eli5 Password manager apps

829 viewsOtherTechnology

I‘d not consider myself technologically unsavvy but I can‘t really understand how a password managing app on my phone can keep my passwords safe?
By that I don‘t mean what kind of encryption technology is used, I just can‘t believe that I really CAN trust a company not giving/selling all my passwords (or losing them to a hack).
That‘s also the reason why I never use apples pw manager for example.

Am I overly cautious? Is it safe to store my passwords in a pw manager app?

Maybe someone that understands the technology/encryption behind such apps can help me

In: Technology

15 Answers

Anonymous 0 Comments

So a lot of these apps won’t get into exact specifics of what they do (as part of their security stance), but they use highest-level encryption, proactive monitoring, penetration testing, pattern recognition (e.g., a you normally access from one geographic area, all the sudden an attempt is made from the other side of the world), and the really good ones (like 1Password) are “zero-knowledge” systems. Meaning the company themselves cannot access your information due to the way they have their data, access, and other considerations structured. As others have mentioned the semi-randomness (in effect, every password is unique), combined with MFV (passkeys, 2FA, rotating keys, even physical keys in some cases) all combine to a much better security profile than “I use the same password for every site,” because humans just can’t remember that. Then add on that you can have VERY long and complex passwords (randomized strings or phrases).

But, the central access, how you access the app, has to be secure too. If one spent all this time setting it up and using complex passwords that are managed, and then used a simple password for access (without MFV: Mulfi-factor verification), then it’s reducing the overall benefit and increasing the risk.

As far as the company allowing access/selling, that would become pretty evident pretty quickly, and they would have to be pretty shady to set a honeypot trap like that. Which is why you should only use well-known and trusted apps that are established, which is true of most things like this.

The benefit of using a password manager FAR exceeds any risks. The alternative is a virtual guarantee that at some point there will be a compromise due to the almost guaranteed simplicity of passwords which are not stored/managed. Additionally, good ones (again, 1Password comes to mind) will even monitor to see if any of your passwords show up in leaks or dumps, as well as sites that have had breaches, and then alert you to change it.

Use one. Even Apple/Android native password management is an improvement of remembering passwords that are all the same or similar, but a full blown app like 1Password (don’t work for them, just really like them) is a vast improvement.

Just don’t EVER use LastPass. They had a pretty bad breach a while ago and the way they handled it…they shouldn’t be in business any longer.

You are viewing 1 out of 15 answers, click here to view all answers.