Explore Password Management An option to password management has been browser ex

Question

Explore Password Management

An option to password management has been browser extensions that generate passwords. Instead of storing user-created passwords, these extensions transparently combine multiple elements (such as the username, master password, and site’s domain name) into a single site-specific password. The user begins by entering their username and master password, and then the extension generates their site-specific password. The remote site only sees a domain-specific hash instead of the master password itself.

Password managers are continually changing and developing. They used to just keep your passwords in an encrypted vault. Now you have options. You can sync, keep them local, change with a click, and much more. The best password managers come with some flexibility.

Recently posted was this article: https://lifehacker.com/5529133/five-best-password-managers listing the five best (recommended by users) password managers as LastPass, Dashlane, KeePass, 1Password, and Roboform 8.

Lab Instructions

Explore one password manager of your choice (does not have to be in the list above). If you already use a password manager, use that one.

Answer the following questions (4 points each):

(1.5 spacing, size 11 or 12 font)

What are 3 benefits to a password management system? What are 3 concerns to using one?

What are 3 of the key features to this PM option?

What elements do they incorporate to insure security? (i.e. why should you trust this product?)

Where is the data stored?

Who would be the primary users of the product you selected?

Explanation / Answer

I have explored the LastPass

What are 3 benefits to a password management system? What are 3 concerns to using one?

Benefits:
1)No need to remember password
2)Its available to every devices that used , if you enable the sync
3)Password stored in encrypted form

Concerns:
1)in cases of storing the password on cloud there might be chances of leak
2)What if service provider intentionally misuse its?
3)your stored credentials get stolen without your knowledge by a random malicious website you visit or by malicious Ads.

What are 3 of the key features to this PM option?
1)LastPass supports MFA (like google authenticator, USB device)
2)It offers to stored creds on your local devices or on cloud.
3)It enterprise version offers much features like AD integration, custom policies, single sign on.

What elements do they incorporate to insure security? (i.e. why should you trust this product?)
LastPass is SOC 2 Type 1 compliance.
They do regular tests and penetration testing for possible threats
They offer big bounty on finding the valid bugs which help to get feedback from lots of end users.
Sensitive data is encrypted at the device level with AES-256 before syncing with TLS to protect from man-in-the-middle attacks.

Where is the data stored?
LastPass offers multiple scenarios for password storing
you can store it locally
you can store on their cloud
you can store in other clouds

Who would be the primary users of the product you selected?
Primary users depends on type of org.
And org that thay have critical creds and they can store it.
Primary users may be all employee

Related Questions

Navigate

• Browse (All)
• Browse E
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.