Monday, March 21, 2016

How Do You Protect Your Passwords?

found on Sysadminotaur

There's definitely security trade-offs with password vaults. This one is super secure but so restrictive that in order to get the password into the hands of the person that needs it, it becomes available to anyone within earshot. The one in your browser may well be vulnerable to a particular type of malicious web page. Password vaults that store their database in the cloud create an incredibly valuable target for cybercriminals, and ones that store their database locally are vulnerable to having that database stolen by malware.

Still, the alternative of reusing the same password in many places because you just can't remember enough different passwords to cover all your accounts is worse because a) memorable passwords are also easier to crack (the chances are higher that it's derived from dictionary words instead of randomly generated), and b) vendor-side password breaches (which can reveal your password for that vendor and as many other vendors as you've used that same password at) are a lot more common than password vault attacks.