We are living in the age of online or cloud services. There are thousands of them doing interesting stuff. Recently I came across some websites to store passwords and other secure information. I am alarmed. While it may seem like a good idea that you can access your secrets from anywhere behind a secure service, there are extreme risks. Unfortunately, all promises of security are (knowingly or unknowingly) fake in a cyber world… more so when things are online or in the cloud. The reasons why storing passwords in the cloud cannot be considered a good idea are:
- There is no way to certify that a security mechanism will hold against any attack
- The data is stored on a storage where you don’t have access, but someone else has
- Attacking an online service that stores passwords is more reasonable than trying to crack into an individual’s system
- The idea defeats the purpose – passwords should not be shared, in any form
- The maintainers of the service are not your friends
My personal opinion is to stay away from such services. Remember that the internet is a virtual world reeking with services which you cannot trust blindly. It’s true that remembering all you passwords is nearly impossible as long as you are not using the same password everywhere (a very bad idea). To store passwords locally you can use utilities like the multi-platform KeePassX. You can physically carry around your encrypted password database in a USB key wherever you go.