Cloud based password managers can’t be secure

emailWe are living in the age of online or cloud services. There are thousands of them doing interesting stuff. Recently I came across some websites to store passwords and other secure information. I am alarmed. While it may seem like a good idea that you can access your secrets from anywhere behind a secure service, there are extreme risks. Unfortunately, all promises of security are (knowingly or unknowingly) fake in a cyber world… more so when things are online or in the cloud. The reasons why storing passwords in the cloud cannot be considered a good idea are:

  • There is no way to certify that a security mechanism will hold against any attack
  • The data is stored on a storage where you don’t have access, but someone else has
  • Attacking an online service that stores passwords is more reasonable than trying to crack into an individual’s system
  • The idea defeats the purpose – passwords should not be shared, in any form
  • The maintainers of the service are not your friends

My personal opinion is to stay away from such services. Remember that the internet is a virtual world reeking with services which you cannot trust blindly. It’s true that remembering all you passwords is nearly impossible as long as you are not using the same password everywhere (a very bad idea). To store passwords locally you can use utilities like the multi-platform KeePassX. You can physically carry around your encrypted password database in a USB key wherever you go.

4 thoughts on “Cloud based password managers can’t be secure”

Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s