|
A password manager is a software application that helps a user store and organize passwords. Password managers usually store passwords encrypted, requiring the user to create a master password; a single, ideally very strong password which grants the user access to their entire password database. Some password managers store passwords on the user's computer, whereas others store data in the cloud. While the core functionality of a password manager is to securely store large collections of passwords, many provide additional features such as form filling〔Rubenking, Neil J. (11 March 2011). ("Six Great Password Managers" ). PC Magazine. Retrieved on 10 August 2014.〕 and password generation.〔Parker, Jason (11 April 2014). ("Take control of password chaos with these six password managers" ). CNET. Updated 7 August 2014. Retrieved 10 Aug 2014.〕 ==Advantages== The advantage of password-based access controls is that they are easily incorporated in most software using APIs available in many software products, they require no extensive computer/server modifications, and that users are already familiar with the use of passwords. While passwords can be fairly secure, the weakness is how users choose and manage them, by using: * simple passwords - short in length, that use words found in dictionaries, or don't mix in different character types (numbers, punctuation, upper/lower case), or are otherwise easily guessable * passwords others can find - on sticky notes on monitors, in a notepad by the computer, in a document on the computer, whiteboard reminders, smart device storage in clear text, etc. * the same password - using the same password for multiple sites, never changing account passwords, etc. * shared passwords - users telling others passwords, sending unencrypted emails with password information, contractors using same password for all their accounts, etc. * administrative account logins where limited logins would suffice, or * administrators who allow users with the same role to use the same password. It is typical to make at least one of these mistakes. This makes it very easy for hackers, crackers, malware and cyber thieves to break into individual accounts, corporations of all sizes, government agencies, institutions, etc. It is protecting against these vulnerabilities that makes password managers so important. Password managers come in five often-combined flavors: * Desktop - desktop/laptop software storing passwords on a computer hard drive. * Portable - portable software storing passwords and program on a mobile device, such as a PDA, smart phone, or as a portable application on a USB memory stick. * Token - credentials are protected using a security token, thus typically offering multi-factor authentication by combining "something the user has" (smart card or USB stick) , "something the user knows" (PIN or password) and/or "something the user is" (biometrics - such as a fingerprint, hand, retina, or face scanner). * Web-based - Online password manager where passwords are viewed and copied to/from a provider's website. * Cloud-based - Online password manager where credentials are stored on a service provider's servers on the Internet, but handled by password management software running on the client's machine. * Stateless - Passwords are generated on the fly from a master passphrase and a tag using a key derivation function. Password managers can also be used as a defense against phishing and pharming. Unlike human beings, a password manager program can also incorporate an automated login script that first compares the current site's URL to the stored site's URL. If the two don't match then the password manager does not automatically fill in the login fields. This is intended as a safeguard against visual imitations and look-alike websites. With this built-in advantage, the use of a password manager is beneficial even if the user only has a few passwords to remember. While not all password managers can automatically handle the more complex login procedures imposed by many banking websites, many of the newer password managers handle complex passwords, multi-page fill-ins, and multi-factor authentication prior. Password managers can protect against keyloggers or keystroke logging malware. When using a multi-factor authentication password manager that automatically fills in logon fields, the user does not have to type any user names or passwords for the keylogger to pick up. While a keylogger may pick up the PIN to authenticate into the smart card token, for example, without the smart card itself (something the user has) the PIN does the user no good. However, password managers cannot protect against Man-in-the-browser attacks, where malware on the user's device performs operations (e.g. on a banking website) while the user is logged in while hiding the malicious activity from the user. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「password manager」の詳細全文を読む スポンサード リンク
|