Nice post on an important topic! One comment. Afaik, Google Chrome’s password manager is NOT an encrypted store. I understand this is an active decision by Google as they consider your device password your “protection” and don’t want to provide a false sense of security. Problem is many people have weak device passwords and also remote access may allow hackers to gain access to the device / your Chrome, and therefore ALL passwords in your manager. This doesn’t meet my muster so I recommend against Chrome’s password manager. Here’s a Quora that appears to validate my thinking but I accept things may have changed since. I personally use BitWarden, as it’s the most trustworthy I can find, free for the most common features and the interface has improved over recent years.
Security awareness is hard to hammer into people’s heads and scams are getting more and more sophisticated. I got tired of repeating these messages for my friends and family to be safer online, and so wrote a guide for this. Fully intended as a PSA, no monetisation or benefit to me, just to share and help people be safer, so feel free to share.
The main downside of an encrypted password store is that you lose all your passwords if you forget the main password. I think for most people this is enough more likely than being hacked through your password manager that it’s not worth it.
I agree that this is a risk, but I’m not sure whether it’s the main risk. Another risk is that if somebody gets access to the encrypted store, they can use it to steal all your passwords.
Nice post on an important topic! One comment. Afaik, Google Chrome’s password manager is NOT an encrypted store. I understand this is an active decision by Google as they consider your device password your “protection” and don’t want to provide a false sense of security. Problem is many people have weak device passwords and also remote access may allow hackers to gain access to the device / your Chrome, and therefore ALL passwords in your manager. This doesn’t meet my muster so I recommend against Chrome’s password manager. Here’s a Quora that appears to validate my thinking but I accept things may have changed since. I personally use BitWarden, as it’s the most trustworthy I can find, free for the most common features and the interface has improved over recent years.
Security awareness is hard to hammer into people’s heads and scams are getting more and more sophisticated. I got tired of repeating these messages for my friends and family to be safer online, and so wrote a guide for this. Fully intended as a PSA, no monetisation or benefit to me, just to share and help people be safer, so feel free to share.
https://sec.terminusfoundry.com/
Wrote it for two main audiences:
If you don’t know much about security, but want to be safer and don’t know where to start.
If you’re a techie and scared about the safety of your loved ones, and want a helpful lesson plan to guide you through making them safer.
This is evergreen and I frequently add things, so would love feedback!
The main downside of an encrypted password store is that you lose all your passwords if you forget the main password. I think for most people this is enough more likely than being hacked through your password manager that it’s not worth it.
I agree that this is a risk, but I’m not sure whether it’s the main risk. Another risk is that if somebody gets access to the encrypted store, they can use it to steal all your passwords.