A password manager is software that helps a user organize passwords and PIN codes. The software typically has a local database or files that holds the encrypted password data. Many password managers also work as a form filler, thus they fill the user and password data automatically into forms. These are usually implemented as a browser extension.

Password managers come in three basic flavors:

• Desktop - desktop software storing passwords on a computer hard drive.
• Portable - portable software storing passwords and program on a mobile device, such as a PDA or smart phone. (U3 and similar).
• Web based - Online password manager where passwords are stored on a provider's website.

Password managers can also be used as a defense against phishing. Unlike human beings, a password manager program, which can handle automated login script is not susceptible to visual imitations and look alike websites. With this built-in advantage, the use of a password manager is beneficial even if the user only has a few passwords to remember. However not all password managers can automatically handle the more complex login procedures imposed by many banking websites.

Vulnerabilities

Password managers typically use a user-selected master password or passphrase to form the key used to encrypt the protected passwords. This master password must be strong enough to resist attack (eg, brute force, dictionary attacks, etc). Some password managers use the Blowfish cipher because it has a relatively long setup time for each new trial key, thereby providing a small degree of attack resistance (due to key strengthening). 1

The master password can also be attacked and discovered using key logging or acoustic cryptanalysis. Some password managers claim to provide means for entering master passwords which are key logging-resistantFact: date=March 2008.

A compromised master password renders all of the protected passwords vulnerable. This demonstrates the inverse relation between usability and security: one might enjoy better security having memorized all passwords, but the effort is inconvenient and usually annoying.

Some password managers include a password generator. Generated passwords may be guessable if the password manager does not employ adequate randomness, which is not easy to assure.

A password manager may hold passwords unencrypted in memory while access is being made to records. This is a security risk should an attacker obtain read privileges for the memory involved.About - Revelation

Online password manager

An online password manager is a website that securely stores login details, usually a username and password, used to log into a third party website. They are a web-based version of more conventional desktop-based password manager.