Skip main navigation

Password Managers, The All-In-One Solution?

In this video, Zanidd explains what a password manager is. Watch him discusss the differences between online and offline password managers.
Hello world, I’m Zanidd, and welcome to the Hands On Password Cracking and Security course on Code Red. In this section, we’ve covered the remedies for the attacks demonstrated in the rest of the course. Now, we’re going to take a look at password managers. Password managers are a great tool to boost your password security. Let’s take a look at what we can use them for and if they will solve all our problems. Spoiler – they don’t. A password manager is an application which you can use to generate and store passwords safely.
As an added bonus, most password managers will allow you to autofill your credentials on websites and other places, which is great because you never have to know or type the password again. So they can be as complicated as you want, and keyloggers can’t log them as most password managers use a key scrambler when autofilling. There are two categories of password managers, which are offline password managers, which you have to keep local on your computer, but there are also cloud-based ones. So what are the differences? Offline password managers may be more secure than cloud-based ones. They are stored on your hard drive or on a stick that you can bring along with you.
But the problem is that you need to manually synchronize the passwords if you want to use them on multiple devices or share them with other users. For some smartphones, there isn’t even another option than to send it via email, upload it to a cloud, or something like that. So you’ll lose the security aspect if you don’t synchronize them right. Other than that, offline password managers, like KeePass, are a great tool if you need pure security and will synchronise them properly or don’t even need to synchronise them. They’re often used in companies for employee-specific credentials that should never leave the machine anyways. Online or cloud-based password managers are really helpful if you’re handling multiple devices.
It’s also great if you have to share specific passwords in the company with other users. And there are some versions that can be deployed on-premise. That data, however, is usually stored in the cloud. Usually, it is encrypted multiple times using your master password, so it is really important to have a good master password like I showed you in the last lesson. Since the data is in the cloud, it is really easy to use it on multiple devices, including smartwatches – no need to synchronise manually. If you create a new entry while on your laptop, it will automatically be available from your phone. Most of them offer apps for Android and iOS and have browser plug-ins for most popular browsers.
But the problem is if the provider of the password managers get hacked, your data could be dumped, leaked, and misused. Some examples for this kind of password manager are LastPass and 1Password, which both integrate into multiple browsers and devices. So are password managers the all-in-one solution for all our problems? Sadly, no. Password managers come with their own set of problems. For example, you cannot use the autofill feature for logging into your computer. You still have to type it by hand. So the best would be to use a method like I showed you in the last lesson for your PC login, another password as your password manager password, and the rest can be saved in the password manager.
But what happens if you have two devices, three devices, and then you go to work and have another device, and go at home and you have another device? You would have to create passwords for each of them. Additionally, there are more problems. What happens if you lose your master password? You cannot recover the data or reset the password, as it is used as an encryption key. So you have no chance of recovery if you lose it. Some password managers offer a solution to this, but I never had to use it, so I cannot vouch for them. Just don’t lose your master password. What happens if you lose the password database?
Well, you lost your passwords with absolutely zero chance of recovering them ever. Unless you backed it up somewhere. This is only a problem for local password managers as the cloud ones will probably not disappear, as long as the company still exists. The best way to prevent this would be to not lose your database, or at least make a backup copy of it every time you update it and store it on a different device in your home, maybe something like a NOS or an external hard drive or a USB stick.
Another solution would be to have one email account with the password that is not stored in the password manager and use that one to reset all your passwords on websites like Facebook or Twitter if you lose the database. But that leaves an opportunity for an attacker. It can abuse your one weak password to reset all your passwords. So don’t do that. Now, I hope I didn’t scare you off too much from password managers as they are still a great tool. And combined with the other remedies that we discussed in this section, it will massively improve your password security. So make sure to at least use multifactor authentication, salt and pepper your passwords, and store your passwords in a password manager.
Generate them randomly, or if you cannot store them in the password manager, use the method showed in the last lesson. In the next section, we will look at some real-life cases where passwords were stolen or cracked and abused by an attacker. We’ll also take a look at how it could have been prevented and what the consequences for the company were.

This video explains what a password manager is and the differences between online and offline password managers are discussed.

A password manager is an application that manages your passwords and can generate random passwords for you to use.

Have your say: What is the biggest advantage and the biggest disadvantage of using a master password? Share your thoughts in the Comments section below.

This article is from the free online

Advanced Cyber Security Training: Hands-On Password Attacks

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education