You can record recovery question answers, but my password manager didn’t automatically fill them back in when they were needed. I recommend never giving accurate answers to recovery questions, but instead treat them just like additional password fields. Securely stores password recovery questions: I loved that I could record my recovery question answers in my password manager. Within a week or two I was calling up my password manager to quickly fill in logons without even thinking about it. This takes away a potential attacker password vault target. When using a password manager, tell your browser not to remember any password. Password manager can auto-logon: The password manager can auto-fill in passwords and it’s easy to call up the password manager to fill in the password on an ad-hoc basis. The password manager I used made changing the policies used to generate a new random password very easy. This means quickly adjusting the auto-generated random passwords to meet a particular website’s password policy. I cover the edge cases where it did not work below.Įasy to create and use long, random, complex passwords: However, about 10 percent to 15 percent of my websites would either not allow a long password (some stopped at 10-characters) or I couldn’t use symbols. Works as advertised: First and foremost, password managers allow you create, record and reuse passwords among different websites.
After a few months of use, here are my pros of using a password manager: I downloaded the password manager for each device I wanted to include, including the related additional add-ons for the two most popular browsers I use.
I then spent several days changing my existing passwords on hundreds of websites, letting the password manager take over creating and using passwords. I downloaded and bought a commercial password manager. The pros of my password manager experience Don’t be like the average person who uses just seven different passwords across all websites they authenticate to. If you, like me, use a common password root that has a discernable pattern, you probably want to change all your passwords. Visit any of the “ haveIbeenpwnd”-type websites and you’ll probably be amazed to see which of your logons and passwords have ended up on the internet. One of the key threats that led me to deciding to go to a password manager full-time is the sheer number of websites and services that get compromised. I’m not going to reveal what password manager I’m using because I haven’t tested them all and I don’t want to give an unknowledgeable review. So, I decided to solely use a password manager as much as I could for all password security logons, where it would work. I felt bad about recommending them without “living” with them. Until recently, I had never completely depended on them, throwing all my memorized passwords away. These days, most of the popular choices are feature-rich and secure enough that I feel good about using them. Early versions often ended up in the press because of successful exploits and compromises.
#SHARE MULTIPLE PASSWORDS IN PASSWORD MANAGER PRO CODE#
Early on I was rightly suspicious of their quality and the security of their code and operations. I’ve been testing and recommending password managers for many years. If a person can use a password manager, which creates and uses long and complex passwords that the person doesn’t have to remember, then perhaps you can get the best of both worlds. If those same humans use MFA or other non-memorization authentication methods, then the overall risk of repeated passwords and patterns can be broken. They reuse the same passwords among different websites or use only slightly different passwords, which create an easy-to-decipher pattern. When people are forced to create and use long, complex, and frequently changing passwords, they do a poor job at it. NIST SP 800-63 recommends using non-password methods where possible, and although the recommendations are definitely against forcing users to use very long and complex passwords, they don’t limit password length or complexity. This advice might appear to go against my simultaneous support of NIST Special Publication 800-63 Digital Identity Guides.
In all cases, don’t use common passwords (e.g., “password” or “qwerty”) and never reuse any password between different sites.Where password managers aren’t possible, use long, simple passphrases.Where MFA is not an option, use password managers, creating unique, long-as-possible, random passwords for each website or security domain.I’ve written about what I consider the best current password advice for websites and services you need to keep secure.
0 kommentar(er)
