Here’s another chance for me to show how long of tooth I am in this industry.
Back in the old days, say, 20 years ago, a web site might only have a few accounts. Assuming it had a domain, it could have admin login and password for such accounts as:
- Server Hosting Account
- Domain Registration Account
- FTP Account
If the site was a little more sophisticated, it might have:
- An Email List account (for mass email distribution)
- A Mail Server Account (So many internal/external email needs requiring a unique server)
Then online transactions became more of an online mainstay, and you might need:
- Merchant Account
- Payment Gateway Account
- Secure shopping cart hosting account
And then we started looking at how the site actually interacted with the rest of the world, and you needed:
- An analytics account
- Social Media account(s)
The days of static html web sites slipped away, and web sites required content management systems, which of course meant:
- Database accounts
- CMS Admin account
and the software that “plugged into” the CMS began having THEIR own accounts:
CMS plugin account(s)
And you needed various levels of security for the site:
- Secure Certificate account
- Site monitoring account
- Site protection account
Here it is, 2018. Guess what? There will be more levels of accounts for a single web site. How are you managing that information?
There has been a large rise in the number of “password vaults” and “password wallets” maintained out in the cloud. PC Magazine recently rated several.
This might be because I’m old school, but I don’t use them. Or maybe it is paranoia. I recognize the convenience. But I see these centralized sources of passwords to be a bigger risk than maintaining a hard and electronic copy of my passwords internally. No doubt their security is much better in concept. But I look at what I do as much less in demand and obscure than what they do. After all, if a hacker wants to get a bonanza of user names and logins, what is more efficient – scoring a huge haul from a few web sites with a high degree of difficulty, or the slow, slow slog of somehow finding and identifying a document not shared on the Internet with just one person?
In addition, there are a lot of options out there. And the honest truth is, the public doesn’t know which is best in terms of security (which is really the point, isn’t it?) until the marketplace matures a bit. There will be some security incidents with these kinds of services. It should be expected. So in the least case, I would NEVER put any financial service user names and passwords in such a service.
It is going to be a greater and greater issue for all of us. Eventually, we will all be using an account to manage our accounts.