The world of online services has made almost every aspect of life easier, but when it comes to juggling numerous online accounts, setting a strong and unique password for every account can be very tough. Password managers promise us they will remember our numerous passwords, help us fill those passwords, and always keep them secure from the risk of being stolen. But should we trust them blindly? What if the password manager itself is hacked and criminals get our passwords for banking, email and social media accounts?
The OneLogin Case Proves Password Managers aren’t Foolproof
In May this year, one of the globally leading password manager apps OneLogin revealed that hackers had gained unauthorized access to its system, and this is not the first time the company reported something like this. It had announced a similar incident of sensitive user data being compromised in Aug 2016. Considering that OneLogin has millions of users, one can assume that the hackers might have stolen a humongous amount and can access the online accounts of millions of people.
Encryption can be Vulnerable
Password managers’ main security measure is to save your password in an encrypt form (a computer equivalent to the coded language spies use), but this method doesn’t seem to be foolproof. OneLogin has admitted that in the latest security breach, the hackers might have a software to decrypt (read decode) the data they had stolen. In other words, hackers could possibly read the passwords saved by OneLogin. If the hackers have actually been able to decode the information, then naturally, they should now be in a position to use it login to people’s online accounts.
Should we stay away from Password Managers?
Yes, password managers are vulnerable, but the good news is, they aren’t the only means to keep your password safe. Thankfully, there is another strong security measure called a multi-factor verification. This ensures that even if someone steals your password, that person won’t be able to access your account without a second layer of validation done through a security question, finger print, or a code sent to your phone only.
Just ensure that multi-factor verification is activated in your online account, and you can continue trusting your password manager to remember that long list of complex passwords!