securely, and it's important to know whether they do so locally or in the cloud.
Storing Passwords Locally
One of the key features that has made password managers such as 1Password popular among cyber security experts and hackers was their initial policy of storing the data locally on the user's computer and making it available on other devices via Wi-Fi, iCloud, or Dropbox sync. For that, users needed to purchase a license for every single device that they wanted to keep in sync.
But AgileBits moved to a cloud sync format in 2016 and has since raised the eyebrows of a handful of hackers and security experts for one simple reason: internet-accessed archives put users at a bigger risk than those stored locally in user-controlled environments, such as on a computer.
For some experts it's better to have the passwords and other data – such as credit cards, secure notes and the like – stored on the device itself. That gives the user complete control over the data, since hackers can't simply steal the user's data from a server along with every other user’s data, but instead have to specifically target an individual person. That makes things harder for the hacker. It's not impossible, of course, but the road to the master password is much longer, harder and involves many more steps than taking a batch of data on cloud storage.
By storing data locally, the only way to access it is through malware installed on the user's computer that is able to access and log keystrokes. But in this case it's already game over since the malware logs every keystroke, which means you can forget about privacy and security.
Storing Passwords in the Cloud
When a password manager firm makes software for multiple platforms and syncs the apps through their central servers, this is what we mean when we say ‘cloud storage’. That's very convenient for the user, because – as with 1Password, Sticky Password or LastPass – it can check and store a password from any device via its software by logging into the account using the web browser extension. This also makes passwords recoverable if the user loses the device. When stored locally, the password database is lost with the device.
Cloud sync is convenient for the user as it requires no additional steps – such as setting up a WLAN server – to sync the apps to allow the new data to be available on every app. The password manager app is opened and the database is already up-to-date.
But this means that there is nothing that can be done on your end to ensure the security of your own data. Furthermore, the majority of password management developers rely on third party servers to store data, which raises serious security concerns.
In the last few years we've seen a handful of password manager databases hacked, so there is certainly a reason to distance yourself from cloud-based password storage. That doesn't necessarily mean, however, that you should refrain from using them entirely. Instead, seek more information about the security measures that are taken to protect your data. A high-quality password manager allows users to sync their data locally along with cloud sync.
How to Pick the Best Password Manager App
There are a few aspects to bear in mind when choosing a password manager. All of them are important, because you are entrusting them with highly sensitive data.
- The data stored in, sent to, and received from the central server should be wrapped in encryption set at a user's end point.
- The service doesn't store any info on your master password.
- The service cannot access your data or recover a lost vault or related passwords.
- The service encrypts the data locally, protecting it with a secret key that only the user knows.
Best Password Managers of 2019
|Editor's Choice 2019|