Most password managers can encrypt the stored information in a “Vault”, which makes them a much safer alternative to writing down passwords on Post-It notes or typing them up in a Microsoft Excel spreadsheet.<\/p>\n
What benefits can password managers provide?<\/h2>\n\n- Password managers can sync your vault to various devices making it convenient to login via mobile or workstation.<\/li>\n
- Zero knowledge architecture, decrypts vaults on the client vs in the cloud infrastructure. Your password is never sent to their infrastructure.<\/li>\n
- Password generators to help you create strong, secure passwords or passphrases.<\/li>\n
- Password checkers within the manager can determine if your password has been exposed.<\/li>\n
- Built-in captcha features on web services portals to prevent brute force attempts.<\/li>\n
- Multi-factor Authentication to prevent unauthorized login attempts.<\/li>\n<\/ul>\n
![\"Bitwarden](\"https:\/\/www.hawaii.edu\/infosec\/wp-content\/uploads\/sites\/24\/2023\/10\/bitwarden-price-tiers.png\")
<\/p>\n
The recommendations below should not be seen as an endorsement by the University of Â鶹´«Ã½<\/span> :<\/p>\n\n- PC Magazine’s List of Best Free Password Managers<\/a><\/li>\n
- PC Magazine’s List of Best Password Managers<\/a><\/li>\n
- Wired’s List of Best Password Managers<\/a><\/li>\n<\/ul>\n
Password Manager Security<\/h2>\n
When considering a password manager, you should evaluate several factors, including whether the service is free or a paid subscription, the level of encryption offered, cross-platform support (for mobile and desktop), and the availability of Multi-factor Authentication. Price versus capabilities is an important consideration.<\/p>\n
Keep in mind that not all password managers are equally secure. Avoid using password managers from unverified publishers and untrustworthy sources. Also, be cautious about the browser extensions you install, as compromised extensions can leak your passwords. How you use your password manager determines its safety.<\/strong><\/p>\n\nLastPass password manager compromised after a home hack<\/a><\/p>\n ![\"LastPass](\"https:\/\/www.hawaii.edu\/infosec\/wp-content\/uploads\/sites\/24\/2023\/10\/last-pass-article.png\")
<\/a>\n<\/div>\nTips for Keeping Your Password Manager Secure:<\/h2>\n\nHive Systems passwords<\/a><\/p>\n ![\"Chart](\"https:\/\/www.hawaii.edu\/infosec\/wp-content\/uploads\/sites\/24\/2023\/10\/hive-2023-passwords.png\")
<\/a>\n<\/div>\nIs your master password in the green?<\/h2>\n\n- S<\/big>trong Master Password:<\/strong> Your master password should be difficult to guess, with over 12 characters, a combination of letters, numbers, symbols, and without common words or phrases. Refer to the chart above for an idea of the required complexity. A strong master password in the green zone will be hard to “brute force” if your password manager vault is stolen.<\/li>\n
- E<\/big>nroll in MFA:<\/strong> Multi-factor authentication on your password manager will prevent unauthorized logins from accessing your fault. Change your password immediately if you get prompted for MFA.<\/li>\n
- C<\/big>aution when installing Third-Party Browser Extensions and Applications:<\/strong> Unverified or compromised applications and extensions can leak your passwords. Use caution when reviewing emails with attachments or untrusted links as they can install malware or capture your credentials.<\/li>\n
- U<\/big>se haveibeenpwned.com:<\/strong> This website lists compromised passwords, allowing you to monitor the security of your accounts.<\/li>\n
- R<\/big>egularly Update OS, Apps, and Extensions:<\/strong> Keeping your password manager updated ensures you have the latest security patches and bug fixes.<\/li>\n
- I<\/big>nstall Anti-Virus or anti-malware software:<\/strong> Regularly scan for malware and new threats as they can steal passwords by installing keyloggers or remote access tools.<\/li>\n
- T<\/big>rustworthy Vendor Reviews:<\/strong> Not all password manager vendors offer the same level of protection and service. Choose a vendor that provides the necessary security features and has a good track record of keeping users safe. <\/li>\n
- Y<\/big>our Security Practices:<\/strong> Unwanted intruders gaining physical or digital access to your devices can compromise the safety of your password manager and associated accounts. Don’t leave devices unlocked or unattended in public places!<\/li>\n<\/ul>\n\n
macOS malware compromises users’ Keychain database<\/a><\/p>\n ![\"Apple](\"https:\/\/www.hawaii.edu\/infosec\/wp-content\/uploads\/sites\/24\/2023\/10\/apple-article.png\")
<\/a>\n<\/div>\nWhat do Password Managers NOT Protect You From?<\/h2>\n\n- Malware:<\/strong> Password managers can be compromised by existing malware on your device or malware acquired while using the password manager. That’s why it’s important to use a firewall and keep your device’s security settings up to date.<\/li>\n
- Compromised Master Passwords:<\/strong> A password manager is only as strong as the master password used to access it. If you use a weak master password, all your securely generated, complex account passwords are at risk. Choose a master password that is both memorable and sufficiently complex.<\/li>\n
- A Breach at the Password Manager Provider:<\/strong> The recent data breach at LastPass<\/a> illustrates the importance of choosing a trusted vendor. If the provider experiences a data breach, your stored passwords may be exposed.<\/li>\n
- Phishing and Social Engineering Attacks:<\/strong> Entering your login credentials on a fake website or revealing your login information to hackers and scammers can still compromise your accounts. Hackers are using Google Ads and Punycode to push malware. Be cautious about the sites you visit and the links you click and go to the vendors website instead of the sponsored ad.<\/li>\n<\/ul>\n
<\/p>\n
The recommendations below should not be seen as an endorsement by the University of Â鶹´«Ã½<\/span> :<\/p>\n When considering a password manager, you should evaluate several factors, including whether the service is free or a paid subscription, the level of encryption offered, cross-platform support (for mobile and desktop), and the availability of Multi-factor Authentication. Price versus capabilities is an important consideration.<\/p>\n Keep in mind that not all password managers are equally secure. Avoid using password managers from unverified publishers and untrustworthy sources. Also, be cautious about the browser extensions you install, as compromised extensions can leak your passwords. How you use your password manager determines its safety.<\/strong><\/p>\n LastPass password manager compromised after a home hack<\/a><\/p>\n Hive Systems passwords<\/a><\/p>\n macOS malware compromises users’ Keychain database<\/a><\/p>\n \n
Password Manager Security<\/h2>\n
<\/a>\n<\/div>\nTips for Keeping Your Password Manager Secure:<\/h2>\n
<\/a>\n<\/div>\nIs your master password in the green?<\/h2>\n
\n
<\/a>\n<\/div>\nWhat do Password Managers NOT Protect You From?<\/h2>\n
\n
![\"example](\"https:\/\/www.hawaii.edu\/infosec\/wp-content\/uploads\/sites\/24\/2023\/10\/malwarebytes-malvertisements.png\")
<\/a><\/p>\n<\/div>\n