Blog

Not all Password Managers are safe but we need one

Passwords are unequivocally the most used entry point to anything online, and the most unsecure. Users know this. Companies know this. And hackers certainly know this. To create complex passwords is important, but managing them – remembering them, updating them, etc. – is cumbersome. Password managers help, but are they secure? Given the rampant data breaches that seem to occur every few weeks – and those are only the ones we hear about – how can giving all your passwords to a password manager be smart? Forsaking security for convenience: is there a better way?

Let us dissect why passwords aren't going anywhere – at least not yet, as well as a novel solution to solving the problem of password management while still maintaining security.

Download Full PDF Article

 

The Smart Way to Create & Retrieve Passwords To Avoid Getting Hacked

Nearly 67% of CISO’s (Chief Information Security Officers) surveyed confirmed their blaring concerns about their companies falling prey to data breaches and cyber security attacks. If you don’t treat this seriously, your job could be at risk.  And a secure password is the first line of defense to avoid getting hacked.

As cyber hackers become more advanced in their skills, and tech companies, with all of their best intentions, embrace a ‘transparent’ and ‘agile’ way of operating, data breaches and password leaks are inevitable occurrences.

From a business perspective, this could mean:

  • Losing valuable data to third parties and competitors with bad intentions.
  • Identity theft.
  • Losing precious customers, leading to instability and company failure.
  • Losing complete control over your company’s management and administration.
Could anything be worse?

Naturally, there is a solid need to create, store and manage passwords to protect your company’s most precious, confidential and highly vulnerable assets. Passwords are the keys that unlock the doors to these assets, and only you should have them.

The problem with using any third party device or app for passwords is that it’s always subject to the risk of being hacked. Not only do third parties applications cost money, they could malfunction, leaving the customer stranded.

In this article, we’ll cover some valuable insights on the smartest way of creating & retrieving passwords and avoid getting hacked.

Let’s get right in!

Create & Retrieve Passwords Securely: The Silver Bullet. 

It’s no surprise that you need a password manager. The 2 most important functions of a great password management tool, usually, are:

  1. To help you create a strong complex password.
  2. To help you save & retrieve it safely & securely.

Let’s talk about (1). Creating a complex password that’s also easy to remember is hard for the normal human brain. Usually we think of a combination of words, expressions and numbers or special characters to create a password, which is too easy for a hacker’s brain to unveil.

Clearly, you need a better way! 

An effective way of creating complex, yet ‘memorable’ passwords is to use a password card. It’s basically a card with an assortment of letters, symbols and numbers arranged in rows and columns, like the one below:

Generate a password card and give it a name to get started. Then, draw a line across a row or column, or draw any shape like a square or triangle across the card, and soon you’d have a very complex, yet memorable password based on the characters your drawn line or shape includes.

You could also use the password manager to auto-generate a random password for you, which is especially useful if your password needs to meet specific character requirements.

But why create a password this way and how does it prevent data breaches? 

Password cards are a combination of random and unique characters, not easy enough to guess by someone else. They’re also printable cards you can keep in your wallet. Even if another person saw your password card, it would be nearly impossible to guess what your password is!

With this method, the password manager isn’t really creating the password for you, but only helping you create a password that only you can later remember. Which brings us to point (2).

If you save your password somewhere, the point is, it’s still ‘accessible’. 

That’s the whole reason why passwords get hacked in the first place! Because they’re stored somewhere. 

But, using the password card method, your password can be retrieved using a ‘password hint’ which tells you what combination of characters are included in your actual password. So the only thing that gets saved on your password management tool is the ‘password hint’ to help you remember it.

Simply put, if your password is all the characters in an L-shape on the card, your password hint could be “L shape from A3 until A15 and then P15” (look at the image below). Of course, you could create better hints than that!

 

The reason why your passwords are highly secure this way is because they’re actually not stored anywhere, so there’s no chance of them being hacked. All that the password management tool is doing is enabling you to come up with a good password, and then helping you remember it. Simple, yet effective.

