As PC users rethink how they manage their passwords, interesting questions emerge.
For example, what happens if someone hacks the site that’s storing your passwords? And are browser-based password managers safe?
Following the publication of the Oct. 17 Top Story, “Protect yourself from the next big data breach,” I received numerous emails about password management. It seems that many readers are reassessing their password strategies.
Many of those letters raised issues and concerns about password-management applications/services. So I’m devoting the entire column to the topic.
Are passwords stored in the cloud vulnerable?
This query from Susan Taylor might seem relatively simple, but it touches on a broad range of password-manager security issues.
- “Hi! I just read your article on using a standalone password manager. I’m a bit confused, though; what if the password manager company itself is hacked?”
That’s an excellent question, Susan. Password-management services typically use strong encryption to protect user passwords. A good password manager will never store or transmit your passwords in the clear. Nor will your passwords be decrypted anywhere other than on your local device — and then only after you’ve entered your master password.