Who should you trust with all of your passwords?

Almost every website these days asks you to create an account, and with that yet another password. It is natural to become overwhelmed, especially when trying to remember passwords of websites like BuyYourCheapPerfumeHere.com, that you may only use infrequently.

If you are like most people you deal with this 21st century problem in one of three ways:

  1. Use passwords like Password, or YetAnother****Password
  2. Use one password, like Pikachu1988, for just about everything. A password which you created along with your first email address – Sk8rBoi2001@yahoo.com
  3. You quickly click ‘Save Password’ in Firefox, Chrome or Microsoft’s new Edge browser, the first time you create a new account or login to a website for the first time, while not thinking too much about it then, or ever again

6101434856_e7eafdfdf2_b

All three of these options are the cyber security equivalent of sticking your head in the ground like an ostrich, crossing your fingers and hoping for the best.

Yet it is completely understandable – don’t worry, no one is judging you!

The alternative is that on top of all the other more exciting things in your life like dates, friends, or the new virtual reality headset, it is humanly impossible to remember a password like (6^tWTF69! for every single website you ever visit.

This is indeed very secure and even highly recommended by some security experts, but in reality it would be nearly unfeasible, even for Stephen Hawking or Sheldon Cooper.

jeune-femme-poste-de-travail

So what is the ultimate answer to the ultimate question of life, universe and password security? And why is option 3 just as bad as using the pokemon themed password you created when you were 14.

A short one-question quiz helps explain why option 3 is just as insecure.

Who should you trust with your passwords?

  1. Google
  2. Mozilla, creators of Firefox
  3. Your next-door neighbour
  4. Microsoft
  5. A piece of paper your dog might accidentally eat instead of your homework

The answer? Well, it is actually secret option number 6.

Yourself.

But that simply isn’t possible alone, which is where SaferPass comes in to help you remember passwords better than even the smartest astrophysicists – real or fictional.

On the face of it, SaferPass may seem just like the default password managers built into Chrome, Firefox or Microsoft’s Edge browser. You visit a website, the SaferPass extension will ask you to save your password and away you go, while the password can now be forgotten forever.

facebook_post_01-2016-0

Yet there is one major difference. Trusting these companies with your passwords is effectively the same as options 3 and 5 above – giving them to your neighbour for safekeeping or simply writing all your passwords down on a little yellow post-it note stuck to your laptop.

SaferPass helps you remember your passwords, but you don’t have to trust us not to look at them. (We wouldn’t anyway!) This is because they are encrypted on your computer using our proprietary browser plug-in, before they are ever synced to our secure encrypted servers, which then allows you to instantly access them on your other devices.

But crucially, we never can, and neither can anyone else.

The same is simply not quite true for any of the alternatives built into the three major web browsers mentioned above. They all store your passwords in your browser on your computer and, if you elect to do so, on their servers, which then makes it possible to access them across your devices. Yet crucially, the default options do not necessarily encrypt that data before they move it to their servers, or there is simply a lack of clarity about what, if any, encryption is being used to secure your passwords.

office-583841_960_720

This system is simple, but it means that anyone who has physical access to your computer – such as if you pop to the toilet while your nosey co-worker is hovering nearby – or anyone who manages to find an exploit in the servers or local browser storage system where your passwords are kept, will instantly have access to all your passwords and account information. These type of exploits do happen, even for big companies like Google, with one such major exploit found for Chrome as recently as 2013.

So to recap, who should you trust with your passwords? No one! Just yourself!

Who can help you do the impossible of memorising hundreds of complicated unique passwords that you need to access quickly, simply and securely across your devices?

install_button_large

Image credits: William Iven, Marc Falardeau, George Hodan