“Jeeves, My Password Please…” – The Case for Password Management Software
In this day in age, we are constantly inundated with improvements to our processes. From newer software that allows us more agility and flexibility with our time tracking and resource usage to new payment methods that require only a single device, not several plastic cards or a check. Why, then, should we not bring these same innovations to the world of passwords? Password Managers do just that, allowing you to almost outsource the storing, memorization, and generation of passwords while maintaining only a single password that you have to remember to access the rest. They also help address several password problem areas that make them a much more secure, and less stressful, option for organizations to manage passwords. Below we will take a look at some of these problem areas, and how they can be addressed with the addition of a password manager.
- Don’t reuse passwords
- Reused passwords increase the risk that a previously breached account will provide valid login credentials to a bad actor
- A password manager can be set to invalidate a selected window of previous passwords, making them ineligible for use! This means that a new password will be needed every time, and a previously compromised password will not immediately give access to your systems
- Can help prevent Keyloggers from gathering password keystrokes
- Since you are not manually entering the strings, they are more difficult to intercept using Hardware Keyloggers, as the password manager is the one completing the fields automatically on registered sites.
- Encourages the use of premade, secure passwords, based off sound security practices, rather than those that are easy to remember
- Encrypts storage of passwords vs. Excel document, reducing risk of data lost in breach of system
- Users have a habit of writing down things that are difficult to remember. With a password, this means that there is a physical copy that can be stolen, read, or otherwise compromised, and give access to the system.
- Central management means that no users need to write passwords down, as they are accessible in the database, and provides them an easy way to enter passwords, meaning complexity issues are a thing of the past.
- Can use things like YubiKey to generate one-time passwords or PINs
- Multi-factor protection of your password manager provides additional confidence that in the event of a compromise, your data will still be safe and secure
THIS DOESN’T MEAN STORING PASSWORDS IN BROWSER MANAGER!!! These are not secure, as browsers are notoriously exploitable, and they do not populate across ecosystems, meaning that moving from Windows to Android involves the likely loss of stored credentials. But, password managers take care of this too! Regardless of the hardware, OS, or other variables, if you have the password manager installed on the device, you will have your passwords readily and easily accessible! This can also aid in the detection of Malicious Impersonations sites, as the site will not contain the markers needed to trigger your password manager to fill the fields, which can be an early indicator that something is amiss.
In summation, a password manager removes a lot of the burden of manually tracking, updating, and keeping all your passwords safe and ready by using a combination of a single password and Multi-Factor Authentication to keep them secure. By having the Manager remember these, complexity requirements are no longer an issue, as employees will not have to remember each password, but instead can make a complex password without fear of forgetting it. While this may not alleviate all issues, it can definitely lead to lower stress for your employees, and better security for your business.