By now, we’re all used to using passwords to authenticate our identities online. But as we’ve grown more accustomed to coming up with and remembering passwords, cybercriminals have gotten far better at stealing them. The result is that many of our online accounts are at high risk for breach, especially because most people have bad habits when it comes to passwords. A study in 2015 found that nearly 3 out of 4 people use the same password for multiple accounts, and that 68% of people were using passwords that were five years old or older. Unsurprisingly, this same study found that 2 in 5 people surveyed had experienced some sort of security incident online.
The problem, of course, is that good password habits are difficult to learn and even harder to carry out. Thankfully, tools now exist that can drastically improve your password security. They’re called password managers.
Why Do You Need a Password Manager?
Before we dive into the benefits of using a password manager, let’s go over two basic facts about password security.
- Secure passwords are long, complex, and random, which means they’re hard to remember. Hackers have sophisticated ways of cracking your passwords, especially if your passwords are short and use recognizable words. In fact, hackers’ methods have improved to the point where it’s not enough to just stick a few numbers and an exclamation point on the end of your pet’s name. Really, the safest passwords are long and contain truly random strings of letters, numbers, and special characters. The problem, of course, is that these are the hardest to remember.
- It’s critical to have unique passwords for each account containing sensitive data. It’s so much easier to remember one password and use it for all your accounts, but this is dangerous. If hackers breach the passwords of, say, your email provider, they can use your stolen password to log into even more sensitive accounts, such as your bank account.
Now, take a moment to ponder these these facts. Then start considering the number of online accounts you have, from your bank account to Amazon, from Facebook to your health insurance provider. Can you create and remember long, complex passwords for every single one of these accounts? If the answer is no, you might need a password manager.
How Password Managers Work
Password managers help bridge the chasm between security and convenience. They do this by automating the process of creating long, complex passwords for each of your accounts and storing them securely so that you don’t have to remember them. So, instead of having to remember a large quantity of complex, random passwords—which is highly secure but highly inconvenient—all the user has to remember is the one “master” password she or he uses to access the password manager. In many cases, once the user is logged into the password manager, either on a computer or mobile device, the password manager can auto-fill the correct password for each of your online accounts, meaning you never even have to know what your passwords are for these accounts.
How to Choose—and Properly Use—a Password Manager
As you’ve been reading, you may have spotted what could be a hole in the logic of using password managers. If password managers rely on one master password, aren’t password managers unsafe, since all of your passwords are protected by one single password?
This is a good question, and the answer essentially comes down to comparing using a password manager with the alternative. Using (and reusing) memorable (and therefore weak) passwords across all of your accounts is definitely more risky than using a password manager—if you’re using the right password manager, and if you take extra precautions with the master password you use to get into it.
So, how do you know if you’re using the right password manager? The good ones have a few common features:
- They employ strong encryption to protect your passwords.
- They do not store your “master” password—only you know it.
- They offer two-factor authentication, a necessary second layer of protection for passwords, which we discuss in a previous post.
Once you’ve chosen the best password manager for your needs, it’s important to make sure you implement safeguards to protect your master password. Firstly, that password needs to be long, complex, and as random as possible. Secondly, it’s always a good idea to turn on two-factor authentication. That way, any time someone tries to log into your password manager, they will have to also provide a code that gets sent to the device (such as a smartphone) of your choice.
Special Considerations for Businesses and Organizations
Consumer-grade password managers are probably sufficient for users’ personal accounts. But when it comes to a business environment, passwords for company systems (email, accounting software, CRMs, etc.) should be managed in a business-class password manager under company control. It’s never a good idea for employees to use disparate consumer-grade products to create and store their company-related passwords, as this removes control from the company.
Thankfully, there are great options for business-level password management. If you’d like to discuss them, drop us a line.