When a Password Manager might not be a good option for you
How Password Managers protect your digital identity
Most of the information and assets that we have these days are either digital or stored and accessed via digital means.
It doesn’t matter whether we’re speaking about critical information such as access to our bank accounts, digital wallets, investment portfolios or company shares or more trivial things such as access to certain social media platforms and web portals.
With our increasing digital footprint, the problem of storing and protecting the access details to these digital assets is becoming more pressing.
How do we keep track of all our passwords for so many different digital portals?
How do we ensure that we can easily store and retrieve these passwords?
How do we ensure that the passwords are stored safely and protected appropriately?
How do we ensure that our family will get access to these passwords and assets if something happens to us?
Password managers aim at answering these questions and solving these problems.
They enable users to store their passwords for the various web sites, financial portals, digital wallets and social platforms, allow for easy update and retrieval of these passwords, and provide a high level of security and protection – especially when compared to storing these passwords unencrypted in a Google Drive document or on your computer.
How Password Managers work
Password managers have several distinct features. Let’s take a closer look at them.
Master password for end-to-end encryption
The first thing that password managers ask you to do is to enter a master password. This password is used to encrypt the data in your password manager, in other words, to encrypt the passwords that you enter.
You might ask yourself why password managers don’t encrypt passwords and data that users store with traditional encryption methods? Neither your bank nor Google ask you for encryption passwords, and we can assume with a high degree of confidence that their security level is still extremely high. Some might argue it’s higher than the password managers themselves!
The answer lies in the marketing of the password managers. Many of them claim that by encrypting the data with your master password, no one else can decrypt and read it because they don’t store it. They claim that even the password managers themselves cannot decrypt and read your data.
Apart from the obvious risk that if you lose or forget your password, your data is lost, it is an open question whether such a statement about end-to-end encryption and not storing your master password is actually true. Many password managers allow you to reset your password if you forget it. But if my data is encrypted (and thus can be decrypted only with my previous master password), how, with my new and very different password am I still able to decrypt my data…?
The same goes for the sharing of your data. Most password managers enable you to share your data with certain people, e.g., your family. But how do they actually decrypt and read your data without having your master password?
Any IT security company will tell you that most of the claims password managers make about not storing your master password and being unable to read your data are… a bit exaggerated, one might say. So take these claims with a big pinch of salt.
Autosafe and autofill of your passwords
A very useful feature of password managers is that they enable you to automatically save your passwords into the password manager whenever you go to the login or sign-up screen of a website or app.
This is very convenient to ensure that the data in your password manager is up to date.
In reverse, password managers also enable you to enter autosaved passwords back into these websites and applications the next time you want to log in.
Any Device, Anywhere
You can use the password manager from any device and anywhere – as long as you remember your master password, of course.
You don’t need to worry if you change your computer or mobile device, for example. Your passwords will still be there in the password manager.
So password managers are really good for protecting your digital identity, but they also have several major shortcomings. First, let’s review them and then see how these can be avoided.
Shortcomings and risks of Password Managers
Access for your family if something happens to you
It’s true that some password managers enable you to share your passwords with family members, but that doesn’t solve the problem of their having to remember the access details over the years. If something happens to the user 10 or 20 years from now, the family members must remember the shared access credentials. That’s quite a burden, especially if your family members are elderly parents, younger siblings or children, or simply people who are not IT proficient.
All of this creates the risk that if something happens to you, your family members won’t be able to access your information. Not ideal, for sure.
Big legal risk for impersonation
Some password managers enable users to share their passwords with family members or people of their choice.
This nevertheless presents a big legal risk as most online accounts have clear statements in their Terms and Conditions that no one except the account owner can access them.
If you provide access to someone else, and this person tries to enter your online banking account, for example, this is a legal risk for the person accessing as, in most countries, this is considered impersonation and a criminal act. Impersonation is when someone pretends to be another person.
If something happens to you and your loved ones try to access your accounts with the shared passwords, this might bring more harm than good to your family.
Autosave and autofill don’t work on all platforms
These two capabilities are particularly fragile when working on mobile phones. The problem is that if they work 50% of the time, it is very difficult to know which of the stored passwords are up to date in your password manager and which are not.
So effectively, even if it works 50% of the time, you need to update your passwords manually in the password manager to ensure all of them are current.
False claims that they don’t have access to your data
We’ve already talked about this risk. Most password managers claim that they don’t store your master password and even they can’t decrypt and read your data. While some actually comply with that statement, many others, even some of the biggest password managers, don’t. They actually store your master password and can read and decrypt your data any time.
An easy test for this is resetting your master password. If my data is encrypted with my previous master password, how does it suddenly become decrypted and available with my new password?
Another experiment to test this is sharing data with other people who can read it without having your master password through which your data is encrypted.
All of these are signals that the password manager is, in fact, storing your master password and can read your data. We won’t argue about whether this is good or bad, as your bank doesn’t encrypt your data with a master password either but you use your banking every day and your bank still ensures a very high level of security.
The most important question is, if these password managers lie about that, which of their other claims are false?
Take these claims with a pinch of salt and always consult with a friend or a company that is familiar with the IT security domain.
How the shortcomings of Password Managers can be solved
The good news is that many of these shortcomings can be easily solved by using a Password Manager with Digital Inheritance. They have multiple benefits:
Detecting a fatal event and proactively informing beneficiaries about the assets
The most important advantage of digital inheritance services is that they detect when a fatal event has happened to the user and proactively inform the designated family members about each password or asset relevant to them.
This way, your loved ones are spared the burden of remembering the access details. The digital inheritance service will proactively inform them, so they will know about these passwords and assets and how to identify and locate them.
Protecting both password and assets
Password Managers with Digital Inheritance protect not only your passwords but also your digital and financial assets.
They enable you to designate your loved ones as beneficiaries and assign passwords or assets to each of them, and the service protects them both.
This way, you have a single pane of glass for your digital world: cataloging your assets and passwords, being able to track and monitor them, and also ensuring that your hard-earned money will end up with your family if something happens to you.
Digital Wills – Password Manager combined with Estate Planning
Some Digital Inheritance services enable you to create a Will online through a Digital Will service.
This way, you can link your assets and passwords to your beneficiaries with actual Digital Will.
This will further ensure that your loved ones will be able to identify and locate your assets and they will be helped in the process of inheriting them.
