Let's begin saying that your password to any kind of application or service, be it on-premise or in the cloud, and where you keep it is the weakest link in any given case. Every day we keep relying increasingly more on cloud services to accomplish a given amount of tasks. it all began with e-mail, and then contacts and calendar services, then social networks, banking services, food recipes, blogs, and so much more. Our daily lives and the Internet are fused in such ways that if we can drive a hundred miles only to return home because we left the cell phone on the table. Well, all those services need a way for you to authenticate with them so you can gain access to your information.
Credentials
A credential usually consists of a username, which in many cases is your registered e-mail address, and a password. Due to our human nature we tend to choose passwords that are very easy to remember in an effort to have it always available to us and to reduce the hassle or having to remember or write them down when the time to use the service comes. It is very common for people to reuse the same four digits they use for their ATM service on all other services that have the same amount of digits or characters. By using the same numbers, or same keyword over and over it will be very hard to forget it and besides, who wants to have a different password for everything, and if that were to happen, where would we store it. Some people will opt for a wrinkled piece of paper where they have their passwords along with some food recipe or call reminder; other people will write all their passwords in a Microsoft Word document and keep it in their main computer. It will be a distant thought to them those passwords can be lost or worse - stolen.
The Risk
By keeping them in your computer or any web-connected device you are potentially exposing it to a hacker, a spyware application, or somebody else with physical access to the system. Also, keep in mind that hardware will eventually fail. Hard drives fail, flash drives (pendrives) fail and get lost, external hard drives may fail, get dropped or stolen. All these situations can leave you without your precious list of credentials to access your services.
Enter the Password Manager
A password manager is a category of applications or cloud services which help you by storing all your credentials for different services, cataloguing them, and keeping them safe. You then assign a master password which you will use to access this service. This is the only password you need to remember and it should be a strong password. A strong password is one where by definition, has at least 8 characters and at least two or three of the following types of characters: uppercase, lowercase, digit, special character. Also the password shoudl not contain any word that can be found on the username, your own name, address, or phone number. Come on! It is not that hard! Cfu#4500 complies with the above guidelines as long as 4500 is not your phone number, last four of your social security number, address, or any other piece of information that is easily obtainable and that is unique to you.
Don't think that because all passwords are stored in a single place they are easy to obtain or get lost. Most of these password managers use a very secure encryption mechanism which scrambles the information while in its stored state. It is only when you access it that it becomes unencrypted (readable). Online password managers trasmit their data using at least SSL security and employ a number of security measures at their servers to ward off against hackers and malware. As I always say, anything web-connected is hackable but (and this can bring about some discussion) it is safer in their hands than in your own.
I have been using for a very long time Keepass and it's very good and secure. It is an application which you have to install or maybe use it portable version so you can keep run it from your falseh drive but it is not an online service so you have to implement your own way of securing it in terms of backup and availability. I keep my file stored in Dropbox so I can pull it from anywhere and of course there is Keepass app for Android for my phone. I always have access to my passwords and needless to say they are all different for every service.
There are many other password manager applications and services and I encourage you to choose the one you like the most but don't delay having one. If they get lost, most of the time you will just have to use the Lost Password procedure for each service but sometimes this proves to be very challenging; but if they are stolen, your identity, data (confidential or not), contacts, services, and possibly financial state can be at risk, so please take this seriously.
