If you have to ask "Do I need this?" when it comes to information security, the answer is almost certainly "Yes". Any major vendor will be audited to ensure that they're doing what they say they are in respect of security (in particular look out for ones which offer enterprise pricing).
It's a logical fallacy. The ever increasing security protocols and password strengthening doesn't improve security. The biggest security risk is the squishy part. The Human.
On topic :
My 'Password keeper' is built into the web browser and it stores all my passwords. It is currently storing 149 unique passwords to various websites. Access to that 'password keeper' only requires 1 password. Yeah, that isn't 'secure' Even if you don't have access to the browser password keeper password; all you need is my laptop and it will log you in to almost all my websites because the browser will ******* and log you in. Even when it can create those "$£$%£djl3;3#]{*54!!"£xhop3" passwords, it becomes meaningless when you click a link and it always 'remembers your password'
Off topic (ish) :
If you need to change your password regularly - The Human will: RFUK01, RFUK02, RFUK03
If you need letters numbers etc - The Human will: RailUK Forums#1, **RFUK01**, RFUK_Tr@1n5
Using a mnemonic - Silly Humans : My_Frum_Train, My_Frum_Bus, My_PW_Bank
Overly complicated - Lazy Humans : I'll just write it down
Security Questions : Mother's Maiden name, First school, favourite football team
Multiple login names : C0mut0r, Com_you_Tor, Comut3r, or the same email for every website.
Even as we move towards biometrics, security is still susceptible to Social engineering and the plethora of human failures. I can unlock my phone with a thumbprint (how many of you always use the thumb ?) and then it will give me pretty much unlimited access to everything. Apologies in advance but something hit my news feed this morning about porn and 'safe' access. They are now saying that a new safeguard could be introduced to scan face data for older faces.
New draft guidance sets out how porn websites and apps should stop children viewing their content.
www.bbc.co.uk
Facial age-estimation tech, that will scan users' faces and use software to infer if they are an adult, is also an option.
So now you can have your biometrics scanned and stored on a server a million miles away; yep, that's a sensible option...
Even 2FA has its limitations. If I log into google it just sends a notification to my phone and all I need to do is click the "yes, its me" anyone with access to my phone will again, have unlimited access.
Be very careful with anyone trying to tell you their system is 'secure' or has the 'best encryption' The Human is the weakest part.
