Recently I tried to use RoboForm for an account at a large financial institution, but I couldn’t get it to work. In response to my inquiry, this institution said they do not permit log in using credentials that are stored on software because the security of the password could become jeopardized if my computer were hacked, invaded, etc. Is this true? Am I safer not to use tools like RoboForm?
Some believe using password managers represents a single point of failure. Very technically, they are correct: if someone gains access to your password manager, they have access to everything in it.
Not-so-technically, I strongly believe they are seriously misguided.
Using a password manager is significantly safer than the alternatives.
If I consider my computer to be physically secure, am I reasonably safe letting Firefox remember my passwords (without using a master password), or am I being incredibly stupid to do that? What if I do use a master password?
I certainly wouldn’t say incredibly stupid at all. But it’s definitely an additional risk, and one that needs to be understood.
But you’re correct in considering physical security first. The problem is that people often assume they have more physical security than they actually do.
And master passwords? Well, they’re nice, but they too have their limitations.
LastPass recently announced a couple of vulnerabilities. Although they’ve supposedly been fixed, does this mean I should stop using LastPass? Is it still secure?
LastPass is still secure.
Should you stop using it? No. In fact, let me be a little more clear: Hell No! Keep using LastPass.
I remain a strong believer in LastPass. The recently disclosed vulnerabilities – which indeed have been fixed – only affected a small percentage of users. Furthermore, there’s absolutely no evidence that the vulnerabilities were ever actually used to compromise anything.
Rather than say nothing at all, LastPass chose to be open about the discovery. I don’t want panicked over-reaction to punish them for doing the right thing.