Password Managers: Handing over the keys to the kingdom?

Over the last several months, the password vault/manager has been on the rise; this statement is based on nothing other than the increased frequency with which they have appeared on my radar as I go about my daily business. That said it’s probably true, and some of my preferred security commentators and tech media purveyors seem to be quick to advocate their use. And why not? The technology makes sense, the average internet user has 26 accounts (according to Experian so seems legit) with login credentials (that they can remember), and of course we all know how dangerous it can be to reuse passwords. This is a simple solution to a common problem.

The problem though is this is an emerging market. Mistakes are and will continue to be made. Developing a full-featured secure product is often a learning curve in the domain of the start-up. Particularly when handling such sensitive information which has to be able to interact with a range of other UIs, bookmarklets, and applications.

Some of the big players have their own solutions, but it’s not the products from the usual security suspects you’re reading about whenever this topic comes up. This is ultimately an industry then that’s being shaped by early stage and niche players. Even if they intend to do security well, it doesn’t necessarily follow that controls will be properly implemented. This is something we have seen with mobile security, for every independent turned major player like Lookout, there’s a fake antivirus solution – like Virus Shield which reached #1 on the Play Store. So who do you trust?

Is the good practice of having more difficult-to-remember, yet harder-to-break password security, worth the risk of one potential point of entry? Yes it minimises the attack surface area, but that one point of compromise is potentially so devastating if undermined that users are presented with a trade-off. Indeed if you were to lose access to your password vault, how easy is it going to be to recall all memberships let alone the login credentials for each account. In the event of a breach, can the stable door be shut before the horse is sold for Bitcoin?

Just this week it has been reported that several key vendors in this space have security vulnerabilities in their products – granted it’s been acknowledged that these are easily patched, but immediately it draws our attention to an active risk landscape. What assurance is on offer when some of the vendors aren’t even encrypting or salting passwords before sending them to their servers?

Then there’s the comfort such solutions afford you, perhaps wrongfully. I’ve signed up, loaded in my best practice passwords, and so my web security is taken care of. The whole Heartbleed saga reminded us that passwords are flawed, is the password manager simply a quick-fix while we await the new authentication silver bullet?

I want to believe password managers work. I want to use one. It encourages good security practice, and makes life a lot easier. It’s a solution to a problem I have – I’ve not been able to save credentials in a browser since seeing Chrome store passwords in plain text. The other problem I have though is I can’t bring myself to hand over the keys to my digital kingdom, maybe I’ve become unhealthily sceptical, but when it comes to passwords I no longer trust.

Our accreditations & Partners

  • REC Member
  • VTC - Virtual Technology Cluster
  • RANT Events
  • Bloom Nepro
  • YPO
  • Crown Commerical Service
  • Disability Confident
  • ISO 9001
  • Armed Force Covenant
  • Cyber Essentials Plus
  • ISO 27001

Thanks

Success

Thanks

Success

Thank you for signing up to the acumin alerts.

Send CV

Send us your CV and have our recruiters match you to the ideal opportunities

Do you already have an account with us?

Log in

Want to have an account with us?

Register

Want to just send us your CV?

Upload only doc, docx, odt, pdf format file.

By submitting your registration and CV to us you are agreeing to join our database and to be contacted about relevant jobs industry communications. Please read our terms of business for more information.

Password reset

If you need a reminder for your password, fill out the field below

Log in

Access your account to edit your contact details, job alerts or to upload a new CV

Thank you

Success

Thank you for successfully uploading your CV.

Acumin Alerts

Success

Thanks for registering for Acumin alerts.

Acumin Alerts

Unfortunately your CV could not be uploaded

Please make sure your CV is one of the following file types: doc, docx, odt, pdf, rtf

Acumin Spam

Unfortunately your submission has been declared spam. Please try again.

Vacancy

Success

Thank you for submitting your vacancy.

Register

Create an account to register your contact details, sign up for job alerts and upload your CV

Success

Thanks for registering for Acumin alerts. To get the most out of Acumin's service why not register with us?

Upload only doc, docx, odt, pdf format file.
- Practitioner
- Commercial

I agree to the terms and conditions and to be contacted by recruiters:

I agree to receive marketing communications relevant to my job search:

I agree to receive Jobs By Email for the following professions:
- Business Continuity Management
- Counter Fraud
- Cyber Security
- Executive Management
- Governance & Compliance
- Information Security & Risk Management
- Penetration Testing & Digital Forensics
- Sales and Marketing
- Sales Engineering
- Security Management
- Technical Security
- Information/Risk Assurance
- Identity Management
- Application Security
- Security Architecture
- Dev/Sec Ops
- DV & SC Cleared Jobs
- Programme & Project Management
- CISO/CSO

Submit a Vacancy

Use the form below to submit a vacancy