📌
Software Security
  • README
  • Prerequisites
    • Prerequisites
  • Introduction
    • Cyber security principles
    • Basic web concepts
      • HTTP
      • JavaScript
      • Cookies
      • SQL
      • DOM
      • APIs and the multitier architecture
    • Basic browser security concepts
      • Same-Origin Policy (SOP)
      • Cross-Origin Resource Sharing (CORS)
      • Cookies
      • Tracking
    • Basic security concepts
      • Hashing
  • Access Control: Basics
    • Authentication
      • Passwords
      • Password managers
      • Attacking passwords - online
      • Attacking passwords - offline
    • Authorization
      • Insecure direct object references
    • Session Management
    • CSRF
      • CSRF: why & how it works
      • Protecting against CSRF attacks
    • SSRF
      • SSRF: how it works and how we can protect against it
  • Access Control: Advanced
    • Authentication
      • Federation
      • Alternative authentication mechanisms
      • FIDO2 and WebAuthn
  • Injection attacks
    • Injection attacks
    • SQL Injection
    • Command Injection
    • Cross-site scripting
      • Input validation
      • Context sensitive output encoding
      • About the HttpOnly flag
      • Content Security Policy
    • Subresource integrity
    • Sandboxing
  • HTTPS
    • HTTPS
    • Introduction to cryptography
    • PKI
    • Setting up HTTPS
    • References
  • HTTP Headers for security
    • HTTP Headers
  • Threat Modeling
    • Threat modeling introduction
    • Threat modeling basics
    • Inspiration for threats
  • Bringing it all together
    • A comprehensive overview of controls
Powered by GitBook
On this page
  • Password managers
  • Risk of reusing passwords
  • Source attribution

Was this helpful?

  1. Access Control: Basics
  2. Authentication

Password managers

PreviousPasswordsNextAttacking passwords - online

Last updated 3 years ago

Was this helpful?

Password managers

Password managers are programs, browser plugins or web services that automate management of large number of different credentials. Most password managers have functionality to allow users to easily use them on websites, either by pasting the passwords into the login form, or by simulating the user typing them in.

The idea of a password manager is that users can create a new password for every application they register on. Using one 'master' password, users can unlock these unique service passwords when they are needed.

As discussed in the next section, using a unique password per service greatly improves security by significantly reducing the consequences of a breach of one of the service passwords.

Risk of reusing passwords

People often reuse passwords. Reusing passwords is bad for security, since a breach of the weakest service also impacts all other services where the passwords is being used. In contrast, when each service has a unique password, a breach revealing passwords of that service impacts only that single service.

Source attribution

Some parts of this page are based on the , which is licensed under .

OWASP Authentication cheat sheet
FLOSS