Password manager

del.icio.us del.icio.us
Digg Digg
Furl Furl
Reddit Reddit
Rojo Rojo
Add to OnlyWire

A password manager is software that helps a user organize passwords and PIN codes. The software typically has a local database or files that holds the encrypted password data. Many password managers also work as a form filler, thus they fill the user and password data automatically into forms. These are usually implemented as a browser extension.

Password managers come in three basic flavors:

  • Desktop - desktop software storing passwords on a computer hard drive.
  • Portable - portable software storing passwords and program on a mobile device, such as a PDA or smart phone. (U3 and the like).
  • Web based - #Online_password_manager where passwords are stored on a provider's website.

Password managers can also be used as a defense against phishing. Unlike human beings, a password manager program, which can handle automated login script is not susceptible to visual imitations and look alike websites. With this built-in advantage, the use of a password manager is beneficial even if the user only has a few passwords to remember. However not all password managers can automatically handle the more complex login procedures imposed by many banking websites.

Contents

Vulnerabilities

Password managers typically use a user-selected master password or passphrase to form the key used for encryption. This password must be strong enough to resist brute force and dictionary attacks. See password strength. Some password managers use the Blowfish cipher because it has a relatively long setup time for each new trial key, thereby providing some degree of key strengthening. [1]

The master password can also be recovered using key logging or acoustic cryptanalysis. Some password managers provide means for entering master passwords which are key logging-resistant[citation needed].

A compromised master password would render all stored passwords vulnerable. This demonstrates a common relation between usability and security: one might enjoy better security having memorized all his passwords but with cumbersome usability.

Some password managers include password generator capabilities. Generated passwords may be guessable if the password manager does not employ a strong source of randomness. See random number generator attack.

A password manager may hold passwords unencrypted in memory while access is being made to records. This poses a security risk should one obtain read privileges of the given memory segment. [1]

online password manager

An online password manager is a website that securely stores login details, usually a username and password, used to log into a third party website. They are a web-based version of more conventional desktop-based password manager.

The advantages of online password managers over desktop-based versions are portability (they can be used on any computer, without having to install software), and a reduced risk of losing passwords though theft or damage to a single PC (although this risk can be eliminated by taking simple backups)

The major disadvantage of online passwords managers is the requirement that users must trust the hosting service with all of their passwords - which may well be a major security risk.

The use of a web-based password manager is an alternative to single sign-on technology, such as OpenID, or may serve as a stop-gap measure until its implementation.

See also

Notes

  1. ^ About - Revelation

External links

Password manager at the Open Directory Project

Retrieved from "http://en.wikipedia.org/wiki/Password_manager"

Article keywords: password manager program,

This article is from Wikipedia. All text is available under the terms of the GNU Free Documentation License.

Giant Panda

Mercedes Car
James Bond Guide
This site monitored by SitePinger.net