Security of Password Manager

I have been considering using Password Manager, but one question keeps holding me back. Isn't it a security risk to put all your passwords in one place? If it gets hacked, your life is fully exposed. And even worse, by sharing that data across all your devices, is t that increasing exposure?

Comments

  • Scott
    Scott ✭✭✭✭✭
    edited October 2023

    Hi @Jbass

    That can be a concern for all password managers which use servers to store and sync our data. It becomes:

    1) Who do you trust, what vendor has a good track record of not being compromised? If anything, LastPass's debacle in their being hacked how many times over the years, has helped us all to become more aware of what we're using and why.

    2) How willing are you to manually copy and paste logins from a desktop .doc that you have password protected? It is an issue of research like you're doing, to give you peace of mind as far as the convenience of a password manager.

    3) On our end, using 2FA, or a YubiKey.

    4) I believe there are password managers out there that are solely desktop based, but again, I'm not sure how they sync, if they do, to your other devices which is secure (can be locked) but very inconvienent.

    So from Bitdefender's end, we have this:


    What is a Master Password, and why do I have to remember it?

    The Master Password is the key that unlocks the door to all the passwords stored in your Bitdefender Password Manager account. The master password must be at least 8 characters long. So create a strong master password, memorize it, and never share it with anyone. To create a strong master password, we recommend you use a combination of uppercase and lowercase letters, numbers, and special characters (such as #, $, or @)


     Privacy & Security questions about Bitdefender Password Manager

     How secure is Bitdefender Password Manager? What encryption algorithm does it use?

    The highest data security is assured through the latest, military standard, cryptographic algorithms – AES-256-CCM, SHA512, BCRYPT, HTTPS, and WSS protocols for data transmission.

    Password Manager is using an end-to-end encryption system, which means all data is encrypted and decrypted only locally on your device. This guarantees that no one except the account holder who knows the master password has access to the passwords.

    Password Manager never stores or transmits the master password, which means no one else can access your vault in the unlikely event of a data breach.

    Bitdefender Password Manager is ISO 27001 and GDPR compliant.

     Could Bitdefender employees see my passwords?

    Absolutely not. Your privacy is our top priority. This is the main reason why we do not store your master password on our data servers: so that no one has access to your account, not even company employees. Every password and account are highly encrypted with the strongest data security algorithm, and the code we see simply looks like a random string of numbers and letters jumbled together.

     What would happen if Password Manager servers were hacked?

    Each password is encrypted locally on your device before it gets anywhere near our servers, so if hackers were to break into our system, they would only get pages of random letters and numbers without your key to decrypt them. This means that you and your account details are always safe with us.


    Kind regards,

    Scott

    All Bitdefender Home Product User Guides: https://www.bitdefender.com/consumer/support/user-guides/