With working from home being the new normal, it’s important to think about how you’re keeping your personal and professional data secure. As the prevalence of cybercrimes is growing all around the world, one of the main assets hackers often exploit are passwords. Although we all know that we shouldn’t use a single password for different applications and accounts, many users still do because it’s more convenient and easier to remember.
However, it’s just as easy to set up a password vault or manager on your personal system. That way, you can avoid the risk of a breach of your data, and you’ll have only one password to remember at the end, the “master password”. Read on to see our complete guide to password vaults and managers.
A password vault (sometimes known as a password manager, keeper or locker) is an encrypted space used for data storing, such as passwords and login credentials (the information you use to access applications and accounts online), documents, images and other pieces of sensitive information in a secure digital location. Password vaults often use one master password that, if decrypted correctly, gives the user access to the rest of the passwords in the vault. They are designed to keep personal and professional user data safe from cybercriminals. The purpose of a password vault is to stop users from replicating passwords across different digital platforms.
The terms password manager and password vault are often used interchangeably, with most password vaults including management software already integrated into the software’s functionality. Technically, it is a password manager that categorizes your passwords and sensitive data, whilst enabling “one-click” logins for efficiency. The password vault refers to the encrypted part of the password manager software that stores your passwords and data digitally.
Password vaults often include a host of functionalities for the user, which can be split into three sections, the vault, the password security center, and the management tools. The vault itself is usually capable of storing a range of documents and images (not just passwords), which can be easily accessed via your computer, mobile or tablet device. The password security center uses advanced encryption to protect your data. It also contains a “password generator”, for creating new passwords or replacing old/weak ones, a “password checker”, which gives you alerts when you’re using weak or duplicate passwords, and “leak detection”, which provides warnings if your passwords are leaked online. They also include an “auto-fill” function that remembers your passwords, account details and addresses when you’re using different web pages and applications.
Password vaults and managers are an essential part of staying safe online, professionally and personally. They are a vital part of digital life that keeps your information secure, no matter what hardware you’re using or where you’re using it.
Cybersecurity specialists across the world agree unanimously that password vaults are the simplest and easiest way to protect your passwords and sensitive data and are considered safe. As long as your master password is a “strong” password, your sensitive information has a very low probability of being hacked. A strong password includes being sufficiently long (10-12 characters) and contains a mix of special characters, numbers, uppercase and lowercase letters.
Nevertheless, it is important to understand that password vaults and managers can still be hacked. However, your passwords will be safe because they are encrypted on the user’s side, and then go to the cloud through safe https protocol. Deciphering industry-standard encryption, like 256-bit AES (Advanced Encryption Standard), is almost impossible. So, even if a hacker gets "in" the vault itself, it doesn't mean they can do anything whilst they’re inside. Also, most online password vaults do not store or have access permissions to your master password, so getting “in” is even less likely.
Password vaults and managers work by encrypting your credentials. The vault is then locked with a master password. In the case of a breach, a hacker would only be able to steal encrypted lines of code because of this master password. Today, most good password managers use modern strong encryption algorithms 256-bit AES to encrypt your data. Globally adopted in 2005, 256-bit AES is an encryption key that is widely used by modern digital technology.
The Advanced Encryption Standard is the specification for the encryption and 256-bit means that there are 256 combinations available for the random string. The more combinations, the harder it is to brute-force the correct one. This type of encryption key is known as a “private key encryption algorithm”, which is considered more secure than a “public key encryption algorithm”. Public key encryption uses a public key to encrypt your data and a private key to decrypt it. Whereas private key encryption uses the same private key to encrypt and decrypt your data. In short, the private key doesn’t leave your device, which makes it much more secure.
This is one aspect of understanding how a password vault works. However, defining a password vault’s inner workings also depends on what kind of vault you are using or have access to. Traditionally, there are three types of vaults: local, online and token/USB.
As the name suggests, local password vaults and managers work by encrypting your login credentials and other data and then storing them on your local machine. Sometimes referred to as ‘offline’ password vaults, the encrypted data can be stored on your computer, laptop, tablet or mobile phone. The encrypted file, where the passwords are held, is usually stored outside the password manager program itself. Offline password storage is useful because hackers only have access to your vault when you’re online. So, without stealing your device, your passwords are safe. However, this is also its main disadvantage. If your device is stolen or lost, your vault is gone too. Local password vaults also make device synchronization difficult because all the devices need to be online at the same time for the sync or update to work.
Online or web-based password vaults are the most widely used type of password manager by businesses and personal users alike. This type of vault stores your encrypted data on a cloud hosted by your provider’s server. This is much more convenient because you can access your passwords from anywhere and at any time. This vault is even protected from your provider by a process called the “zero-knowledge” principle. This means that your password vault will encrypt your data on your device before sending it to the provider’s server. So, your provider can’t access the password data either. In many cases, you can either use the provider’s password manager client, a simple browser extension or a web application hosted on the provider’s website to access your vault. This means you can access your passwords anywhere in case of an emergency. The main disadvantage is that you always need an internet connection for authentication (and, therefore, access to your passwords and other documents).
Sometimes known as “stateless vaults or managers”, token/USB password vaults involve having a piece of hardware, like a USB drive, which contains the key to unlocking your specific online account. The password vault doesn’t really exist in this scenario because a new token is created (on the external device) whenever you access a specific account. This means that all your sensitive credentials are stored on a separate device, meaning you don’t require any synchronization from your other devices. When you add a master password to this, you have two-factor authentication. The big disadvantage is that a lot of the software used to create these stateless vaults is open-source and complicated to set up or troubleshoot for non-experts.
Since the life-altering events of the pandemic, many companies and their employees around the globe have begun switching to remote working permanently. Unfortunately, due to the weaknesses in personal networks and cloud-based Software as a Service (SaaS) applications used by large enterprises, successful cyberattacks have grown substantially. In 2021, the average number of cyberattacks increased by around 15%. With that in mind, we recommend using a password vault at home and at work, especially if you use your personal computer for working.
Not only will a password vault allow you to keep track of all your passwords, but it can also be used to generate new ones, change (or import) older versions into your current vault and notify you when a new password isn’t strong enough for a new application. Research suggests that passwords classed as “weak” can be breached almost instantly by hackers, with very little knowledge or effort. For example, with the use of bruteforce attacks, which involve the automated injection of stolen username and password pairs into website login portals. Once the username and password pair are matched correctly, the hacker can fraudulently gain access to your accounts and personal information. As one of the largest vulnerabilities in any user’s system, password managers take out all the hard work and risk when operating online.
At Kaspersky, our password manager has a vault that is secured with AES-256-bit encryption (with 256 combinations available, this means it would take longer than the universe has existed for a hacker to unlock it). It also comes with a custom master password (either a password created by you, by our generator, or via fingerprint and face ID on your mobile devices). Our free version of the Kaspersky Password Manager does everything the premium version does, but it only allows you to store a maximum of 15 passwords and confidential documents.
Related articles and links: