Many antivirus vendors have expanded to password managers. To a certain extent you can check whether the program seems to work at described. If the password manager encrypts the password locally and synchronizes the encrypted version, that's a lot more secure architecture. If it doesn't encrypt the password (like the ones built in the browser), forget it. If it stores the passwords unencrypted on a cloud (or does the unencyption on server-side), forget it.
If you can loosen your tin foil hat a little, take a look at the described functionality of the password manager you are planning to buy. If you need to have the passwords synced across multiple devices, see where the database is located and sync it with an external tool you can trust. Update it manually and block its access to the Internet. Only use an offline password manager that doesn't communicate over the network at all. The less you trust the encryption the more you need to secure the communication: you could e.g. A tool that can be automated to securely sync the encrypted version between your devices, e.g.A tool for encryption: you could store them as files in a VeraCrypt disk.A tool that creates (truly) random passwords.To fulfill all the general functionality of a commercial password manager you need: This has a limit that you must trust them all. It's a hard thing to code a password manager from scratch, but it could be combined from other tools. How to pick a password manager you could trust?Ĭreate one by yourself. Until such timeĪs that changes and either they're worse due to a flaw that actuallyĬauses some serious damage or we create something better again, this One above are found, they're still far superior to our frail humanīrains when it comes to your overall security posture. I also like how this article points out that a paper copy kept in a safe place has less possible attackers than anything saved on a computer. Just like Troy Hunt reasons in Password managers don't have to be perfect, they just have to be better than not having one. This level of paranoia would require ruling all these possibilities out, too. Or something could be monitoring your keyboard or clipboard. Or you could accidentally paste the password to a fake web site. Keep in mind that a password manager is not by all means the only software you trust nor the only software that could steal or leak your passwords. In the end this always comes to trust: you must trust that the program is doing what it's saying, and you should pick a company you are willing to trust.
0 kommentar(er)
