DOCSLIB.ORG

Network World Best Password Managers.Pdf

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Network World Best Password Managers.Pdf Network World Review: The best password managers for PCs, Macs, and mobile devices RELATED Wearable security: Two-factor authentication apps for Apple Watch 8 reasons to use 1Password that don't involve storing passwords Top password managers compared on IDG Answers If I buy a Chromebook and can't get to grips with OS can I convert to windows? 10 local and cloud-based contenders make passwords stronger and online life easier for Windows, OS X, iOS, Android, BlackBerry, and Windows Phone users By Tim Ferrill Follow InfoWorld | Jun 17, 2015 6:09 AM PT RELATED TOPICS Security Passwords COMMENTS Thanks to a continuous barrage of high-profile computer security scares and reports of cloud-scale government snooping, more of us Internet users are wising up about the security of our information. One of the smarter moves we can make to protect ourselves is to use a password manager. It's one of the easiest too. FREE COURSE: Learn basic Cisco networking In partnership with tech training provider Pluralsight, Network World offers a free online course on READ NOW A password manager won't shield you against Heartbleed or the NSA, but it's an excellent first step in securing your identity, helping you increase the strength of the passwords that protect your online accounts because it will remember those passwords for you. A password manager will even randomly generate strong passwords, without requiring you to memorize or write down these random strings of characters. These strong passwords help shield against traditional password attacks such as dictionary, rainbow tables, or brute-force attacks. [ InfoWorld's Mobile Security Deep Dive. Download it today in your choice of PDF or ePub editions! | Keep up on key mobile developments and insights with the Mobile Computing newsletter. ] Many password managers allow you to automatically populate your password vault by capturing your Web logins using a browser plug-in and allowing you to store these credentials. Other options for populating your password database include importing an Excel spreadsheet or manually entering your login information. Further, using these stored credentials is typically automated using a browser plug-in, which recognizes the website's username and password fields, then populates these fields with the appropriate login information. Although several browsers offer similar functionality out of the box, many password managers offer several benefits over the built-in browser functionality -- including encryption, cross-platform and cross-browser synchronization, mobile device support, secure sharing of credentials, and support for multifactor authentication. In some cases, usernames and passwords must be copied from the password manager into the browser, reducing the ease of use but increasing the level of security by requiring entry of the master password before accessing stored login information. 6 simple tricks for protecting your passwords Some password managers store your credentials locally, others rely on cloud services for storage and synchronization, and still others take a hybrid approach. Some of the options using local storage (such as KeePass and 1Password) still support synchronization through Dropbox or other storage services. Deciding which password manager is best for you will come down to features and ease of use, as well as to whether you're comfortable storing your passwords on the Internet. If having your critical data stored in a cloud service worries you, then KeePass, 1Password, or SplashID Safe (sans SplashID's cloud service) offer the top options. If you trust cloud-based services with your passwords and believe they will protect your data using good security practices and encryption, then LastPass, Dashlane, or PasswordBox are your best bets. In my judgment, KeePass is the best of the options using local storage. The fact that it's open source, free, and complemented by countless plug-ins adds up to a very flexible option. With the right combination of plug-ins, KeePass can be made to do almost anything you could require of a password manager. My favorite cloud option is LastPass, primarily due to its low cost and the consistent implementation of features across all of the clients. Each LastPass client I tested was easy to work with, stable, and remarkably uniform from a usability perspective. Additionally, the fact that a LastPass Premium account is all of $1 per month makes it an extremely compelling option. But one of these other options might suit you better. Really, you can't go wrong with any of these password managers. RESOURCES WHITE PAPER Making SAP Simple And Personal: Transforming 16,000 workflows into powerful minutes of productivity WHITE PAPER How to Overcome Web Security Challenges (And Sleep Well at Night) SEE ALL Go 1Password 1Password is the brainchild of AgileBits, maker of the popular Knox encryption tool for OS X. Unlike Knox, 1Password offers support for multiple platforms, including Mac, Windows, iOS, and Android. Like KeePass, 1Password uses a local file to store encrypted passwords. AgileBits does not provide a cloud service for synchronization with mobile devices, but 1Password does support synchronization of the password vault using Dropbox (all platforms) or iCloud (Mac and iOS only). 1Password also supports synchronization over Wi-Fi between Windows, Mac, and iOS clients. Because the 1Password vault is contained in a single file, you gain the convenience of a portable password vault without having to store your passwords on the Internet. 