A Guide To Better Password Management
Password management in 2021 is not easy.
Most people nowadays have many different accounts, for all sorts of things; social media, shopping, household bills, banking, entertainment, you name it… If you do it online you’ll probably have an account for it and be creating new accounts all the time.
For all these accounts you must create passwords, remember them, and then create a new one when they expire or when there is some new security disaster making us must reset our passwords yet again.
It’s overwhelming, which is why so many people give up on password security before they even start and resort to bad habits like using the same password for everything and never changing them. Worse, many people will use hacker-friendly passwords, like “123456”.
However, it doesn’t have to be like this — there is a better way.
You have two choices when it comes to securing your accounts and apps: Use a reputable password manager app’ or manage your passwords yourself.
A password manager is an app’ for all your devices: phone, desktop/laptop, tablet, and any web-browser that you use. At the click of a button, the app’ securely autofill’s login information for all your online accounts. It saves your username and password combinations in an encrypted vault and creates an easy, secure way to access all your accounts from any device. Your passwords are all searchable, and you can add notes for each account, like answers to security questions. All you need do is remember one master password that acts as the key to your password manager application.
Before we talk about choosing a good password manager and getting it set up, let’s look at what you’ll need to know if you decide to keep doing it yourself.
DIY password security
Doing password management, yourself isn’t an impossible but it does take work to keep your accounts protected and up to date with security changes, like sudden prompts to change your password.
Firstly, get your password hygiene in order. Do you use the same password on a bunch of accounts? Stop doing that. Go to each of those accounts and make a new password that is strong and hard to crack — here’s a quick guide on how to create a “strong” password.
How to make (and keep) strong passwords
· Make passwords that are at least 8 characters long — ideally more than 12 characters.
· Don’t use pet or family names, your address, birth date or other personal information.
· You must never recycle or reuse a password.
· Include upper and lowercase letters, numbers, and symbols.
· Change your passwords every three months or if there’s a security incident.
· Don’t let your browser(s) save your passwords for you.
Once you’ve got your passwords set, you’ll need to protect them by having good password hygiene. If you must copy them down anywhere, make sure they are difficult to access. If you’re going to record them in a document, make sure you protect that document itself with a strong password — the one you must remember.
Don’t tell anyone your passwords, and block “shoulder surfing” by covering your screen as you enter a password to make sure no one’s watching you.
Doing it yourself safely is possible if you don’t mind the extra work and can stay vigilant. But you can avoid doing all that password legwork by letting a secure password manager do it for you.
How password managers work
It’s important to understand that password managers are a line of much-needed self-defence for your own security. The sad fact is that most companies can’t be trusted with your security or privacy. Companies get hacked all the time, and they don’t like to fess up about it. A password manager helps you stay ahead of it.
Like I mentioned in a previous section, password managers protect your accounts by storing your login information in an encrypted vault and no one can open your password vault unless they know your master password. This makes it next to impossible for anyone to accidentally discover your passwords like they could if you saved them in a text file. These managers allow you to easily create complex passwords automatically, and the manager will remember them for you.
Password managers also have a cool feature where they can create a randomly generated, robust password for you with the click of a button. With one click, a password manager will make you an excellent new password, following current guidelines for strong passwords — like those we listed above.
They can also perform password-clean-up chores, such as when you want to eliminate re-used passwords. These handy apps help you find weak, old, or duplicated passwords and change them. Some managers will even notify you when one of your accounts is part of a breach.
Password manager key features:
· Securely remembers all your passwords
· Only you can access them
· Creates strong new passwords
· Helps you clean up bad & duplicated passwords
· Notifies you of compromised passwords
· Browser plug-ins for easy logins online
· Save notes, like answers to security questions
Picking a password manager
So, you’ve decided to use a password manager, but where do you start? Well, first, decide which one you want to use. Make sure it’s reputable and that it’s one you pay for. Free password managers are shady; if it’s free, there’s going to be a catch like bugs, dirty data practices or a lack of support should anything go wrong.
When you pick one, do a little Googling for reviews and articles just to be sure it’s right for you in terms of the features you want and need.
Using a password manager
Password manager setup is a snap. Sign up for your account and complete the usual billing info.
Then download the manager’s apps to your devices and make sure you get the browser extension too. When you want to fill in a password, simply click the extension’s symbol next to your address bar and sign in.
Since you’ll only need to remember your master password after this, make that one a long phrase — a short sentence, with a number and symbol thrown in for good measure. For example, you can use a dollar sign ($) in place of an “S” or a “3” in place of an “E”.
Then, start visiting the apps and websites where you have accounts. The password manager will ask you to save your login, and from that point forward it will know when you’re about to log in somewhere and prompt you for permission to fill in your credentials.
Most managers have “quick fill” shortcuts that do the work to log in for you after you enter your master password. If for some reason you need to enter a password by hand, instead of retrieving it from your memory, you can just open the manager and view it.
Some will also offer to store your credit cards and addresses. Which, by the way, is something you should never trust anything to do except a password manager. Criminals can exploit and extract your credentials from browsers, phones and operating systems, and much better than trusting your financial details to retail sites — your trust is way better placed into a password manager.
Are you concerned about cybersecurity for your business?
If you would like to know more about IT managed services that can drastically reduce your cybersecurity risk, get in touch with us.