This helps resolve the problem of losing all of your passwords in case your password management application gets hacked.

So how can you optimize the value from your password management tool?  

  • You can set password reminders to regularly change your passwords.
  • You can share your passwords securely with internal staff members as only they’d know the answers to the password hints you’d create.
  • You can use the tool offline too, since all you really need is your password card which you can print easily.

Remember, never divulge your passwords to anyone, including a password management tool. There are plenty of cases of password management apps being hacked, as they’re a ‘hackers paradise’. You might as well avoid these pitfalls!

Use a tool like PasswordWrench as an enabler, and not a storehouse of valuable information waiting to be hacked. Try PasswordWrench for free, and be safe.

 

 

Updates to Version 3.1

Our latest update has even more security and privacy features for advanced users or anyone who’s serious about security online and any user protecting the most sensitive information.

The first update revolves around the display of the Password Card. In previous versions, when a Password Card is created, the characters are displayed on a grid which is what defined the Password Card. Some of our users mentioned they’d like to see a feature or setting so that the characters would be hidden by default to increase security. So we listened and implemented this feature through an optional Rules Policy that you can define and manage within your Settings.

When the option “Disable Displaying Characters on Password Card” is enabled, the Password Card will not show the characters on the grid by default.

Next, we also incorporated this feature into our publicly available Password Assistant. For many of our users, the Assistant is the most secure way of protecting their master passwords using our technologies. They will be able to take advantage of this new feature. This will especially be useful when anyone needs to log in from an external environment not under their control, or during a presentation when many viewers might be able to see the Password Cards.

Some of our more hard-core security users mentioned that they would prefer the “Highlight” feature be disabled by default, so we added an option for that in the Settings under the Rules Policies.

And saving the best for last, the new Stealth mode helps to avoid all visual cues. Sometimes you might want to select certain columns and/or rows to construct your passwords using the Password Card editor, but you do not want people to know where you click on the Password Card or any visual cue on the monitor in case someone is looking at your monitor or your moves could be captured on camera. A good example of this is again if you are giving a group presentation or webinar or the like. The password is constructed, but the password field is not shown. You can of course disabled the stealth mode and/or show the password field at any time in your Settings.

We hope you will enjoy using these new security features to keep your passwords and log-ins secure. Feel free to reach out to us at any time with additional features or functionality you’d like to see in PasswordWrench.

 

New Product Launched: 2-Factor Authentication

Everyone knows by now that SMS is not a secure way to do 2-Factor Authentication, as your phone number can be hijacked, and sending a plain text PIN across 2 different networks increase the risk of interceptions. Many banks resolved those issues by providing an electronic device that generates a PIN. This alternative brings its own issues though. For example if you are traveling somewhere and forget your PIN generator, or lose it, you could be stranded for many days. And it’s not going to be cheap to replace it since they cost money to produce and take a while to ship. Many companies do not want to deal with such sensitive inventory management either. There are also many solutions based on biometrics and artificial intelligence which provide simplicity but with a huge negative; if compromised, they cannot be replaced and forcing you to use an alternative. We’ve seen some big company come out with free mobile application to help you with your 2FA but their goal is to track you down in order to stick Ads in your face. They don’t care about your privacy.

Welcome PasswordWrench’s newest product to the family. Our 2FA allows enterprises to provide a secure 2-Factor Authentication within their system. Our technologies allow any website to offer 2FA without asking their customers to install a mobile application, and without the need to send a text message (SMS). Also, there is no digital PIN devices associated with our solution. PasswordWrench’s 2-Factor Authentication makes it easy to adopt by all users while advancing security to the next level. And did we mention it’s no more costly than any current 2FA solution out there, and significantly less costly than the PIN devices.

Our solution resolves the issues brought by SMS, PIN generators, biometrics/AI, while still offering the highest level of security. Your customers do not need to install a mobile application. In fact, they don’t even need a mobile device at all. How? By using the same Password Card technologies that make it easy for consumers and enterprises to manage their passwords safely. Anyone can replace their Password Cards at any time, and at no extra cost. It’s a renewable technology. You won’t be stranded, and PasswordWrench stays true to its mission – where security and privacy comes first. We still use all the top level security tools at every juncture of the process. The difference is that we free up the user from being reliant on unsecure or costly solutions.

