Jim Rossman: Is your login data safe with password managers?
Published in Science & Technology News
After my recent column on password managers, I got a several emails from readers with follow up questions.
A reader asked, “If the password manager is hacked are not ALL my passwords compromised? Is it worth the risk?”
The answer is a bit complex. I’ll take 1Password as an example.
Note, I realize this is going to sound like an ad for 1Password. I don’t receive any compensation from 1Password, I just think it is the best option.
When you set up 1Password, you secure your account with a master password. It should be long and complex and if you forget it, 1Password cannot recover or reset it. This means you will lose access to your account, so make sure you save it in a secure place. I also don’t recommend saving it on any of your devices.
1Password takes security for your account up a notch by creating another unique identifier called a secret key. This secret key is a very complex password that will need to be entered the first time you set up 1Password on any additional devices. When the secret key is generated, you’ll want to save it and keep it stored in a secure location. The secret key is so long and complex and you will not be able to remember it without having it written down or stored in a secure file.
Finally, you can take the added step of securing your 1Password account with two-factor authentication using an authenticator app or hardware key. An authenticator app is an app on your phone that you set up with secure sites or services like 1Password. When you log in, 1Password will ask you for a code that’s generated by your authenticator app. You enter that code into 1Password to get logged in.
For a hacker to gain access to all the passwords stored in your 1Password vault, they’d need your email address, your master password, your secret key and they’d need access to your phone to get at your authenticator app or they’d need to steal and have access to your hardware key. I suppose that’s possible, but I think that’s a pretty safe setup.
The data you save with 1Password is encrypted and because 1Password never sees or stores your master password or secret key, that encrypted password vault cannot be opened by hackers if they manage to steal it from 1Password.
Before you decide to start using a password manager, do your homework and read some reviews. Most have free trial periods so you can try before you buy. I don’t know that I’d trust any of the free password manager options.
©2024 Tribune Content Agency, LLC.