Why use Secrets?

Secrets can securely store and manage many different types of information such as: logins, credit cards, bank accounts, software licenses, notes, pictures and any other file-based documents.

While the ability to securely store all of this information may be a reason enough to use Secrets, Secrets is mostly know as a password manager. And to understand the benefits of using a password manager, one must first understand the dangers of not having a good password discipline.

Password reuse

When faced with the challenge of memorizing passwords for various sites, users will understandably either reuse a known and memorable password or have minor variations of it.

Today, we have logins for everything, from our personal email to our child's daycare. Studies have shown the average person has around 100 passwords. Memorizing 100 different passwords is simply not feasible for most of us.

So what's wrong with reusing the same password? Every year, many sites are compromised, and login information is leaked. And this happens all the time.

If your username, email, and password are exposed in one of these leaks, a malicious person can simply try using this information on other sites and gain access to your account. Email hosting services such as Gmail, Yahoo, Hotmail, etc., are probably among the first sites they would try. If an attacker gains access to your email, they most likely gain access to all the other sites you use by simply utilizing the "Reset password" functionality available on most sites.

With this information, an attacker can attempt to gain access to your bank account, discover your credit card details, or simply impersonate you to trick your contacts into giving them money.

Password strength

f you have some technical experience, you probably know that most sites don't store your password exactly as you type it in the password field. If done correctly, the site will store the result of passing your password through a one-way function. A one-way function makes it easy for the site to verify that the password you entered matches the password you chose when setting up an account, but it makes it hard to retrieve the original password given the result of the one-way function.

The sole reason for sites to do this is to mitigate the consequences of a data breach, such as the ones mentioned above.

However, even though a one-way function makes it difficult to determine the original password given its result, an attacker can quickly try applying the same one-way function to many common passwords and simply verify if the result is the same as what they obtained from some data breach. This is called a brute-force attack.

The lower the complexity, the easier it will be for an attacker to retrieve your password. Now you know why some sites ask you to choose a combination of uppercase/lowercase letters, numbers, and symbols. These sites are simply trying to force you to pick a strong password.

Out of curiosity, here's a list of the most commonly used passwords. Just note that if your password isn't listed, that doesn't mean you have a strong password.

Password managers

One of the goals of using a password manager such as Secrets is to facilitate having a good password discipline.

By using a password manager, you can store different passwords for every site, avoiding the need to remember them. And if you don't have to remember passwords, there's nothing stopping you from using strong passwords on every site. Secrets can even generate strong passwords for you, so you don't even have to worry about that.