Over the past few weeks, several well-known password managers have reported being hacked.The first case concerned LastPass. According to its CEO, hackers managed to steal confidential information from the user database. Another case, more recent, this time concerningNorton, one of the leading companies in IT security. This admitted to having been plundered by hackers, who dug into the databases of users of Norton Password Manager, the in-house password manager.
All this is not reassuring, especially when you are a regular user of such a password management program. Knowing that in addition, this, often paid for, generally contains extremely sensitive information, bank accounts, cryptocurrencies, professional secrets, etc.
The same weakness: online storage
It must be understood that a large part of these password management services share the same Achilles heel: the storage of user safes.on their own servers. What better target for a hacker: a server full of sensitive data from thousands of people, to be decrypted, certainly, but sometimes without much effort required. Hence the interest, already, in choosing a password for its manager that is as long and complex as possible.
In any case, this is why, if you want to minimize the chances of your bank details leaking into the wild following a security breach on one or another platform, the solution is very simple:host your passwords locally.
© 1Password
More secure alternatives
There are alternative applications to 1Password, LastPass and other Dashlane, which offer just as many possibilities, but which above all allow you tostore the safe locally. Take the case of Enpass for example, my favorite password manager app. It offers several solutions for synchronizing your safe between a Mac and an iPhone: you can choose several cloud services to place your encrypted file there, Dropbox, Google Drive, Box, for example. But you can also choose the local synchronization functionality via Wi-Fi. This means that no data is transmitted to any third-party server. The transfer is done between your Mac and your iPhone directly.
Enpass sur iPhone © iPhon.fr
Another possible alternative solution is the use of an in-house server. Enpass can indeed synchronize the safe via WebDAV server or evenNextCloud.
Enpass is available on macOS and iOS. And even if in my opinion it is one of the best managers on the market, it is not the only solution allowing synchronization of safes without going through third-party servers. Here are others that we would always recommend more than a 1Password, Lastpass, Dashlane or equivalent service storing user safes on dedicated servers:
And don't forget to use strong, complex and, above all, long passwords (at least 25 characters).
i-nfo.fr - Official iPhon.fr app
By : Keleops AG
Editor-in-chief for iPhon.fr. Pierre is like Indiana Jones, looking for the lost iOS trick. Also a long-time Mac user, Apple devices hold no secrets for him. Contact: pierre[a]iphon.fr.
