Posted on 23rd February 2019 - Takes 2 minutes to read
I recently saw several articles that mentioned research into how password managers store your secrets in memory. Some of the results were not great. Several password managers were reported as leaving some or all of your secrets in memory, as plaintext, even after they have been used.
Obviously, this is not ideal.
However, this absolutely does not mean that we should abandon password managers. Password reuse, in other words, people using a password on one website or service that they use on others, is becoming the most common way for malicious actors to gain access to your online accounts. They people get your email address and password from one of the many data breaches that occur, and then just use those same credentials on other sites to see if they can gain access. Too often, they can.
Using password managers gets around this because it makes password reuse unnecessary. Most people use the same password in many places because it makes it much easier to remember. That's a problem in and of itself. If you need to remember all your passwords, you are already doing something wrong.
A password manager lets you remember only a single password. This one password unlocks a secure 'vault' containing all the passwords you use. Since you don't need to remember these passwords (because they're all stored for you), they can be things you couldn't possibly remember. Really secure things - like 30+ characters of gibberish with all kinds of numbers, letters, and special characters.
As 'Taylor Swift' rightly says, stop reusing your passwords. Keep using password managers.
YOU NEED TO STOP REUSING YOUR DAMN PASSWORDS BEFORE YOU CAN WORRY ABOUT LOCAL MACHINE MEMORY MANAGEMENT HYGIENE OF PASSWORD MANAGERS AGAINST ATTACKERS THAT HAVE RAW RAM ACCESS BUT SOMEHOW ARENT JUST MONITORING YOUR KEYBOARD DRIVER pic.twitter.com/kaZfjOKZUA— SwiftOnSecurity (@SwiftOnSecurity) February 23, 2019