Password managers are a critical component of authentication security.
The average user has no less than 40 online accounts, and people who work in IT can easily have over 1000 accounts. Unless you somehow possess the mental capacity to memorize unique, random passwords for all of those accounts, you need a way to securely create and manage passwords for you.
Two of the biggest challenges we face in online security are weak passwords and password re-use: Most people only have one or two crappy passwords they use for all of their accounts, and a breach at one site could lead to all of their accounts (and future accounts!) being compromised. Password managers solve this challenge almost entirely by generating highly secure and unique passwords for each of your accounts and storing them in a secure and easily-accessible manner.
The user is then only left with one final challenge: Creating a secure master password. This challenge is easily solved by using the Diceware method to generate their master password.
Here are some additional tips for using a password manager:
- Use a well-known and reputable solution that supports all of the devices and operating systems that you use. For Windows, Linux and Android, I suggest LastPass. For Apple users, I suggest AgileBits 1Password.
- Ensure that the solution you pick integrates seamlessly into your workflow. If the solution is too cumbersome or creates too many additional steps in your workflow, you are unlikely to use it.
- Do not be afraid of cloud-based solutions. For the average user, they are much more secure and far more convenient than offline password managers like KeePass or PasswordSafe.
- Never create your own passwords! Creating a strong, memorable password that is unlikely to be cracked is nearly impossible for the average human. Let your password manager generate unique, long, random passwords for each of your accounts, and use the Diceware method to generate a random master password comprised of at least four words.
How secure are the password managers themselves?
Password managers are a trove of critical information, so it’s only natural that they are heavily targeted by criminals. Breaches can occur through a myriad of vectors, up to and including physical theft; therefore, you have to plan for the eventuality that your users’ data will be compromised. LastPass and other password managers like it are designed specifically to withstand these types of breaches.
Looking for more information on keeping your business secure?
Check out our blog post,"What It Really Takes to be Secure."
Subscribe to this blog for additional tips and webinar announcements.