Do you find yourself regularly getting locked out of one online account or another? Are you wasting time resetting passwords? Or maybe you are struggling with securely sharing passwords or credit card information within your team?
Password managers not only increase your password security exponentially, but they can also save you a heck of a lot of time.
Cybersecurity is a top concern for many organizations as cyber-crime has increased over the years. With everything moving to the cloud, many organizations have increased online tools and hence more passwords and logins. So let’s be honest, we all have more passwords, logins, and sensitive information now more than ever.
With the increase in passwords & logins you might be struggling with the best practices on what type of passwords to create and then how to store and share them securely. In this blog post, we will be diving deep into the best practices for creating & storing passwords and how password managers can help you achieve those practices. Also, the cool part about password managers, is that they are not just for passwords but you can also store & share notes, credit card info, bank account info, and more all securely.
The Problems with Passwords
1. Not using unique passwords
It may not surprise you, but the average password that gets breached is usually something very common like “123456” or “password”. Not only are these passwords easier to crack but if they breach your let’s say Netflix account, the hacker can then try it on your business Office 365 subscription for example. Many people use very simple passwords, but to make matters worst, sometimes they use the same weak password for multiple accounts. The biggest risk to your accounts online is password re-use.
2. Sharing password insecurely
If you are an organization that stores all your passwords on an Excel spreadsheet, you're not the only one. Historically, it’s been common practice for an organization to have a list of all their passwords that they share internally with their team. Unfortunately, if this list were to get compromised, all your accounts are now at risk. It's also challenging to It’s best practice to never send passwords by email or store them in a document.
3. Browser password managers are not as secure as you think
Most browser offer built-in password or credit card managers. These tools are convenient but unfortunately, they lack two critical pieces. First, they are not super secure because you do not need a password to assess your browser data. Secondly, you are not able to easily share stored passwords in your browsers with other members of your team.
4. Waste so much time resetting passwords
You know how frustrating it is to reset passwords; especially the more secure the website the harder (for good reason) it is to reset the password. Not only is it time consuming resetting a password, but once you’ve updated it you run into the problem of letting the rest of your team know the password has been reset. If you are using a spreadsheet, you now have to update the spreadsheet and send it around (bad idea) to your team letting them know you’ve changed a password.
Positives of Password Managers
1. Easily create unique complex passwords
Creating strong super complex passwords is imperative but we also need to create a unique password for each online login. A password manager can not only automatically generates a strong password but it will tell you if you’ve used that password before.
2. All your personal & business passwords in one place
You can use password managers to create “groups” to share passwords and logins amongst specific members of your team. No more using a spreadsheet to share passwords in your organizations. This will not only increase security, but also save time for the back and forth and people forgetting to update the spreadsheet when they reset or update a password.
3. Manage MFA more effectively
Many of the password managers out there allow to integrate multi-factor authentication right from within the password manager. This saves you the time from having to receive a special code by email or text message.
4. Guard against phishing attacks
The password manager will not allow you to auto-fill the login details into a website that is not the original website you created the password on. Phishing scams create a web page that looks like your bank login but is actually fake and is trying to get you to give up your login information. A password manager will not allow you to fill in the details on that page.
5. Warning of a potential breached login
Many of the password managers will warn you if one of the websites you’ve created a login was breached. This can prompt you to change that password in the event that your information was relieved in that breach.
6. Three factor authentication (3FA)
You may be asking, “how secure are password managers?” or “what if they get my master password for my password manager”? These are both great questions. First, password managers use 3 factor authentications to initially set-up your account (master password, device verification, and secret key.) - This is more secure than most logins.
Negatives of Password Managers
Writing everything you need to do down is great, but who is going to enforce it? Performing an annual risk assessment ensures your organization is complying by its own standard of rules. This assessment also helps to see which areas of your organization can be improved upon without finding out after the fact in the case of a breach.
1. Hard to implement
The of the biggest challenges of password managers is setting them up. Our clients look to us to help them implement it and you should reach out to your IT department to start this project. Once you’ve set it up and created the groups and sharing permissions it’s quite seamless is maintain.
2. Not all websites auto-fill
One of the cool features is auto-population of login fields and that you can search the password manager for what you want to login and then click on the login it and it will automatically pull up the website and auto-fill your information. Sadly, not all website allow for this so it doesn’t work all the time. In these cases, the best work around is to click ‘copy” in your password manager and paste it into the login fields on the website.
In summary, it's pretty clear that password managers have a ton to offer to not only save you time but also make your organization much more secure. The main draw-backs for organizations is figuring out how to implement in their organization. We do this for our clients regularly and can for you if you don't have an IT department or IT vendor that can help. Click here to request a quote from us.