Zakini | Managed IT Services

View Original

Why you should use a password manager.

Did you exhaust your passwords?

You’re not alone. Most people use the same password everywhere – home, work, email, social media… even for banking. When it comes to cybersecurity, passwords are a critical component. The problem is that most people use weak passwords and often reuse those same passwords on different websites. A major issue is the sheer number of passwords we must remember. Between email, banking sites, social media, utilities, and the variety of other websites and services you need to log into how are you supposed to use strong, unique passwords on all those different sites? Your best solution is a password manager.

Considering how many passwords we’re expected to remember and use on a daily basis, password exhaustion is a very real thing. It’s no wonder that when yet another prompt for a password appears, users enter easily guessed combinations like ‘abcd’ or ‘password’.

Trouble is, even if your password is making the required effort, hackers are taking a daily stroll around the internet and collecting logins and passwords as they go, from either leaked details or sites with security flaws. Then, they’ll try their luck with that login/password set elsewhere.

They know more than half the internet users in the world have only one password and email combination, so the chance of gaining access to your accounts is actually quite high. The only way to break this chain is to use a different password for each site.

Why You Should Use a Password Manager, and How to Get Started.

Stay current on technology and business practices.

A password manager will take a load off your mind, freeing up brain power for doing productive things rather than remembering a long list of passwords. A password manager is an application designed to store your online login credentials and other important information in an encrypted database or “vault”, across websites you use and help you log into them automatically. It is locked by a master password or key that only you know.

You may be thinking “that doesn’t seem smart, what if someone gets my master password?” That is a reasonable fear but assuming you have chosen a strong, unique, but memorable, master password it is a very effective way to protect the rest of your passwords and login credentials. If you’re creating a new account, your password manager will offer to generate a secure random password for you, so you don’t have to think about that, either. It can also be configured to automatically fill information like your address, name, and email address into web forms.

And they do more than just store your passwords – they also help you generate complex, unique passwords when you sign up for new websites or services. It doesn’t matter how complex or hard to remember the password is because when you go to that website to login you can pull up your password manager and simply copy and paste your password into the login box. Most password managers even come with browser extensions that will automatically fill in your password for you once you have entered your master password. Many of the password managers available also provide the ability to perform an encrypted sync across devices. That means you can take your passwords with you anywhere – across different computers and even on your phone.

There are several cybersecurity issues that can be resolved with the use of a Password Manager.

Let’s take a look at the 5 main reasons why you should adopt a password manager.

  • You’re using the same password on multiple websites.

    The 2019 Google Online Security Survey found 52% of respondents reused the same password for multiple (but not all) accounts. That is not surprising when the average person has 70 – 80 passwords to remember. According to the 2019 Verizon Data Breach Investigations Report, 80% of data breaches are caused by compromised, weak, and reused passwords.

  • Your passwords are too simple.

    When you’re relying on your memory for your passwords it is not surprising that you might be using simple or weak passwords. According to a survey by Google, a quarter of Americans admit to having used one of the easy-to-crack passwords like “123456” and “qwerty.” Some other combinations that have been used by 24% of US adults include: “abc123,” “password,” “welcome,” “admin,” “Iloveyou,” and “11111.” Often in office settings where password changes are forced periodically people simply change or add one character from their previous password. Using a password manager to generate new completely random passwords prevents you from using variations on your usual theme or making them similar to previous passwords you have used.

  • You only need to remember one password.

    All you need to remember is the one master password you use to access all your stored passwords. On modern devices, you can also unlock your vault with biometric authentication — like Face ID or Touch ID on iPhones and Android devices. Just make sure your master password is incredibly strong, change it out as often as you see fit, and if possible, add 2-factor authentication.

  • You will always have your passwords available with device syncing.

    Need to have your passwords with you from multiple locations? Make sure to choose a password manager that offers device syncing. With this feature, you can access your passwords on your desktop, your laptop, and your mobile devices. This ensures you always have your passwords with you whenever you need them.

  • You can store more than just website login credentials.

Most password managers have sections to store more than just website logins. You can store information and ID numbers for your insurance cards, credit cards, memberships, Wi-Fi passwords, and other text notes. You can store them all in the encrypted vault knowing they are safe and easy to find.

Types of Password Managers.

There are two main types:

  • Desktop -based password managers. They store your passwords locally on your device, like your laptop, in an encrypted vault. The downside is that you cannot access those passwords from any other device, and if you lose the device, then you lose all the passwords stored there. Some locally installed password managers provide the convenience of allowing you to create multiple password vaults across your devices and sync them when you connect to the Internet. This keeps the data locally but only uses the internet as the syncing mechanism.

  • Cloud-Based password managers. They store your encrypted passwords on the service provider’s network. In this case, the service provider is responsible for the security of your passwords. One of the biggest advantages of cloud-based password managers is that you can access your password vault from any device as long as you have an Internet connection. Web-based password managers come in different forms—most commonly as a browser extension, desktop app, or mobile app. Not sure you trust you’re a password manager in the cloud? All the top password managers use 256-bit AES encryption, offer two-factor authentication (2FA), and zero-knowledge security. Zero-knowledge security means that although the password manager knows your passwords, the company that makes the manager doesn’t so they won’t be able to access your information.

Don’t Reuse Passwords!

Password reuse is a serious problem because of the many password leaks that occur each year, even on large websites. When your password leaks, malicious individuals have an email address, username, and password combination they can try on other websites. If you use the same login information everywhere, a leak at one website could give people access to all your accounts. If someone gains access to your email account in this way, they could use password-reset links to access other websites, like your online banking or PayPal account.

To prevent password leaks from being so damaging, you need to use unique passwords on every website. These should also be strong passwords – long, unpredictable passwords that contain numbers and symbols.

MSPs have hundreds of accounts to keep track of, while even the average person likely has 70-80 different passwords to remember. Remembering such strong passwords is nearly impossible without resorting to some sort of trick. The ideal trick is a password manager that generates secure, random passwords for you and remembers them so you don’t have to.

Getting Started with Your Password Manager.

The first big decision you are to make is choosing your master password. This master password controls access to your entire password manager database, so you should make it particularly strong – it’s the only password you’ll need to remember, after all. You may want to write down the password and store it somewhere safe after choosing it, just in case – for example, if you’re really serious, you could store your master password in a vault at the bank. You can change this password later, but only if you remember it – if you lose your master password, you won’t be able to view your saved passwords. This is essential, as it ensures no one else can view your secure password database without the master password. After installing a password manager, you will likely want to start changing your website passwords to more secure ones. Some password managers can identify the weak and duplicate passwords you should focus on changing. Others even will help you figure out which passwords might need to be changed.

What to Do If Your Password Has Been Hacked.

You can check to see if any of your accounts have been compromised by entering your email into a site like haveibeenpwned.com If it alerts a breach, you need to change your passwords immediately – all of them. Use the example system above to create a new set. If you’re struggling to remember your set of passwords, consider using a secure password tracker such as LastPass. (http://www.lastpass.com).

If you need help changing your passwords or setting up a secure password system, let us know on (305) 400-0992 and we’ll be more than happy to help you.