Managing Passwords

Passwords can be a pain. There is a battle between having a password that can be easily remembered and one that can’t be guessed or otherwise hacked.

How many of us have ever used the same password over and over again on multiple sites? I can say that I used to be guilty of this. I’m not letting those of you who may have a slight variation of the password for various sites off the hook either though. MyPassword becomes MyFacebookPassword or MyGooglePassword or MyApplePassword. While you might get a point or two for not using the same password, as soon as an attacker (someone you don’t know OR someone you do know) figures out the pattern they are going to have access to MyBankAccountPassword too!

Fortunately there are tools out there that will help you manage and keep up your passwords. Your managed service provider or computer support company might have a tool that they use and support, so check with them first. Here are some things a password manager should be able to help you with:

Generating secure passwords: Let’s face it, you can only think of so many memorable passwords. Looking around the office for clues for what to use for your next password, you might end up with something like my1stiPad or 1BIGflower. While these might be better than my dog’s name or my kid’s date of birth, they are fairly easy to brute force (or crack by a computer). A good password generator will quickly and easily generate a password like Zulu268@reft or even better something like 4;EUWVG9JFJFkV!

Remembering your secure passwords: Now that you’re creating passwords that are harder to memorize you need to be able to track all the different passwords you’ve created. This is an obvious feature.

Automating login: When you have hundreds of unique passwords you’re not going to want to go through the effort of finding the password each time you want to sign in to facebook. Fortunately, most password managers have plugins or extensions for popular browsers to automate login. When the password is saved with the website or URL, you can generally fill the password with one or two clicks and you don’t even have to leave the browser.

Phishing protection: Because the password manager is going to make sure you’re actually on the correct page (or at least website) and not an imposter, it helps protect you from providing your credentials to hackers who have made a fake login page for the site you’re trying to reach. (Note that nothing is 100% effective, but this is a big step in the right direction and when combined with other security can yield very effective protection.)

Automating saving passwords: Just like it is possible to automate login, password managers will prompt you when you’ve manually typed a password to enable you to quickly save the password. This helps get your passwords into your application.

Auditing your passwords: A great feature of 1Password is the security audit which contains a number of features itself:

• Watchtower maintains a database of sites that may have experienced a vulnerability and it identifies those passwords that should be changed as a precaution.
• Weak passwords which don’t meet the recommended complexity (something like password or 1234).
• Duplicate passwords shows passwords that have been used for more than one website. It’s not recommended to reuse passwords because if Netflix or Amazon gets breached you don’t want the attackers getting into your bank. Likewise, you don’t want one vulnerable bank account to allow access to your other bank accounts (at a different bank using the same username and password).
• Old passwords that haven’t been changed in a time period like 6-12 months, 1-3 years and over 3 years old. There are differing opinions on how frequently you should change your passwords, but let’s just say that after three years it’s probably time for a change.

Secure storage of sensitive or important information like credit cards, bank accounts, driver licenses, social security numbers, software licenses, etc. Most password managers have the ability to hold these types of data and other items including secure notes. When combining the auto filling capabilities of the password application and storing your credit card or address information it is now easier to check out when purchasing items online.

Mobile access: We all need to be able to access our passwords and other sensitive information when we aren’t in front of our computers. Most applications provide mobile applications or mobile websites where secured information can be accessed.

Sharing: While we need to be careful who we share passwords with, it’s an unfortunate reality that other people sometimes need to access sites using our credentials with our permission. We don’t want to simply email the password in plain text to someone as this would allow our secure password to be viewed by others. Some applications have the ability to securely share a single password or an entire folder/vault with those that need access.

If your technology company doesn’t provide a managed password service, or you are looking for something for use outside of business hours, we recommend looking at 1Password. It’s available via a few different methods including one time purchase, families, teams and individual licenses.