As any introductory security awareness training will tell you, hard-to-guess passwords are essential to protecting your accounts. In today’s cyber-threat landscape, that means using a mix of letters, numbers and symbols while also playing with capitalization. Most importantly, it shouldn’t spell out anything that’s easy to attribute to you, thus giving hackers an easy time guessing your account credentials.
Protected passwords not only safeguard you against broad attacks like password spraying, but simultaneously make it difficult to coax out your password through simple social engineering tactics. Since the most obvious password might include your kids’ names or the street you grew up on, cybercriminals often get you to give up that information because then they find it easy to guess the rest. Complex and randomized passwords negate this pathway into your accounts. Similarly, every website should have a different password so that breaching one doesn’t necessary mean cracking the others too.
Meanwhile, this creates a second problem. If cybercriminals can’t guess your gibberish passwords, how are you supposed to remember them?
Maybe you’ve solved this conundrum a simple way, like cutting and pasting a list in your notes app or keeping a journal locked up in your desk. Unfortunately, writing down your account credentials, whether digitally or physically, creates opportunities for a thief to get their hands on it. That’s why many people use a password manager instead.
What is a Password Manager?
No, it’s not an intern who follows you around reciting alphanumerical combinations at you from memory. Password managers are encrypted applications that come as a phone app or a browser extension. They can:
- safely store ALL your credentials
- retrieve and fill in your account information with the press of a button
- prompt you to change insecure passwords
- scan the dark web for compromised PII
- remind you to change passcodes regularly (did you know ones you’ve had for years are as insecure as simple ones?)
- generate secure keys for you
- download onto multiple devices to more easily share secure passwords from your phone to your computer
Different password managers will, of course, vary in price and boast some or all of these features. Depending on if you opt for a free manager or a paid subscription, you may get additional benefits besides even those listed here. Do plenty of research before downloading one, to make sure you choose the password manager that’s right for you!
Are There Downsides?
We’ve yet to invent a technology that had no security flaws, and of course cloud storage is no different. If you’re logged into your password manager on both your phone and computer, and then your phone gets stolen, the manager and all its contents are compromised completely. Take additional precautions to prevent thieves from accessing the vault, like TFA or physical safeguards that add extra layers of protection between unauthorized eyes and all that confidential data.
The other trick is making sure that your Master Password — the one that gets you into your Password Manager of choice — does not match any of the ones locked in its vault. Why? If a hacker gets control of an account that shares the password, but which is less secure, then they could potentially break into your entire storage of saved credentials.
The real value lies in threat mitigation. If you didn’t have a password manager, but a similar exploit still occurred, would the damage be worse? Yes, a hacker could theoretically steal the database of passwords stored therein. They are much more likely, however, to spam individual accounts with attempted break-ins. Therefore, the safety awarded by an encrypted storage system offsets risks of theft, which would be much greater if you didn’t use a manager in the first place!
Cybercriminals are often looking for the easiest target, the most vulnerable accounts, or the most amount of people they can spam with generic threats at once. This isn’t always the case, of course — for instance, spear phishing attacks are designed with your vulnerabilities in mind — but everyday steps like these will ward off an astronomical number of generic cyber events.
There are a plethora of Password Managers to choose from. Start looking for one that meets all your individual online needs, today!