1Password clients allow you to create and maintain multiple password vaults. Multiple vaults can be used to share some of your passwords with another family member or co- worker. Secure sharing between 1Password clients is supported, giving you a method to transmit a login (or any sensitive information, such as a credit card number or the answer to a website's security question) to another licensed 1Password user over an encrypted channel. Emailing login information in plain text is also supported, but this information is only as secure as your email traffic. 1Password stores your passwords in a local file, but supports synchronization across devices using Dropbox and iCloud. TOP NEWS Attackers can take over Cisco routers; other routers at risk, too DomainTools' Iris interface speeds up cybercrime investigations Attackers install highly persistent malware implants on Cisco routers 1Password now provides a number of different tools that analyze your passwords and the services they secure in order to identify potential vulnerabilities. Though many websites have patched the Heartbleed vulnerability by now, 1Password takes the precaution of comparing your last password change for a site against the date the site’s server was patched. If your password hasn’t been changed since the patch, 1Password will encourage you to protect yourself through a password change. Potential areas of concern such as duplicate or weak passwords are also identified. The cost of using 1Password is markedly different than cloud-based password lockers. Users must purchase clients for each platform they intend to use, costing more up front than a subscription service, but potentially saving money in the long term. 1Password for PC or Mac cost $49.99; the Mac-plus-PC bundle runs $69.99. Both the iOS app and Android apps are free with an in-app upgrade to the Pro feature set for $9.99. My biggest concern with 1Password has to do with feature parity between the Mac and PC versions. Currently both platforms offer similar features, largely due to a massive update to the Windows version mere days before publication of this article. Previously, features such as secure sharing or Wi-Fi sync were nowhere to be found. AgileBits has made good on promises to bring these features to all platforms, but if you're primarily a PC user, the lag may be cause for concern. Regardless, 1Password is a strong password manager. With AgileBits' strong ties to the Apple community, this is particularly true for Mac and iOS users. Dashlane Dashlane toes the line between cloud service and local password manager in an attempt to answer every security concern. You can store your password database on Dashlane's servers and take advantage of synchronization across devices, or you can store your password vault locally and forgo synchronization. It's your choice. If you store your password database in Dashlane's cloud, your master password remains with you only. Rather than storing a hash of the master password on its servers, Dashlane claims to use your password merely to encrypt and decrypt the data locally. For this reason your password database on the Web is read only, and changes can solely be made on a client. Authentication is performed against devices that are registered with Dashlane through a two-step process, incorporating your master password and a device registration code sent via email. Two pricing tiers are offered for Dashlane users. A free account allows access to your passwords through a single device of your choice. Premium accounts, which cost $39.99 per year, let you synchronize your passwords across multiple devices, perform account backups, share more than five items, give you access to the read-only Web app, and entitle you to Dashlane's customer support. Dashlane will store your password database in the cloud, but your master password remains with you only. (Don't lose it!). Like other password managers, Dashlane will assess the strength of your password as you create it. With Dashlane, retention of your master password is critical. The company states that it is unable to perform password recovery in the event of loss, a necessary side effect of its decision to not store a copy of your password in any form. Two-factor authentication is also supported through the use of Google Authenticator. Support for two-factor authentication must be enabled through the Windows or Mac client and can only be used on Internet-connected clients.
Load more

Recommended publications
  • SHOW TEASE: It's Time for Security Now!. Steve Gibson Is Here. We're Going to Talk About the Strange Case of the Estonian ID Cards
    Security Now! Transcript of Episode #642 Page 1 of 30 Transcript of Episode #642 BGP Description: This week we examine how Estonia handled the Infineon crypto bug; two additional consequences of the pressure to maliciously mine cryptocurrency; zero-day exploits in the popular vBulletin forum system; Mozilla in the doghouse over "Mr. Robot"; Win10's insecure password manager mistake; when legacy protocol come back to bite us; how to bulk-steal any Chrome user's entire stored password vault; and we finally know where and why the uber-potent Mirai botnet was created, and by whom. We also have a bit of errata and some fun miscellany. Then we're going to take a look at BGP, another creaky yet crucial - and vulnerable - protocol that glues the global Internet together. High quality (64 kbps) mp3 audio file URL: http://media.GRC.com/sn/SN-642.mp3 Quarter size (16 kbps) mp3 audio file URL: http://media.GRC.com/sn/sn-642-lq.mp3 SHOW TEASE: It's time for Security Now!. Steve Gibson is here. We're going to talk about the strange case of the Estonian ID cards. A weird bug or actually flaw introduced into Microsoft's Windows 10. We're still not sure exactly who got it and why. We'll also talk about the case of the Firefox plugin promoting "Mr. Robot," and a whole lot more, all coming up next on Security Now!. Leo Laporte: This is Security Now! with Steve Gibson, Episode 642, recorded Tuesday, December 19th, 2017: BGP. It's time for Security Now!, the show where we cover your security online with this guy right here, the Explainer in Chief, Steve Gibson.
    [Show full text]
  • Silkperformer® 2010 R2 Release Notes Borland Software Corporation 4 Hutton Centre Dr., Suite 900 Santa Ana, CA 92707
    SilkPerformer® 2010 R2 Release Notes Borland Software Corporation 4 Hutton Centre Dr., Suite 900 Santa Ana, CA 92707 Copyright 2009-2010 Micro Focus (IP) Limited. All Rights Reserved. SilkPerformer contains derivative works of Borland Software Corporation, Copyright 1992-2010 Borland Software Corporation (a Micro Focus company). MICRO FOCUS and the Micro Focus logo, among others, are trademarks or registered trademarks of Micro Focus (IP) Limited or its subsidiaries or affiliated companies in the United States, United Kingdom and other countries. BORLAND, the Borland logo and SilkPerformer are trademarks or registered trademarks of Borland Software Corporation or its subsidiaries or affiliated companies in the United States, United Kingdom and other countries. All other marks are the property of their respective owners. ii Contents SilkPerformer Release Notes ..............................................................................4 What's New in SilkPerformer 2010 R2 ...............................................................5 Browser-Driven Load Testing Enhancements .......................................................................5 Enhanced Support for Large-Scale Load Testing .................................................................6 Support for Testing BlazeDS Server Applications .................................................................7 Support for Custom Terminal Emulation Screen Sizes .........................................................7 Graceful Disconnect for Citrix Sessions ................................................................................7
    [Show full text]
  • Keepass Password Safe Help
    KeePass Password Safe KeePass: Copyright © 2003-2011 Dominik Reichl. The program is OSI Certified Open Source Software. OSI Certified is a certification mark of the Open Source Initiative. For more information see the License page. Introduction Today you need to remember many passwords. You need a password for the Windows network logon, your e-mail account, your website's FTP password, online passwords (like website member account), etc. etc. etc. The list is endless. Also, you should use different passwords for each account. Because if you use only one password everywhere and someone gets this password you have a problem... A serious problem. He would have access to your e-mail account, website, etc. Unimaginable. But who can remember all those passwords? Nobody, but KeePass can. KeePass is a free, open source, light-weight and easy-to-use password manager for Windows. The program stores your passwords in a highly encrypted database. This database consists of only one file, so it can be easily transferred from one computer to another. KeePass supports password groups, you can sort your passwords (for example into Windows, Internet, My Website, etc.). You can drag&drop passwords into other windows. The powerful auto-type feature will type user names and passwords for you into other windows. The program can export the database to various formats. It can also import data from various other formats (more than 20 different formats of other password managers, a generic CSV importer, ...). Of course, you can also print the password list or current view. Using the context menu of the password list you can quickly copy password or user name to the Windows clipboard.
    [Show full text]
  • A4Q Selenium Tester Foundation Syllabus
    A4Q Selenium Tester Foundation Syllabus Released Version 2018 Alliance for Qualification Version 2018 © A4Q Copyright 2018 © A4Q Copyright 2018 - Copyright notice All contents of this work, in particular texts and graphics, are protected by copyright. The use and exploitation of the work is exclusively the responsibility of the A4Q. In particular, the copying or duplication of the work but also of parts of this work is prohibited. The A4Q reserves civil and penal consequences in case of infringement. Revision History Version Date Remarks Version 2018 5 August 2018 1. Release version Version 2018 3 December 2018 Minimal corrections Version 2018 © A4Q Copyright 2018 2 Table of Contents Table of Contents 2 0 Introduction 4 0.1 Purpose of this Syllabus 4 0.2 Examinable Learning Objectives and Cognitive Levels of Knowledge 4 0.3 The Selenium Tester Foundation Exam 4 0.4 Accreditation 5 0.5 Level of Detail 5 0.6 How this Syllabus is Organized 5 0.7 Business Outcomes 6 0.8 Acronyms 6 Chapter 1 - Test Automation Basics 7 1.1 Test Automation Overview 7 1.2 Manual vs. Automated Tests 9 1.3 Success Factors 12 1.4 Risks and Benefits of Selenium WebDriver 13 1.5 Selenium WebDriver in Test Automation Architecture 14 1.6 Purpose for Metrics Collection in Automation 16 1.7 The Selenium Toolset 18 Chapter 2 - Internet Technologies for Test Automation of Web Applications 20 2.1 Understanding HTML and XML 20 2.1.1 Understanding HTML 20 2.1.2 Understanding XML 28 2.2 XPath and Searching HTML Documents 30 2.3 CSS Locators 33 Chapter 3 - Using Selenium WebDriver
    [Show full text]
  • Technical Guides
    Technical Guides KeePass Password Manager Tutorial Wireguard Ubuntu Deployment SQM for 1 Gbps Lines With OpenWrt KeePass Password Manager Tutorial Introduction I don't trust online password managers because they are closed source and companies have been hacked in the past. If you look up "lastpass breached" in Google you can see my point. Keepass is open source and offline. Why put your trust in a company when you can create and access the database yourself? An honorable mention is bitwarden. They are also open-source and you have the option of hosting your own bitwarden server at home as an option. If you want to pay and are willing to trust a company and have your passwords encrypted on their cloud they would be your best bet. Downloading Keepass https://keepass.info/download.html Get the Installer for Windows (2.45) aka KeePass-2.45-Setup.exe. After you get it install Keepass. Recommended plugins (.plgx) to download: Keepass has a variety of useful plugins listed here: https://keepass.info/plugins.html I recommend the following below for now. Plugins always have a .plgx file extension. WebAutoType-v6.3.0.zip: https://sourceforge.net/projects/webautotype/files/ YetAnotherFaviconDownloader.plgx: https://github.com/navossoc/KeePass-Yet-Another- Favicon-Downloader/releases After you downloaded the necessary .plgx plugins. Copy or move them into the Plugins folder at C:\Program Files (x86)\KeePass Password Safe 2\Plugins. 1.1.1 Master Password To start off you will be creating a master password which is the masterkey to access all your other passwords.
    [Show full text]
  • Practical Issues with TLS Client Certificate Authentication
    Practical Issues with TLS Client Certificate Authentication Arnis Parsovs Software Technology and Applications Competence Center, Estonia University of Tartu, Estonia [email protected] Abstract—The most widely used secure Internet communication Active security research is being conducted to improve standard TLS (Transport Layer Security) has an optional client password security, educate users on how to resist phishing certificate authentication feature that in theory has significant attacks, and to fix CA trust issues [1], [2]. However, the attacks security advantages over HTML form-based password authenti- mentioned above can be prevented or their impact can be cation. In this paper we discuss practical security and usability greatly reduced by using TLS client certificate authentication issues related to TLS client certificate authentication stemming (CCA), since the TLS CCA on the TLS protocol level protects from the server-side and browser implementations. In particular, we analyze Apache’s mod_ssl implementation on the server the client’s account on a legitimate server from a MITM side and the most popular browsers – Mozilla Firefox, Google attacker even in the case of a very powerful attacker who has Chrome and Microsoft Internet Explorer on the client side. We obtained a valid certificate signed by a trusted CA and who complement our paper with a measurement study performed in thus is able to impersonate the legitimate server. We believe Estonia where TLS client certificate authentication is widely used. that TLS CCA has great potential for improving Internet We present our recommendations to improve the security and security, and therefore in this paper we discuss current issues usability of TLS client certificate authentication.
