什么是密码管理器(password manager)?密码管理器(password manager)是一种加密软件,用于存储和管理您用于访问在线(access online)网站、应用程序和其他服务的所有密码和登录信息。
它不仅可以保护您的敏感数据和凭据的安全,还可以为您生成唯一且强大的密码,因此您不必在您的设备和平台上重复使用相同的密码。
将其视为一个笔记本,您可以在其中存储最有价值的登录凭据,并由只有您知道的主密钥锁定。(master key)
密码管理器的工作原理(How a Password Manager Works)
密码管理器(password manager)以加密形式存储您的密码,以保护它们免受窥探和不当访问。它还会显示您选择的登录凭据,因此您不必自己记住数百个密码,除了主密码(master password)或在某些情况下您用于登录应用程序的PIN 码。(PIN)
有些甚至允许您使用面部或指纹识别来验证您的设备,而不是输入您的主密码(master password),您可以在我们最好的密码管理器指南(password manager guide)中阅读。为了更好的安全性,根据您选择的应用程序,有些包括不同形式的双因素身份验证,例如Google Authenticator 、生物识别或基于 SMS 的。(Google Authenticator)
大多数密码管理器(password manager)应用程序都带有自动为您填写密码的浏览器扩展(browser extensions)程序,以及加密同步功能(sync feature),可让您随身携带密码并在所有 Windows、Mac、Android和 iOS 设备上使用。
安装并设置密码管理器(password manager)后,打开应用程序,将密码复制并粘贴到登录字段中,然后访问您需要的服务。
当您登录安全站点(secure site)时,密码管理器(password manager)将安装一个浏览器插件(browser plugin),该插件会捕获并重放您的密码并保存您的登录凭据。下次您访问同一站点时,该应用程序会自动为您填写登录信息。不过,并非所有密码管理器(password manager)都具有此功能。
但是,如果您为同一个站点保存了多个登录信息,该应用程序将为您的帐户提供多个登录选项。根据您选择的密码管理器(password manager)应用程序,您可以找到一个带有浏览器工具栏菜单(browser toolbar menu)的应用程序,其中包含您保存的登录信息,这样您就可以直接访问保存的站点并自动登录。
一些密码管理器(password manager)可以将您保存的数据从其他产品导入或导出到其他产品,让您在想要切换到新的密码管理器(password manager)时更容易。其他人则进一步为您的文档提供安全的在线存储,并让您与受信任的人共享您的凭据。
他们中的大多数可以标记您的重复密码和弱密码,提供(offer help)更新密码的帮助,如果您选择高级密码,它可以自动为您更改密码的过程。
密码管理器真的安全吗?(Are Password Managers Really Safe?)
随着最近发生的所有身份盗用和安全漏洞(identity theft and security breaches)案例在我们周围发生,人们会想知道使用密码管理器(password manager)是否比将敏感的登录凭据留给自己更安全。
您甚至可能听说过2015 年7 月(July 2015)发生的LastPass 黑客攻击(LastPass hacking attack),这使他们的系统经受了考验。目标是访问其密码库,尽管黑客设法进入LastPass服务器,但他们无法通过窃取用户密码。
他们的尝试没有成功,因为LastPass无法访问每个用户的密码保险库(password vault),也没有他们的主密码,这意味着密码保持加密并锁定在您的保险库中。这就是为什么为您登录的所有应用程序、网站和服务设置一个强大且唯一的密码很重要的原因。
我们中的许多人使用弱密码或重复使用我们在多个帐户上已有的密码,这使我们容易进行身份盗用和其他犯罪。
使用密码管理器(password manager),您将获得比没有密码管理器更好的便利性和安全性(convenience and security)组合,但这并不意味着它是灵丹妙药(magic pill)。
您应该采取其他安全措施(other security measures)来确保您的登录数据受到严格的安全保护,例如为您的重要帐户使用双重身份验证、在所有设备上设置锁定屏幕以及使用您信任的设备(devices that you trust)。
当您想更改为不同的密码管理器应用程序(password manager app)时,只需导出您的数据(如果该应用程序具有此功能),删除您的帐户,就可以了。
注意(Note):大多数密码管理器将您的主密码(master password)存储在本地或服务器上,但他们无法读取密码,因为它已加密。这可以保护您的数据免受泄露,但如果您忘记了密码,则无法通过公司恢复您的帐户。
值得庆幸的是,一些密码管理器可以通过提供DIY工具包来帮助您恢复帐户,但如果这不起作用(t work),那么您必须创建一个新帐户并为每个应用程序、网站或在线(website or online) 服务手动重置所有密码,然后重新(service and start)开始. 请(Make)务必阅读我们对 LastPass、1Password 和 Dashlane 的比较(comparison of LastPass, 1Password and Dashlane)。
关于使用浏览器密码管理器的一句话(A Word About Using a Browser Password Manager)
你的网络浏览器可能有一个内置的密码管理器(password manager),虽然它很简陋,但与专用密码管理器(password manager)可以为你做的相比没有任何意义。
例如,Chrome 密码(Chrome password)管理器可以将您的密码存储在您的计算机上,但它们不是加密形式。这意味着其他人可以轻松访问您计算机上的密码文件,除非您的设备硬盘已加密。
Mozilla Firefox的用户可以享受密码管理器应用程序提供的(password manager apps offer)主密码功能(Master Password feature),这样您就可以在您的计算机上加密和存储您的密码。但是,它不会为您生成(t generate)密码,也没有加密同步功能(sync feature),可让您在所有 Windows、Mac、Android和 iOS 设备上同步和使用您的登录数据。
iCloud Keychain也是如此,如果您只使用Apple设备,这非常棒,但一旦您获得使用Chrome 或 Firefox 浏览器的(Chrome or Firefox browsers)Windows 或 Android 设备(Windows or Android device),它就会变得很短。
专用密码管理器(password manager)的唯一目标是保护您的密码,这就是为什么使用一个密码管理器可以获得更多有用的功能。您的浏览器还有其他优先事项,因此几乎没有时间改进其密码管理(password management)功能。
保护您的数字生活(Secure Your Digital Life)
试图记住或记住一个由 30 个字符组成的包含文本、数字和符号的密码已经够难的了,但忘记它是一场噩梦。无需将密码保存在手机、平板电脑、计算机、文档、便笺或自动填充中,而是使用密码管理器(password manager)。这是一种更好、更安全的方法,可以让您的登录信息处于锁定状态,并且是您防止被黑客入侵的第一道防线。
What Is a Password Manager & Why Are They Useful?
