Store Your Password in Phone: There are three categories of people: some remember passwords or write to notepad, others trust the browser, and others use password managers. Interestingly, despite the explosive evolution of software over the past few years, many people can still be found in the first category.
HOW TO STORE PASSWORDS IN NOTEPAD
With a notebook, I think everything is clear – I wrote it down, put it on the table, hackers won’t get there! It is a completely different matter with a notepad program and saving it to a text file on a phone or computer. Text files with passwords are the tidbit for hackers, viruses primarily scan the file system for files with the name “passwords.txt” or something like that. Store Your Password in Phone
But, in principle, you can contrive and still keep something confidential in a regular notebook. In this case, simply archive the “.txt” file into the archive with a complex password (from 10 characters, capital and small letters, numbers, one dash or dot), archive with a password is a pretty big obstacle for attackers.
The second method is to encrypt data “in a personal way”. For example, you come up with the fact that the first and last character in all passwords is reversed.
Thus, the person who has access to the file will not be able to use it if he does not recognize your “secret”. By combining these two tricks, the security of password storage is quite high, but there are a lot of difficulties and inconveniences.
For many years, the browsers Google Chrome, Mozilla Firefox, Opera, etc. offer to save the password for the site in their database and then automatically substitute it at the next login. The position of the browser developers themselves is such that it SHOULD NOT introduce strong password protection in the browser and leave it at the level of security of access to a smartphone or Windows account Store Your Password in Phone.
This means that if a hacker, colleague, or even a family member gains access to the device and logs in, he will gain access to your sessions and passwords.
Otherwise, the password in the browser is stored, of course, in an encrypted form and other programs cannot just copy it. But the location of the data files is known, and so that passwords cannot be decrypted, it is necessary to set a master password: the main password that encrypts the remaining passwords.
It turns out that you can save logins in browsers if you have access to the device only. But there are a number of significant disadvantages:
- A virus that has gained access to the operating system or RAT Malware (remote device control) will be able, if not steal, then access services from your device on your behalf;
- To synchronize passwords on smartphones Android, iOS and a computer, you need to use the same browser and only one browser;
- It is impossible or difficult to export passwords from the browser, then to import them into another browser;
- It is impossible to save passwords in applications on a smartphone or in Windows programs;
- It is impossible to set a password if the address or site design has changed;
- It is not possible to recover passwords in an emergency, such as in the event of death.
Password Manager is a special application for Android and iOS-smartphone or a computer program that stores passwords and other confidential data from sites, applications, and programs Store Your Password in Phone.
The password manager pops up when you enter a new login/password to save it, and appears when you need to enter a previously saved password. Let’s see how password managers solve browser weaknesses.
If the user is inactive for a certain amount of time, or after each phone unlocks, a master password is asked. This approach avoids the unauthorized filling of passwords on sites and applications.
Since the master password is not convenient to enter each time, some applications, such as RoboForm, provided a four-digit PIN instead of a password. But with long inactivity or after rebooting the phone, the full master password will be requested Store Your Password in Phone.
There is an important “nuance” here. Managers work by the principle of “zero-knowledge” or “evidence with zero disclosure”. This means that only you can see the stored passwords, the service staff, with all their desire, cannot access and decrypt the data (this is a matter of confidentiality).
But if you lose the master password, you completely lose all saved passwords! There is a loophole in the form of emergency access, more on that below.
For older Android smartphones, you need a separate extension application for each browser so that you can automatically fill in the fields in the browser. But on devices with Android OS higher than 4.3, the application can fill in passwords both in browsers and in ordinary applications.
For this function to work, you need to enable the work of the password manager service, for example, Dashlane or RoboForm, in “Settings -> Advanced -> Special. Features -> On. “
All password managers can export data to a CSV file so that later they can be downloaded to another account or to another password management program. Some programs, such as Dashlane, can import passwords without intermediate uploading to a CSV file, often it is called one of the best password managers.
Another distinctive feature of the Dashlane manager is the group change of passwords, i.e. in one window you can change passwords in bulk, replace weak passwords with protected ones.
It’s not convenient to talk about death, but what will happen to “acquired overwork”, with access to services, wallets, contacts in case of death or accident? And if the device itself is destroyed or stolen? For such cases, password managers, for example in the same Dashlane or Roboform, have the “Emergency Access” function.
In your right mind, you set a period of inactivity and contact for backup access, it can be your secret email, in case you lose your master password.
Then the server of the password manager monitors the activity of the account, and when they notice that during the specified period, for example, 7 days, you did not use the manager, an email is sent to the specified email with an explanation of what happened and instructions on how to access all your passwords.
In my opinion, brilliant! The only thing if the backup contact is not aware of what happens at all is that it can consider the message as spam, an attempt to phishing (I would think so) or skip it in the Spam folder.