    [Show full text]
  • Enpass User Manual - Android Version 6.7
    Enpass User Manual - Android version 6.7 Enpass Technologies Inc. August 19, 2021 Contents User Manual 1 Introduction to Enpass 1 Prerequisites 1 Getting Started 1 As a new user 4 As an existing user 6 Import Passwords from Other Sources 6 Master password 6 Keyfiles 6 Generating the keyfile 7 Adding the keyfile 7 Removing keyfiles 7 Registration 7 Adding and Managing items 9 Adding Item 9 Adding One-Time Code 10 Adding Attachments 12 Attach Photo 12 Attach file 12 View Attachment 12 Delete Attachment 12 Tags 13 Tagging items 13 From Edit page 13 From Sidebar 13 Nested Tags 14 Editing Tags 14 Untag an Item 14 Deleting and Archiving 14 Trash 14 Archive 15 Duplicating Item 15 Customizing Fields 15 Editing field type 15 Adding fields 16 Re-ordering Fields 16 Deleting fields 17 Field History 17 Customizing Password Fields 18 Exclude from Audit 18 Set Password Expiry 18 Sensitive 18 Adding Section 18 Customizing icons 18 Using website icons 18 Enabling website icons for a particular site: 19 Using your own images as custom icons 19 Changing Category 20 Search 20 Sort By 21 Title 21 Url 21 Created Date 22 Modified Time 22 Recently Used 23 Frequently Used 23 Moving Items to Other Vaults 23 Checking Compromised Passwords 23 Checking Individual Password 23 Checking All Passwords 24 How does it work? 25 What to do if you have Compromised Passwords? 25 Change Password Immediately 25 Enable Two-Factor Authentication 25 Regularly keep a check on Passwords’ Health 25 Using Password Generator 25 Generating Passwords 25 Pronounceable Passwords 25 Random
    [Show full text]
  • HACK Enpass Password Manager
    1 / 2 HACK Enpass Password Manager Mar 23, 2021 — So, is this password manager right for you or your business? In our Enpass review, we'll take a closer look at everything this software has to offer.. Results 1 - 100 of 338 — TOTP is an algorithm that computes a one-time password from a shared secret ... codes to protect your online accounts from hackers (bad guys). ... code in my password manager, especially for password managers that can ... Segregate data using Multiple vaults Enpass facilitates you with an option to .... Jan 9, 2019 — Password manager company OneLogin was actually hacked, and the ... EnPass: Here's something unusual—a password manager that goes .... Use Enpass audit tools to identify weak, identical, and old passwords. Your password manager is your digital security best friend. You are using a password .... The Synology Disk Station Manager (DSM) is the Operating System (OS) that runs on your Synology unit. ... a prerequisite while using Enpass it is not really neccessary to me to sync with CloudStation. ... For iOS 13/12 users: Open the Settings app > Passwords & Accounts > Add Account > Other ... Mikrotik hack github.. We will send a One-time password (OTP) to your registered email address and ... set of Enpass users by letting them store their time based one time passwords of ... Hackers use credit card skimmers to obtain the magnetic stripe information of a ... Open Google Chrome and click the GateKeeper Password Manager Chrome .... Jun 16, 2021 — Using an online password manager? … Are they safe from hackers?? Use Enpass to securely organize everything at one place.
    [Show full text]
  • How Anywhere Computing Just Killed Your Phone-Based Two-Factor Authentication
    How Anywhere Computing Just Killed Your Phone-Based Two-Factor Authentication Radhesh Krishnan Konothy, Victor van der Veeny, and Herbert Bos yEqual contribution joint first authors VU University Amsterdam, The Netherlands r:k:konoth@vu:nl;{vvdveen;herbertb}@cs:vu:nl Abstract. Exponential growth in smartphone usage combined with re- cent advances in mobile technology is causing a shift in (mobile) app behavior: application vendors no longer restrict their apps to a single platform, but rather add synchronization options that allow users to conveniently switch from mobile to PC or vice versa in order to access their services. This process of integrating apps among multiple platforms essentially removes the gap between them. Current, state of the art, mo- bile phone-based two-factor authentication (2FA) mechanisms, however, heavily rely on the existence of such separation. They are used in a vari- ety of segments (such as consumer online banking services or enterprise secure remote access) to protect against malware. For example, with 2FA in place, attackers should no longer be able to use their PC-based malware to instantiate fraudulent banking transactions. In this paper, we analyze the security implications of diminishing gaps between platforms and show that the ongoing integration and desire for increased usability results in violation of key principles for mobile phone 2FA. As a result, we identify a new class of vulnerabilities dubbed 2FA synchronization vulnerabilities. To support our findings, we present practical attacks against Android and iOS that illustrate how a Man- in-the-Browser attack can be elevated to intercept One-Time Passwords sent to the mobile phone and thus bypass the chain of 2FA mechanisms as used by many financial services.
