I‘d not consider myself technologically unsavvy but I can‘t really understand how a password managing app on my phone can keep my passwords safe?
By that I don‘t mean what kind of encryption technology is used, I just can‘t believe that I really CAN trust a company not giving/selling all my passwords (or losing them to a hack).
That‘s also the reason why I never use apples pw manager for example.
Am I overly cautious? Is it safe to store my passwords in a pw manager app?
Maybe someone that understands the technology/encryption behind such apps can help me
In: Technology
Part of it is trust in what they purport to say they are doing.
For instance, apple’s keychain is encrypted in such a way that Apple doesn’t have access to your passwords. So even if they wanted to sell your passwords, they’d have to circumvent the encryption. Now that assumption still falls on the basis of trusting what Apple says they’re doing.
Ironically, breaches are a good example of password managers doing what they purport to. It’s never been a breach of “the passwords in plaintext” but instead the encrypted vault (admittedly, some issues with how safe the vault’s encryption come up during these breaches as well).
Your concerns are valid though, there are self-hosted (and opensource) password manager apps that perform the same type of role as cloud based password managers, that leave it to you as to how you are storing/pre-sharing the vault across multiple devices. Those largely remove the trust the vendor is doing what they’re saying.
Latest Answers