Outline:
- What is Password Manager (NIST)
- Advantages of using a Password Manager (Studying the Impact of Managers on Password Strength and Reuse)
- Dangers of Using a Password Manager (That Was Then, This Is Now)
- Usage rates still low (Why Do Not We Use Password Managers?)
Password managers
editA password manager is a program or application that serves as a virtual password vault, allowing users to store and maintain their login information to any number of websites and services they use. This database is encrypted by the provider and protected by a master password that the user designates. This frees the user from the burden of remembering a long list of usernames and passwords and provides a secure reference for all of the user’s online accounts. In addition, many password managers have the ability to produce brand-new strong, lengthy, and complicated passwords for the user’s online accounts.[1] Still, some security experts are critical of password managers, which have yet to see widespread adoption.
The purpose of a password manager is to provide a combination of convenience and enhanced security to its users through a variety of features, which include:
- Encrypting the user’s password database and securing it with a master password and other protective features such as two-factor authentication.[1]
- Integrating with browsers and mobile devices to automatically fill in saved usernames and passwords when the user opens the login page for a website or application that they have stored already.
- Increasing user account security by suggesting strong passwords to replace their current ones.[2]
- Reducing the number of usernames and passwords the user is forced to remember.
Critics of password managers contend that the security benefits are not readily enforceable, relying instead on each user to utilize safe account management strategies and features such as password generators.[2] They also argue that not all password managers are built the same, and some continue to use outdated technologies and protections that may leave users’ accounts open to attack.[3]
Studies show that despite the extra security and convenience they offer, password managers still have a relatively low adoption rate. Researchers attest this to a lack of trust in the ability of providers to keep user accounts secure, outweighing the potential for added convenience.[4][5]
- 1 2 NIST (2020-01-08). "NIST Special Publication 800-63: Digital Identity Guidelines - Frequently Asked Questions". National Institute of Standards and Technology. NIST. Retrieved 2020-04-06.
- 1 2 Lyastani, Sanam Ghorbani; Schilling, Michael; Fahl, Sascha; Bugiel, Sven; Backes, Michael (2017-12-24). "Studying the Impact of Managers on Password Strength and Reuse". arXiv:1712.08940 [cs].
- ↑ Oesch, Sean; Ruoti, Scott (2019-08-09). "That Was Then, This Is Now: A Security Evaluation of Password Generation, Storage, and Autofill in Thirteen Password Managers".
{{cite journal}}: Cite journal requires|journal=(help) - ↑ Ayyagari, Ramakrishna; Lim, Jaejoo; Hoxha, Olger (December 2019). "Why Do Not We Use Password Managers? A Study on the Intention to Use Password Managers". Contemporary Management Research. 15 (4): 227–245. doi:10.7903/cmr.19394.
- ↑ Fagan, Michael; Albayram, Yusuf; Khan, Mohammad Maifi Hasan; Buck, Ross (2017-03-15). "An investigation into users' considerations towards using password managers". Human-centric Computing and Information Sciences. 7 (1): 12. doi:10.1186/s13673-017-0093-6. ISSN 2192-1962.
{{cite journal}}: CS1 maint: unflagged free DOI (link)