Why I Don’t Trust Password Managers
Time for a hot take — I don’t entirely trust password managers.
I don’t think they are doing something wrong. Nor do I think they are honeypots for information. I distrust them because humans tend to be overconfident when it comes to keeping secrets.
Give me a chance to lay out my case…
The Development of Secrets
To preface, let's look at a simple example with three actors:
- Bob and Alice, the message senders and receivers. (mostly trading dank memes)
- Aidan, the asshole who’s trying to read the messages (we may really dislike Aidan, but we have to accept that Aidan is smart and persistent)
The First Messages
Simply, Bob sends Alice a message. Unencrypted and ripe for the taking.
Aidan can intercept these messages and read them in plain text. Aidan simply just has to stand in the way to get the memes he so greedily desires.
The First Encodings
Both Bob and Alice realize that Aidan is reading their dank memes. They cleverly devise a way to encode their information and share the secret of how to decipher it with each other.
This confuses Aidan at first who can’t read the messages anymore by simply intercepting them.
Aidan has to work a bit harder to determine the secret sauce behind the encoding algorithm. If Aidan is patient and witty enough he could collect a bunch of messages between Bob and Alice to work out what the secret algorithm is.
The Dawn of Encryption
Bob and Alice eventually discover that Aidan has cracked their algorithm! So they go back to the drawing board, and with the help of dedicated mathematicians and developers, develop encryption.
Now Bob sends Alice the public key to encrypt the message, and Alice sends Bob the encrypted message which Bob decrypts with his private key.
Aidan may intercept the public key but will fail to unencrypt the message. Aidan could even learn the algorithm but can’t do a thing without the private key in Bob’s possession.
This is one of the most amazing features of this method as even knowing the algorithm and the public key is not sufficient to unencrypt the message (the full explanation of which would take too long here).
The Revenge of the Nerds
However, let’s not forget that Aidan is smart and can think of ways to slowly start breaking this scheme (He’s still an asshole though).
He might make friends with mathematicians and developers to sneak clues into the algorithm to help him predict the private key.
Aidan might work to develop quantum computing to break encryption.
Perhaps Aidan has a dozen other schemes in the works we don’t even know about, which leads to my ultimate point…
The Wheel Turns
The cat-and-mouse game continues.
At some points, Bob and Alice have the advantage, and at others, Aidan has the upper hand. New processes, algorithms, and technologies are created, but the cycle continues.
Aidan is always on the move, and given enough time, will find a workaround. Bob and Alice might feel that they’re finally secure, but Aidan is always working, always making progress.
To better make this point hit home, let’s take a look at a real-life example with the Enigma machine from World War 2.
The Enigma Machine
The Enigma Machine was a device used to protect military communication by the Germans during World War 2. The British, fighting the Germans, naturally wanted to crack the code provided by this device, and after considerable effort managed to decipher the code and listen in to the Germans’ communications.
There are a lot of articles books and movies that dive into the interesting details of the efforts of Alan Turing and his team in breaking the code, but I’d like to focus on one particular implication.
Cracking the Enigma machine did not immediately end World War 2, the British had to strategically use the intercepted info to not tip off the Germans that their method was broken.
The Germans continued using the enigma machine long after it was cracked in 1941, until the end of the war in 1945! And while they came close a couple of times to discovering the ruse, it never came to light until the case files were declassified in the 1970s.
The Enigma machine was considered so secure that it was used to encipher the most top-secret messages. The Germans were certain that it could not be cracked. They had an exaggerated belief in the inviolability of the Enigma system.
While I’m glad and grateful that the British were able to exploit their overconfidence in this case but it behooves a question for all of us…
What does this mean?
So… why wouldn’t this also be a possibility for modern encryption once a government or organization found a way to break it efficiently?
Is it possible that this is already the case?
Even if we constantly improve encryption it is never a guarantee it's secure after some time has passed. Who’s to say we don’t have the same overconfidence?
This is why I personally can’t entirely trust modern encryption and password managers.
However, I’m not going to become a hermit and live in the woods. In that case, let's re-approach this from a different angle.
Breath and Regroup
So then, how should we operate assuming that modern encryption might at some point become compromised (or is already secretly compromised) but with the constraint that we still need password managers to operate effectively in the world?
I’d be interested in hearing what other ideas people have, but here’s my current approach:
One possible approach is using the following framework when creating or updating a password. The intention here is to group your passwords into sensible categories (by risk and use case) and then use alternate protocols to reduce the risk I outlined above.
Take stock
Ask yourself the following questions:
- How often do I need it? Every day, once a week, once a year?
- What does the password protect? Private data, banking data, your meme cache?
- Who else needs it? Just you, co-workers, family, or all of your friends because you refuse to pay for a Netflix account?
- How often do they need it? Every day, once in a while, only in an emergency?
- Is the password paired with Multi-Factor Authentication? With a USB key, ToTP, SMS, nothing?
Make the conscious choice
Not everything needs to go into the password manager. Not everything should go in a password manager.
Build your decision tree for determining if you will put a password into a password manager or not.
For me personally, I’d have to expect needing to use the password more often than weekly, or have the need to share it to justify using a password manager. Additionally, if the password is used to access something particularly sensitive I may make an exception (such as the password to my banking info)
Put your choice into action
Simple, for a particular password you chose to use a password manager, use that. If not then use an alternate method of your choice. My personal favourite low-tech method is the PPM method for storing passwords offline.
This framework in my view gives you the convenience of using a password manager in certain circumstances but mitigates your risk if the unthinkable does occur.
I’m more selective now when adding to a password manager. When I know I need to share a password or use it several times per week I do use a password manager.
However, I’m open to better suggestions.
Conclusion
The game is always going. Where one side is trying to protect their information and their opponents are trying to take it.
Moves and counter move in a game that we must also play so that we may be able to act securely in this world.
Remain skeptical of any security claims, because as I’ve walked through, overconfidence is the worst security strategy.
If you found this of value and fun to read please consider following me and the BACIC community. Hope to see you there for more interesting tech stories. Thanks for reading!
