Introduction to cyber security: stay safe online
Introduction to cyber security: stay safe online

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

Free course

Introduction to cyber security: stay safe online

2.5 Alternatives to using password managers

Using a password manager makes your life much simpler because, rather than having to remember a multitude of passwords, you only need to remember a single password and the computer does the rest.

But what if you forget that password? All of a sudden all of your passwords are unavailable. And what if your password manager’s data file falls into the wrong hands? You’d better hope your password is strong, otherwise all of your passwords are accessible to an attacker. But, what are the alternatives?

For an increasing number of websites it is possible to use your existing online accounts, such those provided by Google or Facebook, to register and log in. This approach for managing users’ account details depends on an authentication mechanism called OAuth (i.e. Open Authentication).

This method of checking a user’s identity requires the website to ask the user’s computer for some proof that the user’s identity has been authenticated by the OAuth provider (e.g., Google). This requires the user’s computer to first contact the OAuth provider where the user can input their username and password. The OAuth provider provides a digitally signed token that confirms the user’s identity.

You will learn more about digital signatures in Week 5 of the course, but for now it is sufficient to understand that in this case the digitally signed token cannot be created or modified by anyone other than the OAuth provider. Once it receives the token all the website needs to do is to check that the signature on this token is valid to confirm the identify of the user.

So using OAuth can simplify your password management because all you need to remember is the username and password for your account with the OAuth provider. However, just as with password managers, if you forget this password you will no longer have access to any of the accounts. Additionally, if an attacker gets access to this password, they will be able to access all the online systems you are able to access using your OAuth account details.

So while password managers and online authentication services like OAuth can simplify the management of your online accounts, they are not complete solutions.

Often an account will ask you for other information such as date of birth, or for memorable information or answers to security questions. For official websites such as government sites, banking, or airline sites the date of birth needs to be accurate. But for most other sites you can make up your memorable security information so that these cannot be worked out from your social media pages, and the answers could be unique for each website, e.g. Mothers name, first school, favourite pet would be different every time. To keep track of all this information you could use a spreadsheet. To keep this spreadsheet secure the spreadsheet should be stored inside an encrypted folder . For this you could use VeraCrypt: https://www.veracrypt.fr/ en/ Home.html [Tip: hold Ctrl and click a link to open it in a new tab. (Hide tip)] . Then, you only need to remember a single very strong password for the secure folder.

Next, you will look at another way of improving the security of the authentication mechanisms you use.

CYBER_B1

Take your learning further

Making the decision to study can be a big step, which is why you'll want a trusted University. The Open University has 50 years’ experience delivering flexible learning and 170,000 students are studying with us right now. Take a look at all Open University courses.

If you are new to University-level study, we offer two introductory routes to our qualifications. You could either choose to start with an Access module, or a module which allows you to count your previous learning towards an Open University qualification. Read our guide on Where to take your learning next for more information.

Not ready for formal University study? Then browse over 1000 free courses on OpenLearn and sign up to our newsletter to hear about new free courses as they are released.

Every year, thousands of students decide to study with The Open University. With over 120 qualifications, we’ve got the right course for you.

Request an Open University prospectus371