Are Password Managers Safe?
By Leo Notenboom
Recently I tried to use RoboForm for an account at a large financial institution, but I couldn’t get it to work. In response to my inquiry, this institution said they do not permit log in using credentials that are stored on software because the security of the password could become jeopardized if my computer were hacked, invaded, etc. Is this true? Am I safer not to use RoboForm?
Technically they are mostly correct.
But not-so-technically I believe – strongly – that they are seriously misguided.
Using a password manager like Roboform is significantly safer than the alternatives most people choose.
The real problem is that most people will not do what your bank really wants you to do.
And I’ll admit it – I don’t do what your bank wants you to do either.
What the Bank Wants
By preventing you from using a password manager, it’s pretty clear that your bank wants you to:
Yes, that would be ideal.
It’s also impractical in my opinion.
As far as I’m concerned those two requirements are mutually exclusive – particularly if you also keep to best practices and never use the same password for more than one (important) site.
Without a Password Manager
Faced with the restriction of not being able to use a password manager, most people will compromise their security in some other way.
As you can see, in my opinion preventing use of technology specifically designed to keep passwords secure doesn’t increase security. When you factor in human nature it significantly decreases overall security.
This post is excerpted with permission from Leo Notenboom.