A note about password storage services

Another centralized password storage service is trending in main IT mediasphere, now with a mass password reset functionality.

Although it seems cool, there is a technical catch — to be able to log you into a certain service or application, third party program needs to store your password to this service in a reversibly encrypted format. That is, if you've just purchased a password storage manager app, and up to punching in those passwords into its database (local or cloud, it matters, but mostly cloud these days), think that if the app is capable to retrieving password in it normal (non-hashed) form, then it’s not safe. Anyone, who get’s his hands on this storage manager database most likely can get all your passwords in its original form.

Some of you may have seen a TV series “Jericho”, that ran on CBS in 2006–08. Well, the outcome of the post-apocalyptic saga was that US government eventually got centralized in one city, becoming very vulnerable to a single nuclear hit.

With password storage managers, it’s the same thing, except that you may never know that all your passwords got stolen at some point.

Eventually it all comes up to corporate standards to security in an organization that developed and supports the service like this, but I would still keep in mind that our memory, is, thus far, a best place for our passwords.

I personally have two important ones that I never type anywhere other than a password input box. There are some ever-changed ones’, like Facebook password, that are getting written down in my personal space in a corporate wiki. Which is pretty bad.