Password management software now being targeted

Estimated reading time: 1 minute.

If you’re not already using password management software, you should be. It’s an extremely bad idea to use one password for more than one service, which makes remembering all those passwords difficult. With a password manager, you only have to remember one password: the one that allows access to all your other passwords.

I’ve been recommending Password Corral for years. Bruce Schneier’s Password Safe is also excellent. These are both desktop programs. I don’t recommend using an online password manager, because there’s always the possibility that the service itself could be hacked.

Unfortunately, even as we collectively get better at keeping ourselves secure, nefarious hackers shift their focus to more fertile ground. Now, it appears that they are targeting password management tools. It’s easy to see why: if a hacker can break your master password, they will have access to all of your other passwords.

Recommendation: if you are using a password management tool, make sure your master password is long and unique.

Update 2014Nov27: A post on the Duo Security blog has additional details.

About jrivett

Jeff Rivett has worked with and written about computers since the early 1980s. His first computer was an Apple II+, built by his father and heavily customized. Jeff's writing appeared in Computist Magazine in the 1980s, and he created and sold a game utility (Ultimaker 2, reviewed in the December 1983 Washington Apple Pi Journal) to international markets during the same period. Proceeds from writing, software sales, and contract programming gigs paid his way through university, earning him a Bachelor of Science (Computer Science) degree at UWO. Jeff went on to work as a programmer, sysadmin, and manager in various industries. There's more on the About page, and on the Jeff Rivett Consulting site.

Leave a Reply