Ο password manager ή στα Ελληνικά, διαχειριστής κωδικών, αποθηκεύει όλους τους κωδικούς πρόσβασης επάνω του και τους συμπληρώνει αυτόματα όταν αυτοί απαιτηθούν από κάποιο program the service.
Σε αυτό το άρθρο θα αναλύσουμε τι είναι ο password manager, πόσα είδη υπάρχουν, αν μπορείτε να τους εμπιστευτείτε, τι δυνατότητες πρέπει να έχουν, τι άλλες alternatives λύσεις έχετε, τι ταιριάζει προσωπικά σε εσάς. Πρώτα από όλα όμως, ας δούμε τι δυνατότητες έχετε στην διαχείριση των κωδικών σας.
Remembering the codes is a headache. Since the use of electronic devices is now widespread, the novice user has to manage at least 20 codes. For example, he has to remember passwords for 2 emails, 2 for banks, 3 for facebook – twitter – instagram, 1 for Windows, 1 for the router, 3-4 for WiFi, 2 for mobile of etc.
The most advanced might be 50, at most 100. A power user fights with 100-300 codes and an IT can easily grab 1000. Our current article refers to beginner users, and perhaps even advanced ones. Everyone else knows what to do and the analyzes that are going to have nothing to do with you.
For all of these passwords, the user should be able to retrieve them easily, quickly and safely (remember this triptych). How? Let's go see
Ways to store passwords - Alternatives
A. Use of simple codes
The solution is very simple. You can use the code 123456 everywhere. Okay, we know you're laughing. But do not think that the code "p @ ssw0rd" or "panatha13" is better than "123456". Even the variants of a slightly stronger code, such as "d1m1tris1970" or "diMitRiSI97O" do you think are better than 123456?
With modern machines and huge databases of codes of all kinds, the above codes are the least ridiculous. It's like they don't exist. But they have a good one. If your storage media gets corrupted you will be able to guess them !!!.
Let's rate the A solution from 0 to 10 (with excellent 10). Convenience = 10, Speed = 10, Security = 0.
B. Local file storage
The old classic teapot !!!. OK it might not be a notebook, but it is a txt file made with the Windows Notebook. We do not exclude, however, that 60 + year users have an A4 glue next to their computer with all their passwords marked.
As a solution it is good, as long as you have made sure your passwords are difficult to detect, such as "@ D1mi7r15 !! Ol @ _Ta_l3ftA", and have made sure to back them up to a separate disk. In fact, if you give an irrelevant name to the txt file, eg "Mauro-provato.txt" and put it under an irrelevant folder, eg "c: \ dimitris \ logotexnia", it is very difficult for anyone to gain access to your computer, to guess what this file might be hiding.
Even if they hack you with some malware, this will look for specific places for passwords and for specific programs, such as looking for if you have a password manager etc installed.
You can even encrypt it. And so is the backup. Every time you want a code you need to open it and copy-paste the code you want.
If we were trying to rate the B solution then this would take: Convenience = 4, Speed = 8, Security = 10.
C. Local password manager
Download and install a password manager program, preferably open source, and put all your passwords there. Each time you want to use a password to log in, the password manager will promptly deliver it to you.
The codes become very difficult, level "3 # @ fd454) 23dADFF% ^ & TRfgh! G2" and can take as long as you want. For convenience, these programs also offer you a code generator, so you do not have to sit and type.
But you will have a "small" problem if you want to use these codes on your smartphone or your second computer or generally on another separate computer. You just will not remember the passwords.
Also, on your host computer, all the passwords are encrypted. However, you have entrusted your passwords to a third-party program that is targeted by hackers, among others.
Especially if you like to hang out on porn sites, do click to emails promising you free coupons at such and such a super market or downloading movies from the dark web, then you're going to get ripped off.
Rate: Ease = 7, Speed = 10, Security = 8
D. Password manager in the cloud
Same solution as C only if the codes are stored in the cloud. If you do not understand the term cloud, we say that they are stored on a server, away from you, possibly outside your country.
This way you gain the ability to log in from any device, retrieve and use your passwords even if you are on Lobster holiday. Communication with the cloud is usually well encrypted end-to-end and you have nothing to fear about it.
On the other hand, the password manager manufacturer may be compromised (yes, it is done) and expose millions of codes to rogue criminals.
Rate: Ease = 10, Speed = 10, Security = 7
What is a password manager
Password managers are applications that store your passwords in a secure vault, which can be unlocked with a unique master password and, optionally, with an additional two-factor authentication method for added security.
Password managers let you use strong, unique passwords everywhere. This is usually not possible for most people. No one can remember passwords of the type Ew ^ ei3-uaF $ 7TaW.vuJ_w !!, while password managers can create and remember such passwords.
They can communicate with other programs, usually browsers, and retrieve existing codes from them. They warn you if a password is common in two places and urge you to change a password after some time.
They are backed up, they can sort your passwords, interact with browsers and thus ensure that they automatically fill in the fields of your passwords at every request, and then save your passwords with encryption.
How many types of password managers are there?
There are basically two types. Those that store your passwords locally on your device and do not require an offline connection and those that store them in the cloud online.
Offline password managers only take care of the computer that is installed. They have no communication with your other machines, you cannot automatically have your passwords on your mobile phone and since they are extremely powerful their form is tricky, and long.
Offline you should always have a backup, because if your disk crashes or your laptop is stolen, you will be unable to recover it.
The online ones are easy to manage, they do exactly the same thing as their offline ones, but they can also be accessed from anywhere in the world and from any machine you want. You do not need to have a backup because they usually keep them, although it would be good to have one always. Potassium thistle rather than thistle they say in our village.
In fact you already use an online password manager and you don't know it. Those of you who have installed Chrome, saved at least one password to it, and signed in to Google via Chrome, then your password has been uploaded to the Google Cloud and is accessible by any machine, as long as you go here: https://passwords.google.com and log in to your account to see them.
Can you trust them?
Because you are sharing your life with others, you will need to show some trust in password management companies. Sure, companies promise to keep your passwords secure, but there is always the possibility of being hacked and stealing your passwords (it has happened). Companies still take great care for their safety, but what if they prove bad?
Certainly, there is a danger. You need to trust the password manager just like any other application που χρησιμοποιείτε. Το ίδιο ισχύει για οποιαδήποτε εφαρμογή στον υπολογιστή σας ή στις περισσότερες extensions του προγράμματος περιήγησης σας. Θα μπορούσαν να σας κατασκοπεύσουν, και να σας κλέψουν τους κωδικούς πρόσβασης, τους αριθμούς πιστωτικών καρτών και ένα σωρό άλλα πράγματα.
By using trusted applications, you also use trusted password management companies. It's probably more dangerous to install random extensions on your browser, many of which gain full access to what's happening in your browser or not use at all and work with 123456.
What opportunities should they have?
There are many and interesting features in all of these programs that make them stand out both in terms of convenience and security. But you can clearly assume that a password manager should run some minimal features.
Pretty much we have mentioned the necessary attributes of a code manager to make it good. But in sum we will say:
- Be well known in the market and continuous updates and with a good track record
- Be able to retrieve existing passwords from your browser and be compatible with those you use
- Ability to backup in various formats
- Have two factor authentication of the master code
- Have a code generator, check for the uniqueness of the stored codes
- Be able to tell you how strong your passwords are.
- Encrypt your passwords at least with AES-256
- It can automatically shut down after a while and not stay open if you forget it
- Able to receive passwords from other password managers
What fits you?
Και φτάσαμε στο καίριο ερώτημα. Πάρα πολλές information, πολύ επιστήμη, έχετε μπερδευτεί και δεν μπορείτε να αποφασίσετε τι πραγματικά χρειάζεστε.
The answer will come with the layout method if you ask the right question: What are your needs? If we get a few instances of users you are probably in and let's see what their needs are and what they should do.
Case One: Beginner user, casual on the internet, with 20 codes.
You are a user with minimal passwords that are usually on Facebook, Twitter, bank, 1-2 forums, 2-3 online stores and an email. Think if someone malicious accesses one of them or even all of them there will be a problem; If someone violates your Facebook and while you are an Olympian, he will write with your name "^% #% * the legend and Piraeus"?
So what? You will ask for a Facebook password change, you will prove to be yourself, and once you have access to your profile you will delete its messages and laugh with your friends throughout this story.
Did you steal your bank password? Okay, until you get the hang of it and alert the bank by phone, the villains will come in, see how much money you have, what transactions you have made, but they will not be able to make any transactions. All banks (with the exception of paypal) have incorporated two methods certification for all transactions. In order to make a transaction, thieves must have either your cellphone unlocked or the co-ordinated random code generator (a small coin-like machine) at the same time.
Only transactions with the Treasury can do without the requirement of a second code (and not in all banks) and pay your tax bills most of all.
In fact you do not need the best security in the world. As you increase your security, your convenience and speed will decrease, and you will probably end up living your electronic life unnecessarily. It will be like trying to kill a mosquito with a cannon.
The solution of an online password manager with the features mentioned above suits your situation. It's much better to invest in convenience and speed, especially now that everything on the internet is unheard of for you. And of course stop using 123456.
Case B: Advanced 50 code user
You are the user with some years of internet experience. You have 2-3 email codes for various sites, you might have a Facebook account with 2000 friends, or even manage a blog.
First of all, think about whether you are a target. If you believe you are or can be targeted, then invest in security. If you believe that "Slowly do not sit down to deal with me", then see your convenience.
We're not discussing whether you're compulsive and you think the end of the world will come if you violate your Gmail account or see your Facebook photos that aren't public. There, nothing is done, and in order for you to at least sleep peacefully, choose the safest one.
In a normal user state of mind, that user should ask themselves which codes have any monetary value, sentimental value, or liability to third parties. For example, one account 2000 Facebook friends can become profitable, your friend whose blog you manage can be misunderstood and not justify a breach through your own fault, a cloud space with your childhood photos stored may not provide you with a backup if it gets hacked.
In this case of user, prefer a mixed solution, such as an online password manager for those passwords you are not interested in and a txt file for 5-6 important passwords. But make sure you give them strong and big names that you can remember. An example of such a code is "ArnAki-A5pro-kAi-pAxi !!".
C Case: Power Users
In fact, these users know well what they need. They have a sense of what they hold in their hands and how they should manage it. This article is not for them, but we would like to share some of our old articles that may be of concern to you.
Password manager locally or in the cloud;
Password managers vulnerabilities can be exploited by hackers
Are you secure with password managers on Android?
Password Managers - Crash Test: The Most Popular Tools on the Market!
We don't want to advertise a product, especially if it's paid. we will only talk about free and open source programs that we think are worth a look.
Especially for Keepass we have mentioned enough and in our earlier articles.
Welcome to the wonderful world of internet.