26 julio, 2024

What is a password manager? | Bootcamps

Do you know what a password manager is, how it works and what this tool is used for in cybersecurity? He password storage of users is as important as their creation. A very secure key is of no use if the way it is stored is vulnerable to third-party access. What is the correct way to store passwords and what tools exist for this? We’ll see now What is a password manager and how do these applications work?.

What is a password manager?

A password manager is an application that allows you to create and store secure keys for all your internet accounts., which will be protected by a single master password that only you should know. This tool has become popular, along with VPNs, to improve the security of the different types of users on the Internet.

Password managers are useful because It is too difficult to develop long, secure and different keys for each application account we have. Plus, it would be a real problem to figure out how to store them correctly. Although a programmer can create a software independent for this, there are services that have been created especially with this function.

Password managers have free or paid versionswhich offer some services, such as:

Generate long and random passwords. The length and randomness of a password are the two aspects that most reinforce its security. It is practically impossible to create a strong and different password for each account without using a program to do so.Encrypted password storage. These programs do not store passwords in plain text form, but rather their encrypted versions, which can only be decrypted using a master password and is the only one that the management application has access to.Multi-factor authentication. Some password managers allow you to verify the user’s identity with a two-factor, in addition to the master key.Store payment data in a safe way.Share passwords safely with other users.Monitor database leaks on dark net sites.

Some password managers Popular payment options are:

Dashlane.RememBear.1Password.LastPass.Nordpass.Keeper.RoboForm.StickyPassword.

There are also password managers Open Sourceas:

KeePass.Bitwarden.Passbolt.Psono.Teampass.

How do password managers work?

Now you know what a password manager is and why it is recommended to use this type of tool. softwarebut How do they work and why do they allow you to store passwords securely?

A password manager works through an encrypted database which can only be unlocked with a master key that is created by the application client. The administrator stores this key securely, using hashing special for passwords in your general database. In this way, the application does not have access to the passwords of the user accounts, only the function hash of your master key.

What is password hashing?

Now you know what a password manager is and how it allows store sensitive data securely. Next, we will delve deeper into the concept of hashing for passwordswhich is the method these applications and other secure databases use to store sensitive user data and passwords.

Hashing

The functions hash or summary functions are results of mathematical algorithms that allow you to derive a fixed size data string to represent your source data. There are functions hash safe for passwords that are irreversible and, therefore, it is not possible to know which password it corresponds to if you only have the function.

Salting

The problem with functions hash the thing is may be susceptible to a rainbow table attackwhich is based on comparing a series of functions hash precalculated with that of the password to be decrypted. To avoid these attacks, a technique known in cryptography as salting.

He salting in cryptography it means add random data to user passwords before applying the function to them hash to store them. In this way, the rainbow board attack can be completely avoided. However, it is worth clarifying that the salting It does not increase the security of a strong password, nor does it protect a too-easy one, which is very susceptible to a brute force attack (for example, «hello» either «1234«).

Key derivation function

Understanding what a key derivation function algorithm is is useful for understanding what a password manager is, since many work with this system to store the master keys.

A key derivation function is an algorithm hash with HMAC authentication, which repeats a number of “N” iterations on itself. Typically more than 5,000 iterations are executed, so hashes totally safe to store. In addition, the users’ password is also combined with salting to make it even safer.

How to learn more?

You already know what a password manager is, how it works and why it is recommended to use it. If you want to learn more and become a cybersecurity expertdo not miss the best course for you: our Full Stack Cybersecurity Bootcamp! With this intensive training you will be able specialize in ethical hacking in less than 7 months. What are you waiting for? Sign up now!

Deja una respuesta

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *