Let’s face it. Most of us are pretty bad at creating new logins for every single account we use, both at home, and especially at work, and don’t even get me started on remembering passwords for accounts I only use once a month. But lucky for us there’s something that makes this a problem of the past.
With a password manager it’s simple: you only have to remember one password/passphrase and the rest is auto-filled for you.
So let’s talk about all these different passwords. To be secure you must have a different login for each account you use online. Otherwise, if one of your passwords was compromised, and you used that same password for every account you use, you’d make it extremely easy to be hacked. However, most of us have so many accounts that it’d be impossible to remember a unique password for every single one. For example, I currently have 34 passwords stored in my LastPass - there’s no way I could create, or better yet remember, that many different passwords, all needing to be a certain length, with capital and lowercase letters, numbers and special characters. Password managers can auto generate new, strong, and completely random passwords that follow all the general password guidelines (though these guidelines may be changing soon).
Password managers also allow you to securely share passwords with co-workers. In LastPass for example, you simply select the login you want to share, and click “share”. The recipient will be sent an email notifying them that they’ve been added to a shared folder, and the login will show up in their “Vault” automatically. Gone are the days of unsecurely sending passwords through emails or chats, or even writing them down on a sticky note for the other person.
Okay, so maybe you’re asking the question “Why do we need this if my browser can save my passwords for me?” Simple. Browser security just isn’t as strong as a third party, whose main job is to keep your passwords safe. It’s easier for viruses and malware to steal passwords and data through a browser, than an encrypted third party. In addition, most browsers don’t detect your password changes and automatically update them, like password managers do. And finally, with a password manager, you are prompted to enter your master password at the beginning of each online session, so that if someone besides you uses your computer your passwords are not filled in. If all of your passwords are stored in your browser, these passwords would be autofilled, giving anyone access to all your accounts with stored passwords.
I know this might sound like a big project, and there are some common concerns that understandably come with using a password manager.
Storing all passwords in one place seems inherently dangerous
This concern is definitely not unwarranted. What if the password manager gets hacked? What if I forget my master password? These are all thoughts that go through everyone’s mind before they tackle this process. The good thing is though, password managers are designed to keep your data safe in the event of hacks, and most have simple and easy to follow instructions for setting a new password.
In the case of LastPass, the concern of hacking is one that they’ve actually dealt with, without the loss of any user's personal information and passwords. Because of their enhanced encryption systems, your passwords are safer there than anywhere else - not even employees of LastPass can see any of your passwords. The simple fact of the matter is, if they weren’t protecting data and passwords correctly, they wouldn’t be in business anymore. All of the password managers that we would recommend have very clear cut ways to retrieve or update your password or security code should you need it.
While it’s understandable to be cautious about keeping all of your passwords in one place, the benefit of having completely secure passwords for each site is worth the slim chance that something might happen.
Do password managers store master passwords, making them easy to hack?
No. Most password managers encrypt your master password and make sure that it isn’t saved on any of their servers. This is the reason why changing your master password on a password manager isn’t as simple as changing it on most other accounts. They are designed this way to keep you safe, and they do a pretty good job.
So what do we recommend?
As you can probably tell we use LastPass here at IT Freedom, and it’s the first one we would recommend to any company wanting to step up security and start having their employees utilize a password manager. We would also recommend, iCloud Keychain (by Apple, built into Macs iPads and iPhones) and Chrome Sync (by Google, built into Chrome).
The last two you may not see on most other password manager blogs, but we have some solid reasoning to back them up:
Most password management suites tend to fall short when it comes to making sure they are secure and long lived, because they tend to be cloud-based software developed by startups. For this purpose, startups tend to be volatile by nature and when they produce cloud-based software, that software stops functioning if they go out of business, or radically change if they get bought out. Startups also have a history of very severe compromises, as in “our entire database was downloaded by we-don’t-know-who, because we were being irresponsible”. While LastPass was a startup, they have shown a strong commitment to security and have proven to provide a very solid platform. Our other recommendations are backed up by solid companies. Google and Apple aren’t going away anytime soon and though their password management features aren’t flashy, they are technically sound, which is what’s ultimately most important.
If you still have questions on whether or not a password manager would be good for your business, or would like to find out how to implement them and improve your company security, please reach out. We would love to help!