![]() There’s a very cool bit of tech you can look for in password managers that solves the latter problem very handily: zero-knowledge encryption. But you still have to trust two things: the honesty of the password management software company, and their own security practices, which ensure that external forces cannot hack into their (encrypted) database. Suppose they’re even encrypted there, making it especially difficult for anyone to hack your password collection. Suppose your passwords are sent, via an encrypted connection, to the company’s servers. The evilness of the cloud is actually rather well demonstrated by the situation with password managers. I know that’s a cranky sort of thing to say, but I’m getting old and therefore I’m permitted to say cranky things. Neat! Your password manager should use zero-knowledge encryption for syncing, at least Then, if you’re on your desktop PC and you update your password manager with a new password, the change is quickly reflected on your phone, where you can use it quite easily. Well, the even cleverer solution then is to sync your passwords “in the cloud.” The password manager software company will hold your passwords for you, as a service, on their servers. But how do the passwords get synced? Each instance of the app, on your different devices, has its own copy of your password data. The one I use, Enpass, is open source software (UPDATE: oops, no it’s not: /index.php?/…) that works on pretty much every consumer platform. This is why password managers apps work on computers as well as handheld devices, on multiple platforms. That would be a bad idea, because Google employees could easily see your passwords, and if anybody else got a hold of the document, they can just make a copy and you’d be none the wiser. For example, maybe you keep yours in a Google Doc. If you’re more clever, then you’ll have a single document that is accessible using all devices. You could shuffle a document back and forth between devices, e.g., by email or a messenging app. ![]() How do you do it? Well, let’s talk about some suboptimal solutions, to help explain why I went to some rather great lengths. It’s a royal pain, isn’t it? Of course it is. They (a) check that your passwords are strong (b) make it super-easy to generate strong new ones (c) make them all available if you simply memorize one strong password (d) auto-fill your passwords in forms on all your devices.īut in our multi-device lives, there’s yet another problem: you need to sync your passwords across your desktop, laptop, and mobile devices. Password managers solve all these problems for you. You need one because (a) you need to have strong passwords, or else your web accounts (which can contain really sensitive info) can be easily cracked (b) passwords, to be strong, must be different on every site and very complex (and so hard to memorize) (c) you can’t possibly memorize that many strong passwords (d) copying and pasting passwords from some plain-text repository, let alone typing them in, is a pain nobody needs. What’s that, and why? A password manager simply holds all your passwords and makes them easily available to you. Let’s begin with what I hope will be a useful review. With a uber-geeky bonus: How I synced my Enpass passwords over my Synology NAS using WebDAV You need a password manager that syncs ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |