Password managers are often recommended by security minded users and IT professionals because they make it easy for people to store long, complex passwords that are unique to hundreds or even thousands of accounts. Without use of a password manager, many people resort to weak passwords that are reused for multiple accounts. This is an easy way to lose access to multiple accounts simultaneously.
A recent breach of the password manager known as Passwordstate points out the risk posed by password managers simply because they can represent a single point of failure. In this case, a compromise of their update server caused a compromised version of the application to be pushed out. This caused the password manager to send passwords to the hackers.
The risks of a hack of this type is significantly lower when two-factor authentication is available and enabled because passwords alone would not be enough to gain unauthorized access. Two factor authentication on your account causes any new access to use that second point to secure your account. For example, when you log in to your bank, often they will send you a text with a code to secure your account. Another method is a hardware key that generates random numbers that update every few seconds and are required to enter the website in question. The producer of the application that suffered this hack, Click Studios, says that Passwordstate provides multiple two factor options.
The breach is especially concerning because Passwordstate is sold primarily to corporate customers who use the manager to store passwords for firewalls, VPNs, and other enterprise applications. With a breach like this, many customers can easily be affected.
Password management is critical to all users. There are many solutions available that store passwords locally, and they do an amazing job, but two factor authentication is the best way to ensure that a hacker is not able to access your accounts. It is recommended to enable it wherever possible. Research the password manager that you are currently using, and ensure that two-factor authentication is enabled and being used. If you are not sure, check the manufacturer’s website to ensure that the option is offered.
While Frankenstein Computers does not directly recommend a password manager, we are happy to help with your other technical issues and repairs. Frankenstein Computers has been taking care of our happy clients since 1999. We specialize in IT Support, IT Service, MAC repair, PC Repair, Virus Removal, and much more. Give us a call for remote support or drop in to drop off.
A portion of this article was originally published on Ars Technica.