Eyes, JAPAN Blog > Managing Your Online Passwords

Managing Your Online Passwords

LyEdward

この記事は1年以上前に書かれたもので、内容が古い可能性がありますのでご注意ください。

Introduction


In my last post about virtual private networks, I shared some tips on how you can protect your privacy online with VPNs. They are a great way to encrypt your network traffic and protect any information that travels through it, but the best options usually require a paid subscription to access, and not everyone might have the budget or motivation to gain access to this tool. So today, I will highlight something on the Internet that you will encounter countless times but can be a security pitfall if you are not careful enough: passwords. Unlike VPNs, however, some of the best tools for managing passwords are actually completely free!

As you use the Internet more and more, you will likely have to access and manage multiple accounts across many different websites and services on the Internet, most (if not all) of which require a password to authenticate the user. While it is generally best practice to avoid reusing the same password for multiple accounts, having to memorize every single password for every single account can be a daunting task for any person, leading to a real phenomenon known as “password chaos” (also known as “identity chaos” or “password fatigue”). Moreover, although other features such as two-factor authentication can add an extra layer of security to an account, not every website offers such security, so passwords still remain as the most common method of authentication. Today, there are plenty of applications that simplify or accelerate the process of entering passwords using a variety of methods. In this post, I will highlight two features that are commonly used in these apps: storing passwords and generating passwords, as well as the advantages and disadvantages of each approach.

The Analog Approach


Before I continue, though, I should quickly mention a more traditional approach that is completely immune from any and all digital attacks: writing all of your usernames and passwords down in a notebook. It is certainly one of the simpler methods out there, being able to access every single account used for every single device from one single source, and is only prone to physical theft and copying. Being a physical source, though, does still have its limitations. For one, the login process can be more time-consuming than before, especially if you do not organize all of the information ahead of time and spend time searching for the right password, and there is the inconvenience of having to type the entire password for every single login attempt. And in the rare chance that it does get lost or stolen, you would also have to change every single password for every single account as quickly as possible, which may be time-consuming and not fast enough to prevent any unauthorized access.

Password Managers


Recently, password managers have become increasingly popular tools to serve as digital versions of the old-fashioned notebooks, while adding extra features which cannot be replicated through physical means. These include copying usernames and passwords to the clipboard, storing the passwords on a local device or on the cloud, encrypting all of the passwords, and setting a master password to control access to all other passwords. Passwords stored in the cloud are also easy to share with others for any group and family accounts. Some password managers also have the ability to automatically generate passwords for your use, which you can then add to your existing list of passwords anyway.

However, some of the disadvantages of physical notebooks still remain as new ones are introduced. If you store the passwords on a local computer, then it is prone to not only physical theft, but also digital theft as attackers attempt to access other machines remotely. And regardless of the type of encryption you use, keylogging or other monitoring software can compromise your information anyway. If your security software is up to date, this should not be a problem for most people.

Now if you use an online password manager to save your passwords in the cloud, then that means you are placing your trust in the security and encryption of whatever remote server the passwords happen to reside in. After all, any server that stores countless passwords for countless websites are prime targets for hackers. Of course, online password managers also come with any web-based vulnerabilities as well, so keep them in mind if you decide to use one of these services.

Master Password


Now is the time where I would like to share an alternative solution, and one that I personally use on a regular basis: Master Password, a cross-platform app where generating passwords is its defining feature rather than a tacked-on feature. In fact, the app is technically not a password generator, but rather an algorithm for “calculating” passwords on-the-fly. The inputs and outputs of this algorithm are relatively simple: five inputs consisting of the user’s full name, a master password, the name of the website to login, an increment counter, and the password type, and one output consisting of the password itself for that website. So not only are you required to remember only one master password, this also leads to one of the major advantages of Master Password: it does not require the storage of any usernames or passwords at all.

Of course, there is still the option on some platforms to store all of your user information if you wish, including the list of websites used, usernames, as well as the master password (encrypted, obviously). All of this information is stored in a small file on your computer in JSON format, and you can even upload this file to your cloud storage service of choice to import and export your settings across multiple devices. Other features of the algorithm include the ability to generate not only passwords, but also PIN numbers, usernames, and answers to security questions, further reducing the amount of information you need to memorize to access your account. In addition, changing the password to any one website is as simple as changing the value of the increment counter.

While I have only scratched the surface of what Master Password can do, I must also admit that this solution is not completely perfect either. For one, this approach is best suited for individual accounts, as every single password, including the master password, is tied to one’s name and, effectively, one’s identity. Shared accounts, especially ones where you are not the primary owner, still require you to memorize its password or store it somewhere else. Furthermore, if an attacker somehow knows the master password, then they potentially know every other password as well, by the nature of the algorithm. Changing the master password also changes every other password as well, so be sure to choose a strong password that you believe you can stick with for a long time.

Conclusion


Sometimes, it can be tempting to sacrifice security for convenience when creating new accounts and passwords, but I hope that what I have shown today will prove to you that this does not have to be the case. Perhaps there will be a time in the future when passwords become a thing of the past, but for now, they still remain as one of the most secure methods of authentication as they have been for decades, and that will probably not change anytime soon either.

If you want to learn more about choosing a strong master password (because no level of encryption is going to protect you from an attacker being able to just guess your password), I recommend checking out these videos from Computerphile:

Comments are closed.