What іѕ a password manager? A password manаger is an encrypted piece of software that stores and manages all the passwords and login information you use to access online sites, apps, and other services.
Not only does it keep your sensitive data and credentials safe, it also generates unique and strong passwords for you so you don’t have to keep reusing the same ones across your devices and platforms.
Think of it as a notebook where you store your most valuable login credentials, locked by a master key known only to you.
How a Password Manager Works
A password manager stores your passwords in an encrypted form to protect them from prying eyes and improper access. It also displays your selection of login credentials so you don’t have to remember hundreds of passwords on your own except the master password or in some cases the PIN you use to sign into the app.
Some even let you authenticate your device using facial or fingerprint recognition instead of entering your master password as you can read in our best password manager guide. For even better security, some include the two-factor authentication in different forms such as Google Authenticator, biometrics, or SMS-based, depending on the app you pick.
Most password manager apps come with browser extensions that automatically fill in passwords for you, plus an encrypted sync feature that allows you to carry your passwords with you wherever you go and use it across all your Windows, Mac, Android and iOS devices.
Once you install and set up the password manager, pull up the app, copy and paste your password into the login field, and access the service you need.
When you log into a secure site, the password manager will install a browser plugin that captures and replays your password and saves your login credentials. The next time you visit the same site, the app offers to fill in your logins for you automatically. Not all password managers have this feature though.
However, if you’ve saved multiple logins for the same site, the app will offer you multiple login options for your account. Depending on the password manager app you choose, you can find one with a browser toolbar menu with your saved logins so you can visit the saved site directly and get logged in automatically.
Some password managers can import your saved data from or export it to other products, making it easier when you want to switch to a new password manager. Others go further to provide secure online storage for your documents, and let you share your credentials with trusted people.
Most of them can flag your duplicate and weak passwords, offer help with updating them, and if you pick an advanced one, it can automate the process of changing passwords for you.
Are Password Managers Really Safe?
With all the recent cases of identity theft and security breaches happening around us, one would wonder whether using a password manager is more secure than keeping your sensitive login credentials to yourself.
You probably even heard of the LastPass hacking attack that happened in July 2015, which put their systems to the test. The goal was to access its password vaults, and though the hackers managed to get into the LastPass servers, they couldn’t get through to steal user passwords.
Their attempt was unsuccessful because LastPass can’t access each user’s password vault, neither does it have their master passwords, meaning the passwords stay encrypted and locked down in your vault. This is why it’s important to have a strong and unique password for all the apps, websites and services you log into.
Many of us use weak passwords or reuse the ones we already have on multiple accounts, which dispose us to identity theft and other crimes.
With a password manager, you’ll get a better combination of convenience and security than you would without one, but that doesn’t mean it’s a magic pill.
You should take other security measures to ensure your login data is kept under tight security like using two-factor authentication for your valued accounts, setting lock screens on all devices, and using devices that you trust.
When you want to change to a different password manager app, simply export your data (if the app has this feature), delete your account, and you’re good to go.
Note: Most password managers store your master password locally or on a server, but they can’t read the password because it’s encrypted. This keeps your data safe against breaches, but if you forget the password, you can’t recover your account through the company.
Thankfully though, some password managers can help you recover your account by offering DIY kits, but if that doesn’t work, then you have to create a new account and reset all your passwords manually for each app, website or online service and start over. Make sure to read our comparison of LastPass, 1Password and Dashlane.
A Word About Using a Browser Password Manager
Your web browser probably has a built-in password manager though it’s rudimentary, and nothing compared to what a dedicated password manager can do for you.
For example, the Chrome password manager can store your passwords on your computer, but they’re not in encrypted form. This means that the password files on your computer are easily accessible to others, unless your device’s hard drive is encrypted.
Users of Mozilla Firefox get to enjoy the Master Password feature that password manager apps offer, so you can encrypt and store your passwords on your computer. However, it doesn’t generate passwords for you and it doesn’t have the encrypted sync feature that lets you sync and use your login data across all your Windows, Mac, Android and iOS devices.
The same goes for iCloud Keychain, which is great if you’re using Apple devices only, but it comes up short once you get a Windows or Android device that uses Chrome or Firefox browsers.
A dedicated password manager’s singular goal is to protect your passwords, which is why you’ll get more helpful features by using one. Your browser has other priorities so there’s hardly any time to improve its password management functions.
Secure Your Digital Life
It’s hard enough trying to memorize or remember a 30-character password full of text, numbers, and symbols, but forgetting it is a nightmare. Instead of saving your passwords on your phone, tablet, computer, in documents, sticky notes or autofill, get a password manager. It’s a much better and more secure way of keeping your logins under lock and key, and your first defense against getting hacked.