Password manager

From Wikipedia, the free encyclopedia

A password manager is software that helps a user organize passwords and PIN codes. The software typically has a local database or files that holds the encrypted password data. Many password managers also work as a form filler, thus they fill the user and password data automatically into forms. Some have password generator capabilities.

In view of the rising threat of Phishing, password managers are also used as the best defense against such threats. Unlike human beings, a password manager program, which can handle automated login script is not susceptible to visual imitations and look alike websites. With this built-in advantage, the use of a password manager is beneficial to everyone, even if he or she only has a few passwords to remember. However, one must keep in mind that not all password managers can automatically handle the more complex login procedures now imposed by banking websites.

Whilst providing a user with a convenient way of storing and retrieving one's passwords, a compromised master password would render all stored passwords vulnerable. This demonstrates a common relation between usability and security: one might enjoy better security having memorized all his passwords but with cumbersome usability. Thus, some password managers, now provide means for entering master passwords, which are key logging-proof^{[citation needed]}.

Some password managers ^[1]hold passwords unencrypted in memory while access is being made to records. This poses a security risk should one obtain read privileges of the given memory segment.

Password managers come in 3 basic flavors:

Desktop - desktop software (usually a browser extension), storing passwords on a computer hard drive.
Portable - portable software (usually a browser extension), storing passwords and program on a portable drive (U3 and the like).
Web based - online password manager where passwords are stored on a provider's website.