I understand that there are sites where people can store all their various passwords, and I’ve always thought that sounded like handing the keys to your house to a stranger who promises to put them someplace safe, i.e. a dumb idea. If it’s a bad idea to store all your passwords on your own computer because they can be retrieved by bad guys, why isn’t it just as bad an idea to put them on someone else’s computer?
There are many methods for making sites more or less secure. Nothing accessible online is 100% unbreakable, shit happens, IT guys make mistakes, updates introduce unanticipated vulnerabilities.
There are two ways a website can store your password.
-
They store it in plain text
-
They store is as a hash
The first one is a REALLY bad way to go about things. Few websites do it that way but doubtless some still do.
The second one makes the password database the hacker gets a lot more difficult to deal with. A password is stored as a hash which is a cryptographic method of turning your password into a string of characters. A hash is a one-way calculation. That is to say you can turn your password into this long string but you cannot reverse that string into the original password. The website itself has no idea what your password is.
That said there things called Rainbow Tables which are basically a very, very long list of passwords and their hashes. If your password is on that list it can be easily searched on if they have its hash. For this reason it is important to come up with a unique password (which is not necessarily random).
I think what the OP is referring to is websites that you can use to store all your passwords, not just the one to access that site. If that is the case a one-way hash will only work for the master password to get on the site that is storing the passwords. The passwords stored on that site must obviously be 2-way encrypted since they need to be decrypted in order to pass them to the sites that actually need them.
No. If you’re going to store passwords or a password file, you should be doing two things, one of which you should be doing anyway. One, you should make that password file encrypted, using strong encryption and a long, difficult-to-guess master password. Two, you should change your passwords every once in a while.
The reason for two is, if your heavily encrypted password file gets leaked from the site it’s stored on, and a bad guy really wants access to your passwords, he’s going to try to brute force that password file. If it’s encrypted properly and with a good password, that’s probably going to take even the most powerful of machines months, if not years, to do. So by changing your passwords, even if a bad guy gets a hold of that password file and starts chugging away, by the time he cracks it all the passwords within will be out-of-date and, therefore, worthless.
Also, Whack-a-Mole, OP is asking about password managers, not databases that store user credentials.
Ah…gotcha.
In that case I would NEVER trust another to hold your passwords for you. I am not saying they are (necessarily) untrustworthy but you are compromising your security by using them. They offer some convenience but not sure it is worth it.
I suggest using Keepass to store your passwords.
Although rainbow tables can be defeated by salting the hashes, that’s something that too many websites seem not to do.
You should never use a cryptographic hash to store passwords, you should be using a Key Derivation Function like scrypt or bcrypt. Cryptographic hashes are designed to be fast which means they help attackers brute force passwords. Modern systems can guess at many billions of attempts per second which means any common password will be found very quickly. KDFs are tuneable to be as slow as you want them to be, meaning you’re resistant to brute force attacks as long as you keep the difficulty factor in line with hardware advances.
So far, I think the answer is write your passwords down on a piece of paper; change them occasionally.
Thanks, Dopers.
Nothing is 100% foolproof. Your security options consist of a series of trade-offs which must be carefully considered to come up with the correct compromise that works for you, but you must accept that whatever you choose, it will indeed be a compromise.
Here’s an example of what I mean. A password file stored locally, encrypted with a strong master key, inaccessible from the internet, is theoretically more secure than storage on a website since it offers a larger attack surface. However, there is a trade-off in convenience, as this option doesn’t give you access to your passwords when you’re on the go. If you don’t need them on the go then great - this is probably the option for you. On the other hand if you keep most of your passwords strong and locked tightly in your “home vault”, but there are a few websites that you need access to on the go so you keep those passwords weak and memorable, and maybe even reuse the same passwords for those sites, then your security plan has sprung a leak. It’s not hard for those leaks to pile up quickly if you choose a password management plan that doesn’t actually fit your usage profile.
The top password management web services are generally very secure. Unlike most businesses where cyber security is only a secondary concern, the password managerement companies seek out experts in cyber security as a core part of their business. They certainly give it much more care and attention than someguywhosellsthings.com, or than you do on your home computer. They will be using the strongest security practices, training all of their employees to be resistent to social attacks, and will be paying close attention to the latest security alerts in the industry in a way that you or 99% of the websites you visit don’t have time or interest for. The trade-off is that these sites then become a high value target, as they are a single source of failure across many accounts on many websites. Even so, using such a service and sticking to the practices they outline will probably leave you more secure than the schemes 99% of average people use to keep track of their passwords.
A top quality password management website may not be the most secure option available, but it is likely quite good, and is certainly better than a theoretically stronger option that doesn’t fit your usage profile and thus ends up less secure in practice when you try to work around its shortcomings.
LIke I said,
That only works if you don’t let anyone in your office, ever. Every strategy has its vulnerabilities. Just because you understand one set better than another doesn’t mean yours is actually safer.
Hmmm.
What we’re talking about is how a user chooses a strategy for storing passwords. The option you suggest could be reworded as “Use this software that somebody makes available for free, for reasons we don’t know, because an anonymous person on the internet suggests it.”
Whack-a-Mole, it might be unfair to call you “an anonymous person on the internet”, because I’ve known you here for years - but, then, it’s not as though I have some way of knowing your motivations, any more than I know the motivations of other people and entities online. I’m reminded of the “Evite” invitations my own family members send me, which I read include web bugs used to verify working email addresses to sell to spammers (I read further that a parent company and owner of “Evite” actually has a core business of selling email addresses). As a user, I’m not really very well equipped to get to the bottom of ANY computer threats, or even verify the things I read about them. I observe that there are products that obviously cost money to create and maintain and distribute, for which I pay nothing, and I get to wonder how their makers get paid.
Which is more likely, that some miscreant can reconstruct a password against enormous probabilities and computing requirements, or that some other link along the chain is untrustworthy? After all, I have to pass the plain text of my passwords along to somebody else on the basis of trust, using ANY of these options. I have little assurance that some programmer or admin someplace is grabbing an unprotected version of my passwords.
What is the basis for a sound personal strategy on the part of the user? I’m sure it doesn’t have all that much to do with math.
Sure except you can lookup Keepass and decided for yourself how safe it is.
Keepass is open source software so you, or anyone, can look under the hood and see what it is doing. It may be that you do not know enough programming to make an assessment for yourself but a lot of people out there do and they post to the internet.
Here are some Keepass reviews:
If you’re going to be entrusting everything you have to the security of one single master password, why would you make that password one that can be cracked in months or years? It’s not that much harder to make one that would be good for trillions of years, at which point a six-month head start hardly matters.
I often let someone into my office - my wife. But I trust her, at least much of the time. 
Not going to work appears to be another security trick I’ve mastered.
CC I agree with your conclusion, the only way to be sure is to store passwords offline yourself. I believe password managers can store passwords securely, but human error and laziness can very likely compromise that security at some point.
Also use different, complex passwords for every site.
I’ve started answering security questions (“mother’s maiden name” or whatever) with nonsensical answers like “Purple”, using different answers for each website, and writing the questions and answers down with my passwords. Those security questions tend to get too specific (like “What is the first name of your eldest nephew?”) and can be hard to remember the exact spelling of the answer even when you give honest answers. My logic is if one site gets hacked and your security answers are stolen, then the crooks have your mother’s maiden name and other personal info I’d rather them not have. Basically I treat them like passwords rather than factual information.
However, there can be a tradeoff of usability and security. For many sites that don’t involve your real name or personal information it doesn’t really matter if someone compromises your account, just use a standard set of login information. Leave the complex passwords and making up security question answers for important sites like banking or healthcare.