Choose a Password Manager for Less Stress and More Security
All of us have felt the frustration of having to remember multiple passwords, many of which must be constantly changed. To help alleviate the pain, we will often use a notebook, use simple passwords that are easy to remember, and reuse our passwords across multiple sites. These are strategies that make it easier to manage our passwords, but they also make it easier for bad actors to guess or steal our credentials.
Common Password Handling Mistakes
Keeping a physical copy of the passwords within the confines of your office can seem safe enough, but leaving it there could expose your credentials to anyone who wanders in or has a master key—colleagues, supervisors, maintenance/cleaning personnel, or the occasional disgruntled coworker. Additionally, if your notebook is damaged or lost, there may be no way to recover those credentials. (Same with being at home: kids, pets, a spouse cleaning up “trash”—any number of accidents can befall written down passwords.)
Setting easy passwords may seem like a convenient shortcut, but that also makes it easier for an attacker to guess. With the growing number of database breaches, hackers have a treasure trove of personal information they can use to guess your password or answer security questions. In some cases, they also harvest encrypted passwords that they can run through decryption software. And if you reuse credentials, and just one of those accounts or sites gets compromised, then you can be sure that all those logins are now compromised. Bad actors will try to use harvested credentials on multiple sites because they know we like to reuse passwords.
The Better Way to Manage Passwords
With so many passwords to maintain and change on a constant basis, it may seem like a never-ending task. Enter the password manager.
A growing number of companies (see examples with links at the bottom) offer software that can store and encrypt your password library with one “master key” password. In addition, you can reinforce security with two-factor authentication such as code generators through Google Authenticator, SMS (text), and e-mail or hardware tokens such as Yubikey. Other authenticators such as Authy and Microsoft Authenticator can give you a push notification that you accept without needing to enter a code.
Apple has also joined the password manager market by offering a built-in password manager, and Google offers tools that include plugins and warnings about weak or compromised passwords when you’re using Chrome.
Benefits of Password Managers
Password managers will not just keep your passwords secure, but many also offer plugins that can auto-fill your passwords on websites and can generate complex passwords on demand and save them when you create a new login. They can also help keep track of sensitive information, such as social security numbers, driver’s licenses, insurance cards, etc. Some managers will even allow you to save images of sensitive documents for retrieval.
As an additional benefit, auto-fill can bypass malicious keyboard logging software, which can record your keyboard strokes and clipboard contents every time you copy and paste.
Risks to Consider
The benefits from a password manager are clear, but like any piece of software, it can still contain flaws. Companies such as Lastpass and Blur have reported breaches, although attackers did not obtain any password data. This should not discourage users from password managers, as online security is not about being “unhackable” but about being more secure than the next user, who might be still reusing passwords or recording them in plaintext software like Notepad or Evernote.
Some companies like banks discourage the use of password managers, as it represents a risk outside of their control. They still recommend that users choose a complex password and never write it down. This is sound security advice but is hardly practical for every website. Especially when you consider that NordPass reported earlier this year that the average person has 70-80 passwords to maintain.
Password managers may not be perfect security, but they are a far better alternative to easy-to-remember (and therefore easy-to-crack) passwords, password reuse, and storing any passwords in plaintext documents, notebooks, or on sticky notes.
Despite some of its drawbacks, password managers will continue to gain market share as our world becomes more digital. And you can reinforce your vault by adding a second authentication method like a code generator or authenticator.
Bad actors will continue their attempts to get your credentials, but you can make their job more difficult by bolstering your security.
Please note that Infinity does not endorse any particular tool or company. We strongly recommend that you use a password manager, but we do not assume any risk or liability from that choice. Be sure to consider pricing (some are free), features, and any capacity or sharing limits that may impact your decision. If you have questions, please feel free to contact us.