Ready to give this to your development team or tech support to integrate? We have provided an API and SDKs written in JavaScript, PHP, Java, and .NET that allows any developer to integrate our technologies. And of course, we’re always here to help you get started.

Contact us now for a free enterprise quote!

PasswordWrench Password Manager Version 2.0

Today PasswordWrench launched our version 2.0 of our Password Manager. We have added several features intended to give our users more security and more options on how they can use our services.

First, we added an audit log for all paid subscriptions. You will be able to know when you logged in/out and monitor other actions on the account. This is an important feature because many accounts on the web gets hijacked without the knowledge of the user because they cannot see someone else logged in and impersonates them to access their account. With this feature, if someone does that, you will see it and you can take action.

Second, we now provide dual-authentication. We are not following the pack as SMS is still unsecure. We instead created a new system using our own Password Card approach. Just simply create a Password Card, print it or download the PNG, and you will use that as your dual authentication PINs. It’s simple, fast and easy. Even better, it does NOT rely on a third party carrier.

Next, you can now share passwords with other people. Sometimes you have an account you are sharing with your spouse, your child, or with colleagues at work, etc. and you want to keep those passwords safe. With the shared password tools, you will be able to use, manage, and share strong passwords. There is no more need to share written passwords or files, and you can manage who accesses which password anywhere in a centralized system. It’s very convenient and will eliminate phone calls asking “what is the password?”

We also added several enterprise features that allow any companies to provide to their employees the best and most secure password manager available. Our product helps companies manage their employees and other users along with rule policies. For example, you can group users into departments allowing a distribution of responsibilities. You will be able to set when passwords should be renewed, and when to warn your users about updating their passwords based on your corporate policies.

We are focused on providing the best and most secure products available and working hard to accomplish this mission. We hope you will like these new features and you are welcome to provide us feedback. We listen to our customers!

Thanks,

Patrick Tardif, founder
PasswordWrench.com

Why PasswordWrench is needed – a word from our Founder

My name is Patrick Tardif and I founded PasswordWrench.com to provide a solution to people where they can preserve their passwords safely without forcing them to trust anyone. The more projects I managed for clients from Fortune 100 to start-ups, I realized how lax a lot of security protocols really are when implemented in daily-usage patterns. Software consulting requires direct access to sensitive data, but it wasn’t until my wife had her identity stolen and watched her go through that ordeal of fixing it that I realized just how vulnerable most people and companies are. Password management systems are great for ease of use, but my first question was – why would I trust another party to owning or managing all of my passwords?

I managed my own passwords for years using my own system. There was a need for me to create a system so that my own passwords will be complex enough and contain characters that match the requirements of the sites I regularly use. Many of those sites require a mix of numeric, upper case characters and symbols and this was becoming very difficult to remember, especially when I followed best practices of changing them regularly and ensuring none of them were identical. I searched for tools to help and discovered a huge fundamental flaw in password managers; I was forced to enter my passwords into their system.

The news is rife with stories of celebrities being hacked, identify theft on the rise, and perhaps more ominously, the NSA, Edward Snowden and all the stories about government agencies spying on their own people. I wondered how I could create a way so that people don’t have to enter their passwords at all - a way that is secure no matter if the system gets hijacked. I figured out a way to do this, and came up with PasswordWrench.com.

I state unequivocally that this is THE MOST SECURE password manager available on the market today. You can create safe and secure passwords using this system, all without having to give away your passwords. How can I legitimize this claim? It’s simple. We do not record passwords in our system; instead, we use an innovative way that uses a hint, and a password card that is unique to you. You can even print your password card and put it in your wallet since it’s designed to be the same size as a credit card.

I created a list of the main threats against identity theft and addressed each of those.

