Is Using a Password Manager Safe?
Password managers are widely recognized as the best way to keep your accounts safe. We at SpeedyPassword still get the occasional email from users who are concerned that storing all passwords in one place isn’t safe. When you put it like that, keeping all of the keys to your private accounts in one place seems nonsensical. However, using a password manager with a very unique, complex Master Password is more secure than constantly resetting all of you accounts with simple, easy to crack passwords.
Why Use a Password Manager?
The popularity of social media, online banking, and online shopping means that the average person has 17 passwords. Many of you use more, I sure do. These passwords should all be strong and unique in order to protect your private information. This is particularly important for any account connected to banking or credit card details, and accounts with personal details, like Facebook. Now imagine remembering 17 passwords that look like this: #$Lmc7p5AQ. These days, keeping your online accounts secure without a password manager is becoming more difficult.
If you have to remember more than 5 passwords, let’s face it, you’re going to make them easy to remember. A lot of people use the same, or variations of the same, password for multiple sites. Or they save their passwords in a document on their computer. This is a huge security risk to your accounts, as other users, programs, and malware can access passwords saved in a document.
Password Manager Security
If you use a password manager correctly, it is more secure than relying on memory or a list in a Word doc. As long as you use a strong Master Password, it would take a hacker with a brute force attack a long time to crack it. We’re talking decades.
Here’s how SpeedyPassword keeps your passwords and accounts secure from digital criminals and crazy exes alike. (Warning: I am about to get technical, but I will make is a simple as I can.)
When you sign in to SpeedyPassword:
We take your password and turn it into a string of numbers and letters called a hash or hash value. Then we add a 16-byte salt, which is just additional data to confuse programs used to hack passwords. We actually create two hashes: first is used to decrypt the passwords for your accounts, the second goes to our servers to verify your account. Once the second hash gets to the server, we hash it again and store it on our secure server. We don’t store the first hash, so the two never meet again.
When you save account login details:
Any information saved in SpeedyPassword is encrypted using AES-256 encryption. This stands for Advanced Encryption Standard, and it is approved by the NSA for Top Secret info. The U.S. government, military, and banks all use AES. 256 refers to the key length of 256 bits. This is the longest key length for AES, making it the most secure.
What this all means it that your confidential usernames and passwords can’t be read without the code that was used to encrypt them. It goes without saying, but we never store unencrypted data on our servers.
When SpeedyPassword auto-logs you in to your online accounts:
Any communication between SpeedyPassword and your accounts is protected by Secure Sockets Layers (SSL). This cryptographic protocol provides a secure way to transfer information online. It’s the standard way to keep electronic eavesdroppers out of your business.
As you can see, using SpeedyPassword as your password manager is pretty darn secure. And it’s free, so you can try it with no charge, and no risk.
April 24, 2015 / By: Laura B. Goode