ITSecure Advisory - Password Managers

Back to ITS Updates

 

Now that you’ve created a strong password, the next challenge is learning how to secure them. Trying to remember tens or even hundreds of passwords can be difficult, if not impossible. Without a convenient and secure way to store all these passwords, we’ll eventually fall back into our habits and tendency of reusing weak passwords. 

What is a Password Manager? 

Let’s take a brief look at what exactly is a password manager, and how it can integrate into our daily lives. The following video is provided courtesy of Lastpass. There are many other reputable password managers, such as Dashlane, Bitwarden, and 1Password. 

Pros for using a password manager

  • Password managers can help you generate unique and random passwords for each service or website, and store these passwords in a safe and encrypted location.
  • The password vault is encrypted with industry standard best practice, and some password managers, such as Bitwarden voluntarily undergo a third party security assessment. 
  • Access to your password vault requires remembering just one password, known as the main password. Additional security measures can be layered on top of your password manager, such as Multi-Factor Authentication
  • Your password vault can be accessed from your computer or phone, offering a balance between security and convenience.
  • Some password managers can detect logins for new websites, as well as any changes to passwords, and streamline password management by automatically adding or updating entries, respectively. 

Cons for using a password manager

  • Since access to your password vault is protected by a single main password, this password must be unique, strong and never previously used. 
  • Although many vendors offer a free version, additional convenience and advanced features may not be available unless you have the paid version. 
  • Picking a reputable password manager requires looking into the costs, features, and past reputation. A password manager that is a good fit for you may not be the best for a co-worker or family member.
  • If you forget the main password, you may lose access to all of your other passwords unless you set up recovery options. As part of strict security, software providers will not be able to reset your main password. 

Should I use a password manager? 

Attempting to remember usernames and passwords for hundreds of websites and accounts can be a daunting, if not impossible task. Without the use of a password manager, we tend to reuse the same password, or rotate between a select few. This tendency has led to the rise of credential stuffing attacks, where attackers use credentials exposed in one data breach to target and compromise other unrelated accounts. Although adopting a password manager may initially feel unsettling, there are many security benefits to be gained.

Storing all of your usernames and passwords in a single database or file is akin to “putting all your eggs in one basket”. However, this is the case whether you’re using a physical notepad, Microsoft Word document, Google Doc, or an actual password manager. The difference and benefit in using a password manager, when compared to the others is that the vault  will be secured with industry accepted standards for encryption and access control. A password manager also provides a focal point for layering on additional security protections, such as Multi-Factor Authentication.

ITS fully recommends utilizing a password manager as part of adopting better password management practices. A password manager protected with MFA will go a long way in thwarting credential or password-based attacks. 

Additional information on Why You Should Use a Password Manager, and How to Get Started

 

Was this information useful? We're always adapting and changing, just like hackers. Please feel free to send us feedback. We'd love to hear from you and make Colgate more secure.