Data breaches have become so common that they are basically going on constantly.
According to Teramind, in the time it takes you to brush your teeth, 19,280 data records have been stolen.
And that’s not counting floss.
If you haven’t had your data stolen yet, it’s just luck, and not because of anything you did.
This is because, as we’ve seen time and time again, while companies beg, cajole, and require you to run through hoops ensuring your data is secure, they are often doing nothing of the sort on the other end.
Stories of passwords being saved unencrypted abound. It’s hard to believe that you are the weakest link in keeping your online data private.
That is only one reason why I don’t use a password manager.
Table of Contents
Managing the manager
Since we have so many different accounts we use, and we’re supposed to use a different password for all of them, it can be tricky to remember them all. Password managers take this burden away from you by storing your passwords, and acting as an intermediary.
When you need to log in to a site, the password manager inputs the password for you. They can even generate passwords for you, with as much randomness as you can handle. Imagine trying to think of (much less remember) a password like this:
S8&3}wVAIYz’CZ^:9RqvR(+?”]d?r1uh|O<&
Password managers can also generate passwords based on the mercurial needs of different sites. After all, haven’t you noticed that each site has their own needs? One sites requires “special characters”, one site won’t allow them. One site requires a password of at least 12 characters, another one has a maximum of 10. Etc.
Why I don’t use one
[perfectpullquote align=”full” bordertop=”false” cite=”” link=”” color=”” class=”” size=””]But you know what is also a security issue? Being on the internet.[/perfectpullquote]
But how do you get access to these passwords?
With a password, of course.
Password managers use a master password which unlocks your account.
And this is where it starts to get problematic for me.
The advantages of using a password manager have been detailed already. But here are the reasons why I don’t use a password manager:
- Single point of failure. Forget your bank account password? No problem, they have ways of resetting it for you. But forget your master password and all your passwords are gone. There is no way to recover them. This means that you need you start all over with every one of your accounts.
- Emergency backups are problematic. To prevent failure of your master password, you are often asked to back it up. With 1Password for example, which is an industry standard password manager, you are given instructions on how to create an “Emergency Kit”. But this is, in effect, just a PDF document where you write your master password. This means that you now have to manage/secure/hide/bury a document that in effect gives someone access to every single one of your accounts. This creates a whole other point of failure.
- You have to trust a third party for everything. If your password manager service goes down, so do you. Unless you have backups of all your passwords (and if so, is there really a point to using a password manager?) you are 100% reliant on a single service to get access to anything online.
(I will add that two-factor authentication can solve some of these issues, but not all of them.)
Cost is fine
One issue I don’t take with password managers is their cost. While their prices vary, they provide a valuable service, and I believe that a service like that is worth paying for.
But I can’t rationalize signing up right now. Call it a self-defeating desire to retain too much control over my online identities if you will. I use long passwords and don’t repeat them.
Is there a potential security issue here? Yes. But you know what is also a security issue? Being on the internet.
Everything is insecure, eventually
The internet is broken, from a security perspective. It was designed by a bunch of academics who wanted to communicate with each other. Every piece of security that has come since then has been bolted on to a fundamentally insecure core.
This isn’t meant to be fatalistic or anything, but it is important to see the situation as it is. As I said before, if you haven’t gotten hacked (and you probably have), it’s a matter of luck.
Well-crafted passwords can only go so far. The horse’s battery staple will never be correct.
Bonus
Here’s a fun tool to see just how insecure your passwords are. You can type things in here and the display will be automatically updated to show how long it would take for a computer to crack your password. I wouldn’t type your exact password in there, but something similar just to test.
Enjoy!
But enough about me. Do you use a password manager? How did you decide to use it?
