I just read an interesting article about Cloud Password Security in regards to the popular LastPass software. The comment section, as it often does, inspired me to write a blog about what’s going on and why I like to consider myself a pragmatic person.
The problem is simple enough. Creating a secure password is a bit of a pain and keeping track of all your passwords is even more difficult. Thus, cloud password security programs began to sprout up. They store your passwords online in an encrypted format and allow you to access your online sites without actually risking hacking.
What Happens when the Cloud Password Security Software is Hacked?
This is the focus of the article and what generated so much debate in the comments section. It’s fairly self-evident a storage silo for secure passwords is going to attract the attention of hackers. Why spend all that time getting my password when a hacking group can access millions all at once?
Lots of people chimed in with immediate and visceral responses. No way was he or she going to trust some cloud-based password system. In many cases the commenter listed local password security as a better solution. Generate your own secure passwords, store them locally in an encrypted way. That way you don’t put your passwords in a big old pile with a million others.
Pragmatisms versus Paranoia
The thing to understand about the various commenters lashing out against cloud password security is they have a point. The suggestion of storing all your passwords locally and encrypted is marginally more secure than using an online vendor.
The problem is, of course, the vast majority of people don’t want to or are technically incapable of doing so. With online cloud password security your passwords are automatically generated and put into sites you visit, bypassing the need for you to type them in manually. For many people, this alone is reason enough to use such services.
The real problem against using locally stored and encrypted passwords is much more pragmatic. A large majority of people simply do not create secure passwords and tend to reuse the same password over and over, perhaps with a number added to the end. Many people write down a list somewhere which means even a casual visitor or repair technician can get them easily enough. One of your kids’ friends. More people are in your house than you realize.
This means for the most internet users, their information is serious danger of being hacked. Your bank information. Your photos of loved ones. Everything.
My Personal Experience
It’s frankly impossible to remember all your passwords so you’re going to have to store them somehow. Over the years, several websites to which I belonged years ago informed me that they’d been hacked. That my password information for that site was now in the hands of the hackers. No problem for me, I never reuse passwords, but a huge problem for the majority of people.
Conclusion
I actually use a locally stored and encrypted system so you’d think I’d recommend that solution for everyone. I don’t. It’s just not realistic. I’m a pragmatist. I know the system I use for myself just isn’t going to work for many other people. What’s good for me isn’t good for everyone. That’s an important little life lesson all by itself but I won’t elaborate.
Please, for your own financial security, purchase a monthly subscription to a cloud password security service. You’ll hear horror stories about it being unsafe but don’t listen. It’s safer for the vast majority of people and that means you.
Tom Liberman