The upsides of a password manager far outweigh any potential downsides

Last month there were rumors that a password manager called LastPass had some of its customers’ master passwords compromised.

LastPass denies this and states that the recent attacks are a result of shared passwords gleaned from breaches of other services, or perhaps warnings sent in error.

Do you use a password manager in your business?

We highly recommend you do as we strongly believe the upsides of a password manager far outweigh any potential downsides.

Let’s start by telling you what a password manager is and how it works.

The average person has hundreds of online services they utilize or have utilized. If you’re a business owner or manager, you may have many more.

To login to each of these, you typically use your email address and a password. These details – along with something called multi-factor authentication, where you enter a code from another device to prove it’s really you – are the main weapons stopping cyber criminals from accessing your accounts.

Hackers find it easy to get email addresses and have become very sophisticated at “guessing” passwords by using highly sophisticated and automated attack software.

For example, they might try a common word attack, where they try thousands of everyday words as the password. It’s why using your pet’s name, child’s name or favorite sports team is never a good idea.

They may also try a brute force attack, where they try millions of combinations of characters.

The easiest way for a hacker to get in is to discover a password you use on one service, and try it on all your other services. If you reuse passwords, it only takes one service to have a breach and all of your services are at risk.  Another way they get into other services is when you have utilized one account, such as Google or Facebook, to access other resources.  You’ve probably seen this option when signing up for services where it says, “Use my Facebook account.”

This is why best practice password advice is very simple but powerful:

  • Always use long randomly generated passwords, or password sentences (such as “rope-fruit-parking-apple-swing-enormous”)
  • Never write down passwords or record them anywhere unencrypted
  • Never use a password for more than one service or link accounts to other services such as Facebook.

Best practice is one thing. The reality is it’s impossible for most people to remember a) what their passwords are, and b) which password is for which service.

Constantly resetting passwords because you can’t remember them is just annoying.

So, people cheat. It’s human nature to do this because we’re all looking for tiny ways to make our lives easier.

Some of your team will use weak passwords. Or use the same password across several services. Or – horror – use a strong password, but leave it on display on a sticky note on their monitor.

You think this wouldn’t happen in 2022… but some things never change.  Convenience often beats out security.

This is where a password manager comes in. The password manager takes away all of the stress and difficulty for you and your team.

You integrate it with your computers and mobile phones. This is routine these days. Password managers work with Windows, Macs, and all iOS and Android mobiles and tablets.

When you need a new password, it will randomly generate one for you. A very long password, that’s difficult for the human eye to read (ideally at least 16 characters). And it will throw in some special characters too, such as $, & and #.

Then it will remember that password. And best of all, when you come to login to a service… it can automatically fill in that password for you.

Yes. You can login without ever having to actually type anything yourself. Safety and speed in one piece of software and all stored in a secure, encrypted location.

What are the potential downsides?

They’re all related, of course, to having all of your passwords in one place. In theory, cyber criminals only need to break your master password and they can get into everything.  The “keys to the kingdom” so to speak.

Of course, there are protections, and we always recommend you use them. Using a very strong master password is key (you only have to remember that one password).  It’s best if you commit your master password to memory, but this is the one exception where it would be a good idea to write it down and store it in a secure physical location such as a safety deposit box.  And make sure the multi-factor authentication we mentioned earlier is always switched on to access your password manager.

It’s also sensible to use extra protection where available such as Face ID.

Can you 100% eliminate the risks of using a password manager? Of course not.

But is using a password manager safer than not? We believe so yes, which is why we recommend them and supply them to our clients.

Password managers make good password practice easy for busy people.

If you want our recommendation of which password manager we use and suggest, please contact us.

 

Published with permission from Your Tech Updates.