Creating a new account on a website or service can seem pretty benign: You’re registering to use their service or gain access to something, and all you’re doing is providing your email address and a password. Perhaps you used that some password on another service some time ago? Who knows. You register, confirm your email and there you go.
Some time later you discover that some of your friends have received unsolicited emails from you and then, after resetting your account and doing some digging, discover that your latest site registration was responsible for your email account being hijacked.
This was exactly what happened to me a few of years back when I signed up to a computer store with the same account credentials I’d used for my email address. It was easy for someone who had already stolen all of the plaintext account credentials stored on the computer store’s server to go to everyone’s associated email accounts to attempt to access them using the same password the user had provided for that registration. Attacks like these happen all the time, and if it occurs on a larger or more well-known site you can usually track down your account details on HaveIBeenPwned.
Attacks like these can be easily avoided, too, if one employs a password manager to, well.. manage their passwords. The trick is that most people don’t particularly want to use a whole other application to manage access to their existing applications – but this extra layer of security drastically reduces the chances of someone else ever gaining access you your accounts. And even if they do gain access to a weaker service, they won’t be able to “cross-pollinate” and access other accounts using the same password. Password managers are notoriously good at generating strong, random passwords so each new account entry is unique and unrelated to every other account you own.
And here in enters Buttercup: A free, cross-platform and open-source password manager that can store all of your details, online or offline, in a securely encrypted vault.
The vault Buttercup uses is just a file, essentially, but it’s encrypted and cannot be simply read by anyone else but you. Your “master password”, for lack of a better term, is your single key to lock and unlock your vault file whenever and wherever you wish – this key should not be used for logging in to any other site or app, and will (if you use your password manager for everything) be your last password you really need to remember.
The mobile app is available for both iOS and Android, and both versions support browser autofill – a relatively new feature by Apple and Google for their mobile platforms, which allow users to instantly inject login credentials on a web form when browsing in the native browser.
The browser extension automatically recognises login forms as well, and provides similar auto-fill and auto-login functionality. Beyond remembering complex passwords to increase security, Buttercup simply makes it easier to manage online accounts so you can concentrate on your goals.
The desktop application can be downloaded and installed easily on Windows, Mac and Linux, and allows for local file storage on top of the standard cloud storage options. Using the desktop application can prove very useful when not all accounts stored reside on the web – many local applications may need login authorisation and Buttercup’s desktop application is the best for the job.
As of just recently, the browser extension has received a fully-fledged vault editing interface similar to that in the desktop application. This new UI will allow for full control over your credentials without the need for ever leaving the extension for your phone or the desktop app.
Protecting your accounts has never been more important – Buttercup, along with other great password management options, is free and easy to use.