Below are my notes about several methods and tools for password management. Individual needs and preferences will always help to determine the best approach.
For a collection of articles that review various password management programs, scroll down to the section labeled "Reviews".
Paper
Records
-
easy to use, but requires manual keyboard entry of login data
-
storage is offline
-
must be stored and transported securely
-
may not be with you when you need it
-
no electrical power needed to access
-
frequent updates can get messy
Web
Browser Password Storage
-
built into popular web browsers
-
convenient for most web sites
-
storage by web browser on your device is not highly secure
-
password data can be lost if not backed up
-
must synchronize among multiple devices
-
master password strongly recommended for user access
Spreadsheet
Password Storage
-
convenient for most web sites
-
storage by spreadsheet file on your device is not highly secure
-
password data can be lost if not backed up
-
must synchronize among multiple devices
-
master password strongly recommended for user access
Cloud-based
Password Managers
-
encrypted password data is shared among all of your registered devices via cloud storage
-
all encryption / decryption is done on your device
-
software must be installed on each device
-
can augment security with a hardware multifactor authentication device
-
able to capture login information during initial login creation on a web page
-
automatically enters login information on subsequent logins
-
easy to create new login information and updated passwords
-
can generate strong random passwords that meet web site requirements
-
can securely store content other than logins
-
a master password is required
Local
Computer-based Password Managers
-
encrypted password data is stored on your device (computer, phone, flash drive / removable media)
-
data file must be backed up
-
if removable media used for storage, must transport between devices
-
all encryption / decryption is done on your device
-
software must be installed on each device
-
some can augment security with a hardware multifactor authentication device
-
data can be shared among all of your devices via manual copy process, local server or cloud
-
easy to create new login information and updated passwords
-
can use copy / paste or auto-text to apply login data to a web page
-
can generate strong random passwords that meet web site requirements
-
can securely store content other than logins
-
a master password is required
Reviews
Many articles are published that review and compare password manager programs. Here are a few for information. The first article does a very good job of explaining the big picture and the specifics of various approaches.
The Best Password Managers
Lifehacker Faceoff: The Best Password Managers, Compared
Web Browser Based Password Managers -- See page 5
No comments:
Post a Comment