I always seem to have passwords on my mind. What’s the best password? What’s the best way to create one? What are the best implementation policies? One question has been plaguing me more lately. Is it worth it to use a password manager? Password management programs like LastPass, KeePass and 1Password have been drawing my attention and I’ve been silently considering the pros and cons. Here now is my mind dump of information that I’ve accumulated through this research I’ve done.
Pros:
- Convenience. Never will you have to remember another password again, besides your master password. The first perk of password managers is that they manage your passwords. You can just copy and paste it into the field. Some programs will now even auto-fill the fields for you.
- Better password creation. No longer do you have to follow any of these guidelines when creating a new password, you simply click Generate Password and you have a completely random password.
- Safer than writing passwords down. If you are anything like my dad, you write all of your usernames and passwords in a rolodex on your desk so you can easily find them. Now someone would have to first find the file on your computer and then break through the encryption on the file to get to your passwords. This is a much safer option.
Cons:
- One password. With the password managers I’ve tested, there is only one thing standing between a hacker and every single one of your passwords and that is your master password. If you don’t make your master password hard enough to guess, it’s probably not a good idea to try to hide everything behind it. I do know that KeePass does give the option to require a key file and a specific Windows User Account when unlocking a password database, which is really nice if you need a little bit more security.
- Portablility. There’s always the question of what happens when you switch computers and your manager isn’t installed there. You just can’t access any of your accounts? There are some things you can do to help bridge this gap like putting your password database on a flash drive or even syncing it with a service like Dropbox.
- The Cloud. As some services have experienced lately, the cloud isn’t always the safest place to store private information but this is just something you will have to figure out if it’s right for you. Every service is vulnerable to some sort of attack, a person just has to decide if the convenience of syncing their password database is worth the risk.
I opened a question about this on the Spiceworks Community forums and you can find that thread here.
What do you think? Do you use a Password Manager? Why or why not?
For more articles like this one, make sure you check out UnitedTechGuys.com.
3 thoughts on “Pros And Cons Of Password Management”
What do you think of the MyLOK password manager?
https://mylok.ii2p.com/personal-information.html
Honestly, I’ve never used it so I can’t speak about MyLOK in particular but I can give my little insight as to the general pros and cons of the system.
As Steve Gibson always talks about, this is something you have as well as what you know, which is always good to add one of those to the equation. But you have to realize, this is now something that you can lose too.
I think one of the biggest cons for me would be the price. A person could build the same system with a flash drive they already own or a $10 drive and the mobile installation of KeePass. Much cheaper and I couldn’t find what kind of encryption MyLOK uses but KeePass uses AES and Twofish encryption on the database as well as SHA-256 for the password hashes. So there is no way that MyLOK with be any more secure.
I don’t really see a reason to use that MyLOK over creating your own.