Could my passwords be compromised?

There are plenty of malicious actors seeking access to your passwords. This article provides an overview of the common threats which might compromise your passwords.

Using PfP helps avoid several of these scenarios completely. For others, PfP will reduce the impact. The only scenario where PfP cannot help at all is a malware application running on your device.

Phishing attacks

Everybody gets emails claiming that your bank or PayPal or whoever needs you to quickly verify your credentials. Usually, these emails will link to a website very similar to the real one, except that any credentials you enter will go to the bad guys who will try to extract money from your accounts.

How PfP helps: PfP will only offer you passwords that belong to the website you are on. You might not notice that you are on the wrong website, but PfP will.

Bad server-side security

Sometimes, you just have to accept that one of your accounts gets compromised. You trust many websites with your data, yet some don’t do a good job protecting it. So occasionally one of these websites will be hacked, and there is nothing you can do about it. Sometimes you will also learn that they stored your password without adequate protection. Without a password manager, this will often turn into a disaster because the same password was used for a number of other accounts. You think the bad guys cannot figure out which ones? Think again.

How PfP helps: With PfP you shouldn’t need to ever reuse passwords. It’s a unique password for each account, so if one account gets compromised the damage stays limited to that account.

Physical access to your device

Left your computer unlocked at work? Your laptop got stolen? The passwords stored in your browser should be considered compromised then, accessing these is usually easy.

How PfP helps: PfP uses the KeePass database format when storing your passwords. With default settings, it will slow down guessing your master password considerably. It’s still important that you choose a strong main password. Also, PfP should be locked.

Shoulder surfing

Having passwords displayed on screen is always problematic. What if somebody is watching over your shoulder right now? But even if you type a password from memory, chances are that this password is simple enough for somebody to remember if they are watching you at that moment.

How PfP helps: Usually, PfP will not show any passwords on screen. Instead, it will fill out login forms automatically. This is the preferred approach because copying passwords to the clipboard might result in you pasting them to a regular text field unintentionally. But even then, passwords generated by PfP are too complicated for humans to remember quickly.

Malware infestation

You don’t keep your browser or operating system up to date? Opened an email attachment on a seemingly legitimate mail? Followed instructions on a web page claiming that you need to install a missing video codec? Then it is quite likely that your computer got infested with a malicious application. Often these applications will attempt to intercept your credentials as you enter them into your browser and allow your accounts to be taken over by the bad guys.

How PfP helps: This is a scenario where PfP cannot possibly help. If PfP provides any advantage here, it will only be accidental. You need malware protection software that will prevent malware from running on your system. Being careful with applications you allow to run and keeping installed software up to date is also important.