Why should I need a Password Manager?

Why should I need a Password Manager?

  • Hackers are a devious group and will stop at nothing to get into your network and files. They use three different methods to get to you: brute force, dictionary attacks and social engineering.
    Brute force is the most time-consuming method. Basically, it involves a program that tries every combination of letters, numbers and keyboard characters to guess your password. It starts with trying every character, then tries two-character combinations and so on.
    The longer the password is, the exponentially more difficult it becomes to crack. A password that is eight characters in length and utilizes lower- and upper-case letters, numbers and keyboard characters won't be cracked for two years. This underscores the importance of being as random as possible when choosing your password. Another method of attack is through the use of custom dictionaries. These dictionaries are filled with words and names, but also number and letter combinations, such as 11111 and abc123. Simple passwords such as "duke" or "ilovemydog" can easily be guessed.
    The third and most effective method of attack is social engineering. This involves someone with criminal intent soliciting a password directly from a user. Many people divulge their passwords to co-workers and strangers without even realizing it.
    For example, most small businesses don't have a dedicated information-technology staff. A hacker posing as someone from your company's Internet service provider could call in and get an unsuspecting employee's password by "testing the service." The hacker might request the employee's user name and password to log in and test the connection from the ISP's end. If the hacker sounds authoritative and legitimate enough, your whole network could be compromised.
    If your business rents space in a larger facility, strangers probably roam the hallways unnoticed. A few innocent questions or a watchful eye can be disastrous. Another tipical social engineering attack is called "phishing": it involves to create a fake site quite similar to another one, for example to your remote banking account login site. Fake site save your access data, stealing your identity and maybe not only that! :-)

  • If there are a significant number of users in an organization, the system administrator has two basic options available to force the use of good passwords for user's accounts. They can create passwords for the user, or they can let the user create his own passwords, while verifying the passwords are of acceptable quality. Creating the passwords for the users ensures that the passwords are good, but it becomes a daunting task as the organization grows. It also increases the risk of users writing their passwords down. For these reasons, system administrators prefer to have the user create their own passwords, but actively verify that the passwords are good and, in some cases, force users to change their passwords periodically through password aging.

  • The single most important thing a user can do to protect his accounts is create strong passwords, which make it less susceptible to a password cracking attack. He should create different passwords for any application login and all these passwords should be hardly to crack and easily to remember: this can become a problem if the user has many accounts.

  • A password manager is software that helps a user or employee to store and organize passwords. The software typically has a local database or files that holds the encrypted password data. The user must remember a unique secure password (passphrase) to access to entire database (passwords repository).

  • Some password managers as PassLocker can also generate safe random passwords, calculate their vulnerability and monitor their aging. PassLocker allows also a user to lock his database with an hardware dependent passkey encrypted file in conjunction or not with the passphrase.

  • PassLocker also works as a form filler, thus it fills the user and password data automatically into web forms.  This isn't only comfortable but also reduce drastically phishing attack risks, because PassLocker check site addresses before fill in forms.