NFC password card – That’s how secure the new password manager is!

M.Sc. Jan Hörnemann

NFC password card – That’s how secure the new password manager is!

Password managers are a very good way to manage passwords and ensure that different passwords can be used on different websites. There is a new method of a password manager and that is an NFC password card.

NFC password card instead of password manager

We have already reported about Password Manager in the Sevencast as well as in past blog posts. To protect various accounts with good and secure passwords, the use of a password manager is highly recommended. In the world of password managers there are two different categories, the offline and the online managers.

There are both advantages and disadvantages for both categories. The most obvious advantage of the offline version is that all passwords are not stored in a cloud, but only on the local device. The advantage of the online variant, on the other hand, is that this manager requires little maintenance. If I change a password in my account, it is automatically updated on all devices on which I use the password manager.

The password card, which communicates via NFC (Near Field Communication), is a kind of password manager, which can be assigned to the offline variant. The biggest difference between the NFC password card and a “normal” password manager is the fact that the password card is a physical card. On a normal card, passwords are stored and can be read by a smartphone after the master password is entered.

The password card is configured by an app that is available for free for both iOS and Android. Passwords can be stored on the card by the app, but first the master password must be set, which is needed to unlock the card.

The classic password manager is only virtual on a computer and is also secured by a master password.

NFC-password card in a case
The NFC-password card in the case (source: heise.de)

Advantages of the NFC password card

A big advantage of the NFC password card is the fact that the passwords are actually stored on the card. This means that the passwords cannot be stolen if a stranger steals the smartphone. Since this card now contains all passwords, the user obviously cannot lose them. In case the card is lost, a replacement card is included in the delivery.

Another advantage is the card cover, which is also included in the delivery. The cover is not only a protection for the NFC password card, but the signals of the card b
remain within the map. This makes it impossible for attackers near the radio to access data, since the card cover blocks all signals.

The last point, which can be interpreted as both an advantage and a disadvantage, is that the NFC password card has very few functions. For newcomers who have not used a password manager before, this is an advantage because the use of the password card is very simple and clear, due to the limited functions.

Disadvantages compared to the classic password manager

Besides the advantages already mentioned, there are also some disadvantages that need to be mentioned when dealing with the NFC password card. A big disadvantage is the very limited memory space on the password card. The manufacturer states that about 50 passwords can be stored. However, reporters from heise.de have found in an experiment that only about 20 passwords can be stored if they are written on average and of average length.

20 passwords are definitely enough for some people, especially for those who use a password manager for the first time, but 20 stored accesses are too little storage space if the card is used for a long time.

Besides the storage space, the loss of cell phone is a big problem. As already mentioned, passwords are not stolen when a cell phone is stolen, but the NFC password card can only be unlocked with the appropriate cell phone. So if you lose your cell phone, neither the thief nor yourself can access the passwords.

A similar problem arises if you want to pair the password card with a new smartphone. For iOS there is now a solution if you have access to the old smartphone. For Android, on the other hand, there is still no way to “move” to a new smartphone.

Basically we recommend an NFC password card to those who are new to password management. For about 20€ you get the password cards and can thus secure your accesses. Those who already use a password manager will miss some functions, including the generation of secure passwords.

Photo of author

M.Sc. Jan Hörnemann

Hello dear reader, my name is Jan Hörnemann. I am a TeleTrust Information Security Professional (T.I.S.P.) and have been dealing with information security topics on an almost daily basis since 2016. CeHv10 was my first hands-on certification in the field. With a Master of Science degree in Internet Security, I have learned about many different aspects and try to share them in live hacking shows as well as on our blog. In addition, I am active as an information security officer and have been qualified by TÜV for this activity (ISB according to ISO 27001)
AWARE7 GmbH - Logo

+49 (0) 209 - 8830 6760

info@aware7.de

Google Plus Code F4X5+M2

Company

AWARE7 GmbH
Munscheidstr. 14
45886 Gelsenkirchen
Imprint | Privacy

About us
Open positions

Resources

Free e-learning
Downloads
Projects