Since a lot of users passwords were leaked after database breaches such as Yahoo and Adobe the advice has been to have unique passwords for your many different accounts. When we approach clients to discuss password security it is one of the areas we highlight and is generally met with “ I cant even remember one password, having so many different ones is not going to happen!”
In steps a password manager to save the day, but are they safe and secure?
Broadly speaking, password managers are useful pieces of software which store your passwords securely, allowing you to keep a log of your accounts and login credentials without having to remember each individual password. They can help you create secure passwords, and automate the process of inputting your credentials each time you want to log in.
As password managers generate individual passwords for each of your accounts/sites, this limits the damage that someone could do should they get hold of one of your passwords. Approximately 59% of people use the same password across all of their accounts, which is rather worrying, as should someone find the password to one of your accounts, they have the password to them all. Password managers take away the hassle of having to create secure passwords for each website, generating a secure, complex password for you. A complex password drastically reduces the chances of someone using brute force techniques (guessing millions of different password combinations) to get into your account. You don’t have to worry about remembering all of these long, complex passwords either;most password managers have a function or a plug in which will automatically enter the password for the site you wish to use. If not, it’s a simple matter of accessing your password manager and copy/pasting the correct credentials. The only password you need to remember is the one to get into your password vault.
As you only need one password to access your password vault, if someone gets access to that, they not only have a list of all the accounts you are active on, but the login credentials for all of them too. Luckily, many password managers utilise 2-factor authentication, adding an extra layer of security, so it’s wise to choose a manager that employs this.
A lot of modern password managers sync your password back to a server somewhere, allowing you to access them online from anywhere. This is very convenient, however you can’t know for sure that your credentials are not being stored in a compromisable format, no matter how much the company say they are storing them in an encrypted or hashed state. Do some research into which are the most trusted password managers before handing over your data.
You should always research password managers yourself, as each person’s needs are different. We thought we’d point you in the direction of some of our favourite ones, so you can take a look for yourself. LastPass, Dashlane and RoboForm are all password managers which sync online and are stored centrally. KeePass allows you to keep hold of your vault locally on your own device, and is free, open-source software, whereas the other examples have a subscription fee attached to them. When researching, start with those to give you an idea of features, pricing and security features.
If you would like more information on implementing password managers in your organisation, please get in touch. Our security consultants would be glad to have a chat with you on 0333 3207 335 or email firstname.lastname@example.org