Most all websites we visit and applications we use require that we create a user account. When you consider email, work applications, online banking, e-commerce and social media we use on a daily basis, this adds up to a LOT of passwords to remember. It is impossible to remember an individual password for all these accounts. Many people will choose to use the same password or a simple, easy-to-remember password for many or all accounts. This is NOT the best practice to protect your private, personal or company information and can make you vulnerable to a cyber attack. Please visit our Password Security Blog for more information.
An available option to both, protect your information and reduce the number of passwords you need to memorize, is to use a Password Manager. In the sections below, review the benefits of and best practices for choosing the Password Manager that works best for your needs.
Primary benefits offered by a password manager:
- Centralizing the work of password management using a single tool
- The ability to memorize one master password and use it to access many saved passwords
- Availability of a strong password generator/password strength assessment tool built directly into the application
- The ability to access the password manager service whether you are using a computer, mobile device, or via the web (for most password manager services)
- A security-by-design approach that can be a part of an industry compliance strategy (HIPAA, PCI, etc.)
Browser password managers (Firefox, Chrome, etc.) are generally considered to be weak and relatively insecure solutions. It is NOT recommended to trust these with your secure data. More secure and feature-filled password managers are available which offer good accessibility and ease-of-use, and can be integrated into your browser or accessed from your desktop or mobile device.
Follow best practices when choosing a very strong master password for a password manager service and ideally use a passphrase which is strong and memorable. Research and compare password managers before choosing one to use (and particularly before adding any secure data to their service).
An additional benefit to using a password manager is the ability to secure the service using Multi-Factor Authentication (MFA), a security method discussed further in our Multi-Factor Authentication Blog
Since MFA prompts the user to complete additional identity-confirming steps which must be satisfied real-time during login, it is a solid countermeasure to the inherent vulnerability of using a single master password alone to unlock the password manager.
Choosing a Trusted Password Manager:
As with an anti-malware software, choosing a password manager service involves some research to determine which tool you feel confident to trust with performing such an important security role for you. Consider the following important factors when reviewing whether a password manager service is a good fit for you.
- Is it rated highly for security record (no reported security breaches or poor security practices)
- Does it have a product support team that can be reached, good customer service reviews, and high consumer protection rating
- Does it provide/advertise a product development schedule? This indicates future product development to keep adding value and maintaining security, and that the company plans to be around for years to come.
Determine if the product has all the features that you need:
- Does it include a secure password generator?
- Can it be accessed from the devices you use?
- Does it have a cap on use (number of entries allowed, etc)?
Determine what versions of the product are available and which is the best fit for you:
- Is a free version available for trying out the service and/or for basic users?
- Is a paid version available to take advantage of more features and/or for future growth?
Confirm the business model used by the manufacturer:
- Legitimate services may use a freemium sales model (free version available which is upgradeable to a paid premium version)
- Legitimate services may have only paid version
- Legitimate services can support their product through showing ads
- Legitimate services can support their product through donations from organizations and users
- Be wary of free services that are “too good to be true” where you do not understand how the product is financially supported. Many times products like these generate revenue from their user base by capturing and selling their data.
Some recommended password managers are:
Please feel free to review other blog posts regarding password security:
Multi-Factor Authentication Blog
If you have questions or would like to speak with someone about how we can assist you or about the services we offer, please click the link to setup a call.