Pages

Password Managers Claim to Not Know Master Passwords, but Are They Telling the Truth?

Creating a unique password that can’t be cracked through brute forcing simply doesn’t cut it anymore. Nowadays, people have to use a variety of cybersecurity methods because of the fact that this is the sort of thing that could potentially end up protecting their personal data and privacy online. Using password managers has become a popular choice in that regard. These password managers can autofill your passwords in for you, and they usually have a master password that you can use to access them.

These password managers claim that they use Zero Knowledge architecture which allows them to keep your data secure and prevent even them from accessing it. In spite of the fact that this is the case, a lot of people seem confused as to how this can occur. If they have the data, don’t they need to access it to fill in your passwords. PCMag and Keeper Security recently got together to help inform people about whether nor not password managers are telling the truth.

With all of that having been said and now out of the way, it is important to note that hashing algorithms have a huge role to play in how they work. This algorithm can encrypt information and data, but it does not have the capability of decrypting it. They only work in one direction, so a completely different system is required to move in reverse.

Password managers are not the only types of software that use hashing algorithms. They compare malware files to each other whilst not having to share the files, and that makes the comparison process much safer than might have been the case otherwise. A match between hashes confirms that the underlying data is also a match, all whilst keeping the data itself private.

That’s not to say that hashing algorithms are entirely fool proof. If a malicious actor were to get their hands on the hashing algorithm, they would be able to glean lots of passwords from the database. The hashing process itself cannot be reversed. But some passwords can still slip through the cracks if attackers manage to match them with the ones that they are using in their brute force attempts. Such attacks can be prevented through a complex process which adds something called “salt” to the hash.

One misconception among password manager users is that they believe the data goes directly into a database after they set up their master password. That is not exactly what occurs. Rather, the password manager uses a unique algorithm to create an encryption key for the master password. They itself is further obscured through hashing. The hash is paired with your username and both are then finally sent to a database which has a further layer of encryption.

This is when the app will encrypt your master password directly by creating a new key that will be used for encrypting and decrypting it. There are layers upon layers of cybersecurity that go into password managers. Even if the developers behind these apps wanted to access the private data on their servers, they simply would not be able to and that makes them safe to use.


Read next: The Most Popular Passwords Reveal the Sorry State of Cybersecurity

No comments: