Is it Safe to Store Passwords in the Cloud
Data that is stored on a computer is saved in a nice, controlled place. Data that is stored in a cloud, however, is spread out throughout the world. So, the real question is this: where is a safer place to store sensitive data like passwords? A local computer or on a server somewhere in the world? The truth of the matter is that all data that is cloud-based, just like local computer-based, has the same vulnerabilities, such as power outages, natural disasters, and criminal hacking. These systems can be weak, they can fall under phishing scams or even be attacked by viruses, which can put all data at risk.
Keep in mind that almost all cloud service providers do not give details about how they protect this data, as it will leave them vulnerable to hackers. However, the providers do make promises to their customers that their information is safe thanks to strict policies, top-notch encryption, and data centers that offer the best data protection in the industry.
Keeping Track of Passwords
You have the choice, of course, to use the same username and password combination for everything, but this could be trouble. Fortunately, there are ways that you can manage your passwords and usernames, and it only takes a small investment into a password management service. These services work on both clouds and physical computers, and the best thing about these services is that there is just one password to remember, the master password, that gives you access to all of the other passwords you have for almost any website.
What to Look for in a Password Management Service
A good password management services should:
- Offer password generator tool that helps to make strong passwords that cannot be cracked. Remember, you won’t have to remember these passwords, so they can be as complicated as you like.
- Work across different browsers and those that can sync with multiple computers.
- Offer a smartphone application.
- Constantly sync within the cloud.
- Offer a high level of security. This, however, is a non-issue for most of these services as their encryption is nearly impossible to crack.
Protecting Your Data
Here’s the situation. The thing that will make you the most vulnerable is not these password management services, but your own computer, as it may already have existing malware on it. Additionally, odds are high that it will be targeted by malware in the future that could log keystrokes or take screenshots without your knowledge. Start running antivirus scans often, and make sure your chosen software is up to date. You can also add another layer of protection by adding your computer’s onscreen keyboard to the taskbar and log into the master password this way. Those keystrokes are actually inputted by the mouse and less likely to be tracked.
Some providers have two-factor authentication, which also helps to protect data in the cloud, and it makes it more difficult for cybercriminals to get into your accounts. Two-factor authentication means that you must have two different forms of identity in order to prove that you are who you say you are. For example, a password and a one time disposable PIN number.
Reasons to Use Cloud-based Password Managers
While there are plenty of reasons to use cloud-based password managers, here are the top four:
- They are easy: You will never have to worry about remembering passwords again, and you can log into any site with only the click of the mouse.
- They are on all your devices: You can automatically sync your data, and access it at any time and from any place.
- They are safe and secure: In many ways, you will protect yourself from online fraud, phishing scams and malware.
- They are encrypted: All of your data is encrypted, and only you can unlock it.
7 tips to using a password manager safely
So far, the picture may be looking pretty grim for password security. However, the benefits of a good password manager – generating and saving complex, unique passwords you can easily update – mean that most experts recommend using one. You can also take the following seven steps to ensure you’re protecting your accounts:
Choose a password manager without master password recovery
Whatever you do, choose a password manager that does not allow for recovery of the master password. If a malicious actor is able to get ahold of the master password through account recovery tools, this renders even the most secure password management programs useless.
Use Two-factor authentication
Any online account has a risk of being hacked. One way to circumvent this risk is to use two-factor authentication to protect your password manager. Chrome supports two-factor authentication with your smartphone, and, along with Firefox and Edge, also works with authentication hardware keys such as Yubico. Third-party password managers including Dashlane, LastPass and Sticky Password supports two-factor authentication with your smartphone.
Turn off autofill
You may want to consider turning off autofill. This also means logging into your password manager, then copying and pasting your passwords into the login screen.
Use strong passwords
When composing your master password, make it strong. “By today’s standards this means 20 characters or more, randomly generated passwords that contain lower and uppercase letters, digits and symbols,” says Palfy. You might be proud of how devilishly uncrackable it is – but don’t reuse your master password.
Make sure all of your passwords are unique
Make sure all your other passwords are unique. Dashlane Premium is one of the options that can automatically check for weak or repeated passwords then automatically replace them with a random, complex password.
Keep your software up to date
Download security updates for your password manager as soon as available – often, they will be patching newly discovered vulnerabilities.
Be wary of downloads and browser extensions
In general, be wary of your downloads especially browser extensions – unwittingly installed malware could end up logging keystrokes or copying Logins.
Ref: www.thebalance.com www.techlicious.com