    [Show full text]
  • The Usable Security of Passwords Based on Digital Objects: from Design and Analysis to User Study∗
    The Usable Security of Passwords based on Digital Objects: From Design and Analysis to User Study∗ Mohammad Mannan Tara Whalen, Robert Biddle Electrical and Computer Engineering Dept. P.C. van Oorschot University of Toronto School of Computer Science Toronto, Canada Carleton University [email protected] Ottawa, Canada Abstract Despite all efforts, password schemes intended to deploy or encourage the use of strong passwords have largely failed. As an interesting alternative to enable users to create, maintain and use high quality passwords willingly, we propose Object-based Password (ObPwd), leveragingthe universe of personal or personally meaningful digital content that many users now own or have access to. ObPwd converts user- selected digital objects to high-entropy text passwords. Memorization of exact passwords is replaced by remembering password objects. We present the design details, variants, and usability and security analysis of ObPwd; briefly discuss (publicly available) prototype implementations in various forms on several platforms; and as a major focus, report on the results of a hybrid in-lab/at-home user study on 32 participants. The results suggest the scheme has good usability, with excellent memorability, acceptable login times, and very positive user perception, achieved while providing strong security for the threat context explored. While we anticipate further experience with ObPwd will lead to improved security and usability, and best practice guidelines, we believe this work lays the foundations for a promising password selection paradigm. 1 Introduction and Motivation Text passwords remain ubiquitous, despite endless criticism. Independent studies conducted decades apart reveal that people consistently choose ‘weak’ passwords [19, 6] for many reasons, including users trying to manage on average 25 password-protected accounts [7].
    [Show full text]
  • Google Data Collection —NEW—
    Digital Content Next January 2018 / DCN Distributed Content Revenue Benchmark Google Data Collection —NEW— August 2018 digitalcontentnext.org CONFIDENTIAL - DCN Participating Members Only 1 This research was conducted by Professor Douglas C. Schmidt, Professor of Computer Science at Vanderbilt University, and his team. DCN is grateful to support Professor Schmidt in distributing it. We offer it to the public with the permission of Professor Schmidt. Google Data Collection Professor Douglas C. Schmidt, Vanderbilt University August 15, 2018 I. EXECUTIVE SUMMARY 1. Google is the world’s largest digital advertising company.1 It also provides the #1 web browser,2 the #1 mobile platform,3 and the #1 search engine4 worldwide. Google’s video platform, email service, and map application have over 1 billion monthly active users each.5 Google utilizes the tremendous reach of its products to collect detailed information about people’s online and real-world behaviors, which it then uses to target them with paid advertising. Google’s revenues increase significantly as the targeting technology and data are refined. 2. Google collects user data in a variety of ways. The most obvious are “active,” with the user directly and consciously communicating information to Google, as for example by signing in to any of its widely used applications such as YouTube, Gmail, Search etc. Less obvious ways for Google to collect data are “passive” means, whereby an application is instrumented to gather information while it’s running, possibly without the user’s knowledge. Google’s passive data gathering methods arise from platforms (e.g. Android and Chrome), applications (e.g.
    [Show full text]
  • Open Research Online Oro.Open.Ac.Uk
    Open Research Online The Open University’s repository of research publications and other research outputs Forensically-Sound Analysis of Security Risks of using Local Password Managers Conference or Workshop Item How to cite: Gray, Joshua; Franqueira, Virginia N. L. and Yu, Yijun (2016). Forensically-Sound Analysis of Security Risks of using Local Password Managers. In: Proceedings: 2016 IEEE 24th International Requirements Engineering Conference Workshops (REW), IEEE, pp. 114–121. For guidance on citations see FAQs. c 2016 IEEE https://creativecommons.org/licenses/by-nc-nd/4.0/ Version: Accepted Manuscript Link(s) to article on publisher’s website: http://dx.doi.org/doi:10.1109/REW.2016.034 Copyright and Moral Rights for the articles on this site are retained by the individual authors and/or other copyright owners. For more information on Open Research Online’s data policy on reuse of materials please consult the policies page. oro.open.ac.uk Forensically-Sound Analysis of Security Risks of using Local Password Managers Joshua Gray∗, Virginia N. L. Franqueira∗ and Yijun Yuy ∗ College of Engineering and Technology, University of Derby, UK y School of Computing and Communications, The Open University, UK Abstract—Password managers address the usability challenge has a domino side-effect on security [5]; they write them down of authentication, i.e., to manage the effort in creating, memoris- or recycle old passwords with small changes [4]; or they use ing, and entering complex passwords for an end-user. Offering highly guessable passwords [6]. All these strategies undermine features such as creating strong passwords, managing increasing number of complex passwords, and auto-filling of passwords security in favour of usability.
    [Show full text]