It seems to me (hence this question), that storing all your passwords online and accessing them with a single “unlock” password would be extremely dangerous. If the locker service is itself hacked, then the hackers will have ALL your passwords for the price of getting one password.
In: Technology
It is a tradeoff.
It is true that having them online in a centralised server isn’t optimal (as those services now have a target on their back), but those services (some of them, at least) use industry standards to protect the password database, and don’t have access to the main password you use for your own database, which is preferrable to say a text file in your computer, a post-it on it, or using the same password everywhere.
There’s other choices as well to increase your security (some of these aren’t mutually exclusive with using an online password manager):
1. Use second factor authentication, which is available on some services. This means that, together will your password, you’ll have to provide a one-time code (usually, they change every 30 seconds) to login (usually, only the first time you log in from a certain device), this makes getting into your account much harder. Make sure you know how to backup and/or synchronize your second factor as well! I can suggest using Authy or a similar service. You will usually be given some recovery codes when activating it (usually you can activate it from your account privacy or security settings), store these in a safe place as they’ll be the only way to getting back your account should you lose access to the security codes.
2. Use an offline password database, for example, KeePassX. This means you now are responsible for syncing this database file between devices, you could store it in your service of choice (if you use any) to sync files, like Dropbox, Google Drive, iCloud, etc. This means it’s far more unlikely that a **random** attacker would get a hold of your database, as they tend to target places where they can find more passwords at once. This doesn’t help you if the attacker is interested specifically in **your** passwords tho (don’t think of espionage movies, think of an angry and vindicative ex).
In my personal (and anecdotal) experience, I found 1password to be a very good service, should you choose to go for an online password manager.
For that one password, pick a strong one, that is easy to remember, this should help you choosing one [https://www.xkcd.com/936/](https://www.xkcd.com/936/) (a strong password isn’t necessarily something hard to remember).
Make sure you pick different passwords for different services!
Happy security, I hope this helps and informs you 🙂
Latest Answers