Password Managers Protect the Organization
We hear all the time about stupid things people do when it comes to creating passwords; the most commonly used passwords in the United States for the past several years include “123456”, “password” and some variation like “password1234”. People are easily tricked into giving away their passwords to the likes of Jimmy Kimmel or Ellen to our amusement. Before Sony was breached, they infamously kept their passwords in a file called “Passwords”!
The bottom line is it is nearly impossible to effectively create and remember all the passwords we need to function in our daily lives. It seems there are two ways people handle this. They continue to use the same (usually poor) passwords over and over or they do what I highly recommend and use some sort of password manager program.
A password manager is a software application that helps a user store and organize passwords. Password managers usually store passwords encrypted, requiring the user to create a master password; a single, ideally very strong password that grants the user access to their entire password database. For a hint on creating that all-important master password, check out our blog on that topic.
At a minimum, a good password manager program should:
• Have a strong password generator— a single click gives you a random, extremely strong new password using combinations of digits, special characters and mixed cases letters. No more having to think of (and try to remember!) catchy, unhackable passwords for each account.
• Use a “vault” in which all of your data is stored and is ready to be automatically accessed when needed by simply typing one master password that only you know. Of course, if you forget your master password, you may be out of luck, though some password managers offer password recovery under certain circumstances.
• Be easy to use– one click can open your browser, take you to a site, fill in your username and password, and log you in. Many password managers can import a list of passwords from generic CSV or TXT files, a browser’s password cache, and in some cases from other password managers.
• Have the ability to store your credit cards, reward programs, membership cards, bank accounts, passports, wills, investments, private notes and more. Think of it like a 21st-century digital wallet. (But no one can pickpocket you.)
• Show all your items with weak, duplicate, and old passwords so you can decide which ones to fortify and update. No more using five variations of your childhood dog’s name. It will look at the strength of each password as well as find duplicate passwords and replace them with strong, unique ones.
• Be fluent in multiple platforms and browsers, including Mac, Windows, iPhone, iPad, Android, and Windows Phone.
Some additional features you may want to consider:
• The ability to allow file attachments, so you can safely store related receipts and images, and keep track of your software licenses.
• Can you place your password vault in Dropbox or on a USB thumb drive, so that you may use it from any traditional computer in the world with a modern browser? This has security implications of its own, which you’ll need to consider, of course.
• Some offer a menu of credit cards that actually look like credit cards and can track online purchases.
• An emergency contacts feature that will ensure that your credentials won’t be lost if something happens to you.
• Cost—there are plenty of free versions around, but they usually have limited uses and not as many features. I’d say spend the money to get what really works for you.
Fully 50% of the corporations that I work with and speak to have had data breaches due to poor password habits. Surprising, given how many of those would have been avoided had they simply used password manager software.
John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.