  1. You can also use it offline, without any electronic devices. If you use only one computer, for example, and you are not logged in, how can you use a strong password that you can remember without writing it down? Our printed password card will resolve that issue for you.
  2. Our system protects you against more sophisticated threats as well. A good example of this is virtual reality, the gaming industry, and new gadgets that being developed that can exert various forms of mind alterations. If you choose to believe the worst, and I have my doubts that government is capable and fast enough to keep up with rapidly changing technologies, then mind reading and control may soon follow. If you use our system, the chances that you remember your passwords of long strings of random characters is low, therefore these types of devices wouldn’t even be able to extract that info from you.
  3. Our system will also protects you against hidden, and not-so-hidden cameras. As CCTV and web-enabled cameras become ubiquitous, alongside arming everyone with a mobile recording phone, the chances of your login actions to your sites being recorded of course rises. By using the PasswordWrench system you can bypass that concern.
  4. The net that captures thousands or even millions of users’ data at once simply by hacking into a third party site. If you store your passwords in one site, doesn’t that already make you more vulnerable?

As the founder of PasswordWrench and a daily user, I welcome your feedback and opinions. I ask that you check out the site and make the decision for yourself. Who do you trust these days? Zero Trust architecture is our motto. Fixing the problem after it’s a problem is the nightmare we’re trying to help you avoid.

PasswordWrench Launches the Only Truly Secure Password Protector

November 15th, 2016 – PasswordWrenchTM today announced the launch of its patent-pending password management solution which protects individuals’ and corporations confidential information, reducing online identity theft. PasswordWrench offers a unique secure password manager system that helps users create and recall complex passwords, making it nearly impossible for criminals to hack information.

Currently, over 15 million people in the U.S. have their identities stolen each year and with recent hacks into Yahoo!, Dropbox, LinkedIn and other major databases, this number continues to grow, leaving over 100 million people’s information vulnerable. Globally, Kaspersky Labs has estimated that over 1.8 billion accounts have been compromised.

“Hackers accessed personal information from at least half a billion Yahoo! accounts, and users had to change their passwords immediately. Increased identity and database hacks have left corporations and individuals more vulnerable than ever,” says Patrick Tardif, founder of PasswordWrench. “We are all susceptible to threats—anything from a hacker uncovering a user’s passwords at a coffee-shop, to stealing their on-line identity, to hacking corporate sites’ confidential information. PasswordWrench mitigates that risk and keeps digital data safer than any other system available.”

Typical password management solutions store passwords in the cloud and when systems are penetrated, hackers can gain access to sensitive information, including client email addresses, password reminders and encrypted versions of master passwords.

PasswordWrench is different from other password managers as it never stores users’ managed passwords; therefore, passwords are not vulnerable to hackers. PasswordWrench believes the best way to keep passwords truly secure is not to share them with ANY third party, including a password manager system. PasswordWrench digitally generates a password card with random letters, symbols and numbers. Users are then guided to recall these complex passwords without PasswordWrench storing the actual passwords online.  This unique program is the safest way to manage passwords without having to remember strings of random characters or upload passwords to third-party websites. For additional protection, users can download a physical copy of the password card or easily access their cards online.  

The PasswordWrench system protects against:

1) weak password threats

2) keylogger threats

3) hidden camera threats

4) insider threats

5) guesswork/brute-force threats.

Additionally, PasswordWrench employs top security protocols by encrypting all data in its database, across all communication channels, and all data delivered to the end browser and then, PasswordWrench sets everything behind firewalls. PasswordWrench uses top-level encryption technologies including AES 256 bits, RSA, SSL/TLS and more.

PasswordWrench is currently available and offer a free plan to individuals, with a range of packages offered to corporate enterprises at: https://www.passwordwrench.com

About PasswordWrench

PasswordWrench is an innovative password management solution created to keep online data safe for individuals and business enterprises. The PasswordWrench system offers heightened password protection without the vulnerabilities of common password management systems. The company utilizes top security encryption technologies, which allows users to easily create and remember complex passwords for superior password protection. For more information, visit: www.passwordwrench.com