Managing Passwords – The question of trust

With our life depending more and more on the internet, we all have accounts in probably dozens of sites. Different mail providers (I doubt if any one of us have a single mail account), news sites, social sites and what not.

Gone are the days when we had one mail account and that was that.

With multiple accounts, come the problem of passwords.

Needless to say, we need to have a complicated password (your nickname, your spouse’s name, your birth date, your child’s birth date etc. etc. are pretty bad idea BTW). Actually there are lots of site which requires you to have a password which has both lower case & upper case letters as well as a special symbol and numerals in the password. Now, if we create such a complicated password and use it for each and every place we require login – that is not a good idea as well. Because if one of your password gets leaked – all your accounts become open to whoever has your password. In case you do not know – these databases of password leak get sold in the ‘Dark Web’ to anyone and everyone. So, we need to have a complicated / complex password as well as unique password for each and every online account we have. That is a bit of a challenge – remembering so many complex passwords as well as keeping a track of which password which belongs to which account! In case you are wondering – writing them down in your notebook is not a good idea…

This is where password managers come in to the rescue.

In case you are unaware – almost all (if not all) popular web browser including Firefox, Microsoft Edge & Chrome has in-built password managers and they also allow you to sync your passwords across all your installations. But there is a small catch to this, if they don’t have a primary password to lock your password vault (Firefox has it, not sure about Chrome or Edge) – anyone who opens up your browser will have access to all your passwords. They can simply log in to any site with your credentials. At this point, you might think why should I give access to my system whom I don’t know, right? Wrong! Say your device becomes faulty and you send it for service ? What happens then? Are you sure they won’t try to misuse?

This is where 3rd Party password managers come into play. These could be a browser extension or a desktop application. Their biggest advantage is every time you restart your PC or logout (desktop App) or every time you close your browser – you need to authenticate yourself to access the password vault. So, basically you need to remember just one password. Also, these password managers have inbuilt password generators and they can also check for duplicate passwords (in case you are using any).

Now there are lots of password managers available. Just search for best password managers and you will get a plethora of password managers.

Some links to popular sites about best password managers:

https://www.pcmag.com/picks/the-best-password-managers

https://www.tomsguide.com/us/best-password-managers,review-3785.html

https://www.cnet.com/how-to/best-password-manager/

So, which one should you go for ?

Well before using any of these password managers – you need to consider a few things. Most of the password managers listed in these sites are proprietary, closed source programs including MS Edge, Chrome or Safari (if it allows saving passwords). What does that mean? Well it simply means that you are trusting a corporate (be it Google, Microsoft, Apple, Dashlane or Lastpass) with all your passwords. They are saying that they are encrypting your passwords and they can not access your vault in any way. They key point here is ‘they are saying it’ and ‘you should trust them’.

Compared to these closed source software – both Firefox as well as Bitwarden are open source. What does that mean ? That means the codes of these programs are open for the entire community to see – and if they lied about not having access to your password – there are hundreds, if not thousands of developers who will call them out immediately. Here you are not trusting an organization or corporate but community and diverse community spread across the globe.

Which is wiser?

Another thing you need to notice is that Bitwarden has the most to offer in its free model as well as the cheapest when it comes to the premium account. Why ? Well, that is the basic principle behind FOSS – no one should be deprived of a service because he is economically or otherwise marginalized. Why else do you think software like GIMP or LibreOffice are free where as their competitors cost hundreds of dollar?

And the best part of Bitwarden is that since it is open source, you can host your own server – so that you do not have to trust anyone with your password.

4 comments

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.