Like HowStuffWorks on Facebook!

How Password Management Software Works


Risks of Using Password Management Software
The auto-fill feature available with some password management software is convenient, but it illustrates why you want to be careful about the service you choose. Imagine what could happen if someone hacked your password management account.
The auto-fill feature available with some password management software is convenient, but it illustrates why you want to be careful about the service you choose. Imagine what could happen if someone hacked your password management account.
iStockphoto.com/Thinkstock

Your passwords are as important as your wallet and car keys -- you never want to lose them, and you certainly don't want them falling into the wrong hands. That being the case, you shouldn't trust managing your passwords to just any piece of software. Before you start saving your passwords in a management application, be sure you know how that app saves your data and what risks you're taking by using it.

The biggest risk involved in using any password management software is that all your passwords are in one place. Think of the password management software like your home: All your stuff is in it, and one key unlocks everything you own. If your password management app requires a master password or an encryption key, a hacker only needs that one password or key to access all your private account credentials.

There's a lot you can do to minimize the risk of a hacker getting or using this master password or key. Take the following precautions no matter what type of password management software you use:

  • Keep your computer or mobile device physically secure by leaving it at home or keeping it in sight at all times. Consider computer locks as a theft deterrent when you're on the go and might need to walk away from the machine for a short time.
  • Set a password to access the user account on your computer or mobile device, and change this password regularly. Make sure the system requires this password from you whenever it boots or wakes up.
  • Use a screen lock for your computer or mobile device when you're not using it, requiring you to enter a password when you return.
  • Never trust anyone else with your passwords or encryption keys.
  • Use reliable firewall software to prevent unwanted access over your network connections.
  • Select password management apps that require a complex master password or encryption key.
  • If your password management app uses a master password, change it every two to three months, and never make it the same as the password used to log in to your computer.
  • Consider a biometric credential, such as a fingerprint scan, if you have trouble remembering your master password and you don't mind using additional scanning hardware.

Going back to the house metaphor, we could summarize these recommendations as, "Keep all of your doors locked, don't lose the key and choose a lock that's so difficult to pick that a thief will probably just give up and move on to the next house." But what if the thief decides to just knock down the door or break through a window instead? Sometimes it's the house itself, not the lock, that puts you at risk. Next, we'll look at the potential problems unique to specific types of password management approaches.