When it comes to cybersecurity, passwords are a critical component. The problem is that most people use weak passwords and often reuse those same passwords on different websites. A major issue is the sheer number of passwords we must remember. Between email, banking sites, social media, utilities, and the variety of other websites and services you need to log into how are you supposed to use strong, unique passwords on all those different sites? Your best solution is a password manager.
What is a Password Manager?
A password manager is an application designed to store your online login credentials and other important information in an encrypted database or “vault”. It is locked by a master password or key that only you know. You may be thinking “that doesn’t seem smart, what if someone gets my master password?” That is a reasonable fear but assuming you have chosen a strong, unique, but memorable, master password it is a very effective way to protect the rest of your passwords and login credentials.
Password managers do more than just store your passwords – they also help you generate complex, unique passwords when you sign up for new websites or services. It doesn’t matter how complex or hard to remember the password is because when you go to that website to login you can pull up your password manager and simply copy and paste your password into the login box. Most password managers even come with browser extensions that will automatically fill in your password for you once you have entered your master password.
Many of the password managers available also provide the ability to perform an encrypted sync across devices. That means you can take your passwords with you anywhere – across different computers and even on your phone.
Why do you need a password manager?
There are several cybersecurity issues that can be resolved with the use of a Password Manager. Let’s take a look at the 5 main reasons why you should use a password manager:
1 – You are using the same password on multiple websites
Password reuse is a serious problem. The 2019 Google Online Security Survey found 52 percent of respondents reused the same password for multiple (but not all) accounts. That is not surprising when the average person has 50 – 60 passwords to remember. For many of us, that number is probably even higher.
Each year we hear about large, seemingly secure websites, that have massive data breaches where hackers get huge lists of emails and passwords. These passwords lists are often bought and sold on the dark web. Using these purchased lists cybercriminals can brute force their way into other sites if you have reused the same credentials on multiple websites. One breach then leads to more. According to the 2019 Verizon Data Breach Investigations Report, 80 percent of data breaches are caused by compromised, weak, and reused passwords.
Even beyond these large data breaches, many individuals fall for phishing email scams. They receive an email that appears to be from a company or organization they trust such as Amazon, Microsoft, or FedEx with a link to a realistic-looking but fake website. They are tricked into logging into this fake website with their email address and password giving the cybercriminals their credentials. In the same Verizon report, they indicate that nearly one-third of all data breaches involved phishing in one way or another.
A password manager will generate unique passwords for each website you sign up for ensuring you are not reusing your password across multiple sites.
2 – Your passwords are too simple
When you’re relying on your memory for your passwords it is not surprising that you might be using simple or weak passwords. According to a survey by Google, a quarter of Americans admit to having used one of the easy-to-crack passwords like “123456” and “qwerty.” Some other combinations that have been used by 24% of US adults include: “abc123,” “password,” “welcome,” “admin,” “Iloveyou,” and “11111.” Often in office settings where password changes are forced periodically people simply change or add one character from their previous password.
In many cases, hackers can figure out or break these passwords rather easily. The longer and more complex your password is, using a mix of uppercase and lowercase characters, numbers, symbols, and punctuation – the harder it takes for hackers to unscramble or figure out your password.
Using a password manager to generate new completely random passwords prevents you from using variations on your usual theme or making them similar to previous passwords you have used.
3 – You only need to remember one password
With a password manager, you don’t have to worry about stressing your brain to remember all the unique and complex passwords you are using. Or worse, writing them down somewhere. All you need to remember is the one master password you use to access all your stored passwords. On modern devices, you can also unlock your vault with biometric authentication — like Face ID or Touch ID on iPhones and Android devices. Just make sure your master password is incredibly strong, change it out as often as you see fit, and if possible, add 2-factor authentication.
4 – You will always have your passwords available with device syncing
Need to have your passwords with you from multiple locations? Make sure to choose a password manager that offers device syncing. With this feature, you can access your passwords on your desktop, your laptop, and your mobile devices. This ensures you always have your passwords with you whenever you need them.
5 – You can store more than just website login credentials
Most password managers have sections to store more than just website logins. You can store information and ID numbers for your insurance cards, credit cards, memberships, Wi-Fi passwords, and other text notes. You can store them all in the encrypted vault knowing they are safe and easy to find.
What are the types of password managers?
There are two main types of password managers available.
Desktop-based password managers
A desktop-based password manager stores your passwords locally on your device, like your laptop, in an encrypted vault. The downside is that you cannot access those passwords from any other device, and if you lose the device, then you lose all the passwords stored there. Locally installed password managers are a great option for people who are not comfortable having their data stored on someone else’s network.
Some locally installed password managers provide the convenience of allowing you to create multiple password vaults across your devices and sync them when you connect to the Internet. This keeps the data locally but only uses the internet as the syncing mechanism.
Cloud-based password managers
Cloud-based password managers store your encrypted passwords on the service provider’s network. In this case, the service provider is responsible for the security of your passwords. One of the biggest advantages of cloud-based password managers is that you can access your password vault from any device as long as you have an Internet connection. Web-based password managers come in different forms—most commonly as a browser extension, desktop app, or mobile app.
Not sure you trust you’re a password manager in the cloud? All the top password managers use 256-bit AES encryption, offer two-factor authentication (2FA), and zero-knowledge security. Zero-knowledge security means that although the password manager knows your passwords, the company that makes the manager doesn’t so they won’t be able to access your information.
Which password manager should I choose?
There are a growing number of password managers available. While they all provide the same basic features of storing and generating strong unique passwords other features vary as well as their price points. Some have a free basic version where you pay for upgrades while others are pay only. 1Password (www.1password.com) and Lastpass (www.lastpass.com) are 2 of the most trusted and well-known password managers available. Neither has ever suffered a serious breach, and both are up-front and transparent about how they protect your data.
CNET recently published a helpful article where they review the top password mangers of 2020. They do a good job of pointing out the various features and prices of the various tools available.
Keep your passwords unique, complex, and safe
After looking at reviews, the features, and possibly testing a few of the applications the next and final step is to pick out the one you like that has a security level you are comfortable with. Ultimately it doesn’t matter as much which password manager you use as much as it matters that you find and use one. This will ensure that you are always selecting long, strong, and unique passwords to keep all your data safe.
Does your company need help to make sure you have the right cybersecurity tools, training, and policies in place? Call us at The Garam Group 315-473-9600. We’d be happy to help!