20% of all internet users use at least one password that’s over ten years old. Meanwhile, another 35% of people never change their passwords. Between lousy password habits and a risky online environment, online accounts have never been at higher risk. No wonder the numbers of identity thefts, hacks, and other digital crimes keep increasing.
Now’s the time to increase your security. Two of the best ways to do this are with password managers and hardware security keys. But which one is the right option for you? Let’s discuss the pros and cons of each and help you find the easiest, most affordable, and most secure way to secure your accounts.
What is a Password Manager?
Password managers are digital vaults. It’s a software or app that you can use to generate passwords. It then encrypts and stores those passwords for you. All you need to access your vault is your master password.
It may sound a little counterintuitive. Wouldn’t put all your passwords in one place make them less, not more secure?
But here’s the difference. A password manager makes it easy to follow the best password security practices:
- Always use unique passwords for all accounts
- Make passwords of numbers, lower and uppercase letters, and special characters
- Before logging in to any site, make sure it is secure
- Never share your master password with anyone
- Change account passwords every 30-60 days
Instead of easy-to-remember passwords, you can use random passwords like “3SNRMB&dWmju7E’9fr0Op/@.” No dictionary attack would crack it. And it would take years for a brute-force attack to do it successfully. You could change your password many times, meanwhile.
Plus, since you can create unique passwords for each account, there’s a much smaller risk of exposure should one platform get hacked.
Password managers are also convenient. You can enable them to log in to your accounts with one-click. In this sense, they work much like that browser feature that keeps suggesting to save your passwords. You can also beef them up by enabling 2FA.
Password Manager: Pros
- Highly secure
- Eases the process of creating and managing long, complex passwords
- Links with other security tools like two-factor authentication and biometrics
- Compatible across platforms including desktop, browser, and mobile
- Enables secure password sharing
- Also stores information like credit card information and answers to security questions
- Auto-saves and auto-fills form data
- Backups and syncs changes across devices
Password Manager: Cons
- Doesn’t support all browsers and devices
- Single point of failure: if you lose access to your master password, then you lose access to all your passwords. Though some password managers do have backup codes or similar recover options
- Some websites may not be compatible (but you can copy/paste)
What Are Hardware Keys?
At first glance, hardware keys may seem like a technological step backward. Technologies have grown wireless and cloud-based over the last two decades. So why would you want a physical device you have to carry with you to sign-on to a web platform?
That’s because hardware keys are built with security from the start. They use advanced protocols and specialized software. It allows them to authenticate users securely. Huge companies like Google, PayPal, Lenovo, and Microsoft have all adopted this technology.
Instead of using a single sign-on or logging in with a password, hardware keys follow this approach:
- Users are authorized on supported websites using standard ID and password.
- The website server verifies password accuracy and then requests the signature (from a hardware key), usually from within the browser (third-party apps).
- The website transmits security challenges to the key and then after user confirmation transfers a one-time password generated from built-in software.
- Programs send a response to the server.
- If the answer is correct, the user can log in.
Although this process is complicated, it all happens fast. When configured correctly, using a hardware key can take less time than using two-factor authentication and OTP codes.
Hardware Key: Pros
- Extremely secure
- It doesn’t need a cellular/Wi-Fi connection to the internet. All necessary data stays on the device
- Easy to use. Connect the hardware key to a USB port and press a button or input PIN
- Compatible with many sites and pieces of software
Hardware Key: Cons
- Not that common. Only available on some websites and platforms since the standard is quite new
- U2F hardware keys are only compatible with the latest versions of Chrome
- Many companies block connections between USB ports and internet-apps to lower security risks
- Usually only configured for 1-2 sites, so it doesn’t cover all digital security needs
- It’s easy to forget that you’ve plugged a token into a computer and walk away, creating another security risk
- Relatively pricey — the cheapest keys start at around $25
- The USB connection makes keys vulnerable to malicious code and trojans
Password Managers vs. Hardware Keys: Which One is Right For You?
Hardware keys are exciting, new forms of technology. But they still have limited capabilities, security risks, and other issues. Plus, they may be too much of a hassle for an average person.
Meanwhile, password managers offer much more robust functionality as well as convenience. There is no physical device, so you never have to worry about losing it. Likewise, their cons are pretty minor. As long as you keep your master password safe (and strong), you never lose access to any of your accounts.
Finally, they’re not mutually exclusive. For the highest levels of security, you can use both password managers and hardware security keys. It is worth it for financial accounts, especially cryptocurrencies. They need heightened security around their coin storage and transmission.
Get started with a password manager to begin taking advantage of their amazing benefits. But don’t forget to keep an eye out on hardware keys. As they develop more features and functionality, don’t be surprised if they become universal.