The average person has more logins and passwords than they can remember off the top of their head. Aside from the numerous essential accounts we maintain for work and personal use — banks, social media, SaaS work tools, etc. — most users have a significant number of accounts they’ve created and forgotten about over time. Maybe it was an online store that was only purchased from once, or perhaps a social media account that fell out of use.
For all of these accounts, we have to set (and remember) a password. Most people fall back on the easiest methods of doing this, such as using their kids’ or pets names, birthdates, and common words.
Using common words or phrases isn’t a very secure way to create passwords. This is why account providers have begun adopting requirements to encourage stronger login passwords. Some don’t allow common words or passwords that you’ve used in the past. Some require minimum lengths and/or a certain number of special characters.
Making Passwords More Secure
While this is a step in the right direction for security, it places a greater burden on the user who must now remember long, complex passwords. This means that people may write down their complex passwords, or worse, type them into unencrypted files on their device. Both of these shortcuts take a big chunk of the efficacy out of password security.
And cybersecurity is not something to take lightly these days:
51% of people use the same passwords for both work and personal accounts.
Over 80% of data breaches are due to poor password security.
90% of passwords are vulnerable to attack.
Hence the rise of password managers. Password management tools bridge the gap between having to create strong passwords and convenience. Many managed IT service providers offer and recommend a password manager to secure their clients because of the massive increase in security they can provide at a very affordable cost.
Let’s take a look at how password managers work and how they help keep you secure.
What is a password manager?
A password manager is a software solution that houses all your passwords in one centralized “vault”. A single master password can access the encrypted “vault”. Password managers bring many benefits to the end-user:
The best password managers will use randomization to create complicated passwords that are nearly impossible to crack.
Only the password manager’s master password needs to be remembered. Because it unlocks access to all of the associated accounts, it still needs to be a strong password. Remembering one password is far easier than remembering dozens.
Many password managers incorporate additional protection measures like two-factor authentication (2FA). When you attempt to log in to your password manager, a unique, one-time verification code goes to your mobile device. Security experts highly recommend 2FA as it is very difficult to bypass.
Are password managers secure?
The assumed risk with using a password manager is that it keeps all of your sensitive login information in one place, therefore making it easier to steal or otherwise compromise. Current providers use numerous layers of security to greatly reduce the chance of your secure vault being hacked.
In fact, most major password managers like Password Boss have never had a substantial security breach. As with all types of software, some password management services have had vulnerabilities show up. Many of these vulnerabilities are resolved without incident. At this point, the risk of someone digitally compromising a secure password manager is far less than the risk of someone, say, finding your master password written down. Therefore, cybersecurity experts recommend using a password manager to secure your account.
Which leads to a concern that’s a little different than a hacking incident. What about the possibility of being locked out of the password manager and your accounts by losing or forgetting your master password? Most password managers have a recovery system in place for such an event.
Part of choosing a good password manager is evaluating their recovery methods to alleviate this concern. Whatever the method, it should be secure enough to prevent someone from using password recovery as a backdoor into your accounts.
All told, most password managers boast a number of security features to minimize any concerns of security risk. Although every manager is different, some of the methods used include:
Encryption: Encoding your passwords into an unreadable encrypted file is one step that helps prevent unauthorized access. The best password managers use AES-256 encryption, considered to be extraordinarily difficult and time-consuming to crack. Some use several layers of encryption or even store every password in its own encrypted file.
Zero-knowledge architecture: To prevent hackers from breaching the password manager’s databases and leaking all of their customers’ passwords, most password managers use the “zero knowledge” approach. This means that the password manager doesn’t actually know your passwords because the files are encrypted before they are stored remotely on their servers. Your IT provider or MSP will not have access to that data, either.
Biometrics: Some password managers allow users to set fingerprints and face scans as a means of gaining access.
Multi-factor authentication (MFA): This requires users to have access to an additional device in order to log in, usually the account owner’s smartphone. Because gaining access requires something you know (the master password) and something you have (the MFA device), it’s very difficult for hackers to bypass.
Token devices: Similar to MFA, some password managers allow the use of token or stateless devices as an additional security measure. In most cases, this is a secure USB “key” that needs to be inserted into the device before access is permitted.
Dark web monitoring: Some password managers continuously scan the dark web in search of instances of users’ passwords. If it finds this data, it means the passwords have been compromised and should be changed.
How do password managers generate strong passwords?
Not only can a password manager secure and store your passwords, but they can also help with the task of creating unique and complex passwords. Using the password manager’s algorithmic generation makes passwords more difficult — almost impossible — to crack or guess.
The algorithms used in password managers are themselves complex. However, their purpose is simple. They allow for a different generated password for each login to make things very difficult for hackers. Every algorithm-generated password includes a combination of upper and lowercase letters, symbols, and numbers. Generators can make every password unique and eliminate the risk of being cracked. A long, seemingly-random password would take hundreds of years for current technology to crack.
Algorithmically-generated, strong passwords look like this:
As you can see, these would be completely immune to dictionary attacks and nearly impossible to guess. Even if a hacker spent hours studying your social media accounts, they would never find the information they need.
Should You Use a Password Manager?
Password managers are a useful tool for anyone who uses the internet. Because of increasing demand on strong passwords, most cybersecurity experts consider password managers as not only secure but essential.
While some people are deterred by the idea of having all credentials stored in one place, the use of zero-knowledge architecture makes hacking or leaking of account data very unlikely. Adding MFA to the equation reduces the risk even further, making the benefit of unique, strong passwords far outweigh any perceived risks of using the password manager itself.
Using the same two or three passwords across numerous websites — especially when they’re weak passwords — is a known cybersecurity risk. Poor password hygiene can result in major breaches if a frequently-used password makes its way onto the dark web. A password manager’s ability to not only store but create strong, unique passwords is a true asset in the fight against cybercrime.
Ask your managed IT provider or IT team about using a password manager to secure your business. They can handle the (minor) heavy lifting of setting up the solution, while your team enjoys all the benefits of safer accounts, more secure technology, and far fewer passwords to remember.
Why Use Password Boss?
Password Boss is a complete end-to-end password management solution designed and developed by an MSP specifically for the needs and the ways that today’s MSPs work and support their customers.
Strong Password Generation
Multi-Layered Security – AES-256 and PBKDF2
Two Factor Authentication
Secure Password Sharing
Built-In Dark Web Feature