Password managers come in three basic flavors:
Password managers can also be used as a defense against phishing. Unlike human beings, a password manager program, which can handle automated login script is not susceptible to visual imitations and look alike websites. With this built-in advantage, the use of a password manager is beneficial even if the user only has a few passwords to remember. However not all password managers can automatically handle the more complex login procedures imposed by many banking websites.
The master password can also be attacked and discovered using key logging or acoustic cryptanalysis. Some password managers claim to provide means for entering master passwords which are key logging-resistant.
A compromised master password renders all of the protected passwords vulnerable. This demonstrates the universal relation between usability and security: one might enjoy better security having memorized all passwords, but the effort is inconvenient and usually annoying.
A password manager may hold passwords unencrypted in memory while access is being made to records. This is a security risk should an attacker obtain read privileges for the memory involved.
The advantages of online password managers over desktop-based versions are portability (they can generally be used on any computer with a browser and a network connection, without having to install software), and a reduced risk of losing passwords through theft from or damage to a single PC. The damage risk can be largely mitigated by taking steps to ensure usable backups, though this raises the issue of who has access to the backup media and to the passwords it contains.
The major disadvantage of online passwords managers is inherent and unavoidable since the passwords (including the master password) are sent over the network, from which they may be copied unnoticeably during transit, and are stored on server computers using software and hardware over which the password owner has no control and from which the protected passwords might be obtainable by an attacker. Fraud in the first instance is also possible; this is a variant of a phishing attack. is The degree of trust required is high and is hard to justify. The history of security breaches and of loss of centrally stored information (eg, in multiple adn increasing infamous incidents of identity theft) do not inspire confidence.
The use of a web-based password manager is an alternative to single sign-on techniques, such as OpenID or Microsoft's Windows Live ID scheme (formerly Passport), or may serve as a stop-gap measure pending adoption of a better method.
Lieberman Software's Random Password Manager Receives Editor's Choice Award from Military Embedded Systems Magazine.
May 13, 2010; Lieberman Software Corporation, the enterprise leader in privileged identity management, announced that Military Embedded Systems...