Storing Passwords in the Cloud

Data cloud security , illustration
•••

 VICTOR HABBICK VISIONS/Getty Images

Any responsible computer user should consider security. A common security concern is password safety, and for good reason — a hacker can cause a lot of trouble if they learn your password. It might seem like passwords would be better saved on your computer than in the cloud.

The truth of the matter is that, whether you opt for a cloud-based or local computer-based storage system, you face many of the same vulnerabilities. Power outages, natural disasters, and criminal hacking can affect both your personal computer and cloud-based storage systems. Just as you can fall for phishing scams or be attacked by viruses, cloud storage systems can be, as well. Under both of these scenarios, your data is at risk.​

While there are risks that come with using password managers, and no software is perfect, experts say you're still better off using one than not.

Reasons to Use Cloud-Based Password Managers

Keep in mind that almost all cloud service providers do not give details about how they protect this data. If they were to explain how they protect your data, hackers would be able to identify vulnerabilities in the system. However, the providers do promise their customers that their information is safe, thanks to strict policies, top-notch encryption, and data centers that offer the best data protection in the industry.

While there are plenty of reasons to use cloud-based password managers, here are the top four.

They Are Easy

Password managers are convenient. You will never have to worry about remembering passwords again. You can log into any site with a simple click of the mouse.

They Are on All Your Devices

With a single password manager account, you can protect passwords used on all your devices. You can automatically sync your password data and access it at any time and from any place.

They Save You the Trouble of Creating Memorizable Passwords

The Federal Trade Commission has stated that, when people are required to change their passwords more often, they create weaker passwords. The more passwords you have to remember, the thinking goes, the more simple those passwords will be so you can remember all of them. With a password manager, you never have to remember passwords, so you can make them much more complicated. Some password managers also have password generators, which will create a secure password for you.

They Are Encrypted

All of your data is encrypted, and only you can unlock it. Password managers use strong encryption services that have become industry and government standards, so your passwords will be just about as safe as anything on the internet can be.

What to Look for in a Password Management Service

A good password management service should offer a password generator tool that helps to make strong passwords that cannot be cracked. Remember, you won't have to remember these passwords, so they can (and should) be complicated.

Your data should constantly sync with the cloud so that you'll never experience a delay while changing or adding passwords. Password managers should sync and function equally well across different browsers and with multiple devices.

This cross-platform functionality should include a smartphone-specific application that protects your mobile devices.

Last, but not least, make sure the password generator you're choosing offers a high level of security. It's unlikely that any software would dare to call itself a password manager without satisfying this requirement, but it's worth independently verifying this point. Check what kind of encryption the manager uses. It should use at least a form of AES encryption, which is the encryption used by the federal government to protect classified material.

Protecting Your Data

A password manager will only go so far in protecting your data. You can open yourself up to vulnerabilities, regardless of the password manager you use, if you aren't careful about your devices and online behavior.

Malware can be particularly devastating, and good malware does unnoticed. Use antivirus software to ensure that you haven't already become infected with malware, and then keep an eye out for shady software or phishing attempts that could install it. Another simple way to prevent malware is to regularly update your software.

It's important to run any major updates, as well as smaller patches that get released between updates.

If you do have malware, it can take screenshots or track your keystrokes without your knowledge. That sensitive information gets sent to whoever created the malware, and they can use it to figure out your passwords or find other vulnerabilities.

You can add another layer of protection by using your computer's onscreen keyboard. Use this virtual keyboard to enter any sensitive information, including the master password for your password manager. Keystrokes on the onscreen keyboard are inputted by the mouse, not the keyboard, so they're less likely to be tracked by malware.

If any service, software, or website allows you to use two-factor authentication, use it. These systems of randomized verification codes make it much more difficult for cybercriminals to log into your accounts. It might be annoying to add the extra step to your login process, but that's the price of security.

Article Sources

  1. Independent Security Evaluators. "Password Managers: Under the Hood of Secrets Management." Accessed March 19, 2020.

  2. Consumer Reports. "Everything You Need to Know About Password Managers." Accessed March 19, 2020.

  3. Federal Trade Commission. "Time to Rethink Mandatory Password Changes." Accessed March 19, 2020.

  4. LastPass. "Password Generator." Accessed March 19, 2020.

  5. Norton AntiVirus. "What Is Encryption and How Does It Protect Your Data?" Accessed March 19, 2020.

  6. Federal Trade Commission. "Malware." Accessed March 19, 2020.

  7. Norton AntiVirus. "5 Reasons Why General Software Updates and Patches Are Important." Accessed March 19, 2020.

  8. National Institute of Standards and Technology. "Back to Basics: Multi-Factor Authentication (MFA)." Accessed March 19, 2020.