Feature Image: "frtknx", is a derivative of 050/365 | Fort Knox by keepingtime_ca, used under CC BY. "050/365 | Fort Knox" is licensed under CC BY by Alex Dean Cybulski

Security Professional Pro-Tip: Password Managers

Alex Dean Cybulski Blog

Last week we talked about why using the same password for all of your online accounts, password re-use, was fatal in the era of the daily data breach. This week we’re going to show you some ways to create strong, unique passwords and how to organize them.

Making strong, unique passwords is tough. You’ve probably heard tons of unhelpful or contradictory rules and policies for creating strong passwords, including “change your password every 2 months”, “use sentences, not single words to create passphrases”, “make sure they are totally random with letters, numbers and special characters!” or “use dice to make a random password every time!”

You’ve probably heard tons of unhelpful or contradictory rules or policies for creating strong passwords…

It’s difficult to say what the best method is for making passwords and it’s much harder to say how you’re supposed to remember the dozens of different passwords you need. Especially if you’re using a different password to log into your e-mail address, order pizza online, connect on social media and book your next meet-cute on a dating website. If you can’t write them down it seems like you’re going to forget them. Having to reset your passwords constantly isn’t great for your account security and it gets tedious.

Considering using a password manager instead…

Consider using a password manager instead. A password manager can make your life a lot easier and more secure. Password managers are programs that help you create strong passwords and store them in a secure database. Instead of memorizing dozens of unique passwords you only have to remember the one needed to open your password file.

When it comes to managing your online accounts securely, password managers are a blessing. There are password managers available for Windows, Mac, Linux and mobile devices including both Android and Apple phones. There are even online services that will store your passwords securely in the cloud for a subscription fee (but don’t run out and get one of these just yet, more in a minute).

Password managers come highly recommended by many digital security professionals, they make managing dozens, even hundreds unique passwords easy. With that being said, there are some limitations you need to be aware of before you dive in.

1) Password managers kept on your computer use encrypted key files. Which means that when you create a password file, you are the only person who knows the password to open that file. If you forget your master password, you’ll have to manually reset all your passwords and start over. Still, not a bad trade-off compared to having your account breached because of password re-use.

2) Cloud password managers work on almost every platform and synchronize your passwords automatically. The problem? They are also a popular target of online criminals. So before you run out and pay for a subscription, do your research. Has the cloud password manager you’re looking at had a data breach before? That might be a good warning sign to steer clear.

3) You still need to make sure your computer and browser are free of malware that might steal your passwords. If someone is shoulder surfing, or digitally shoulder surfing your password manager they might know your master key.

Here are a few password managers the Security Matters team uses themselves:

PC/Windows:

KeePassXC: https://keepassxc.org/

KeePass Professional: http://keepass.info/

Mac:

KeePassXC: https://keepassxc.org/

1Password: https://1password.com/ (cloud based)

Cloud/Mobile:

1Password: https://1password.com/ (cloud based)

KeePassXC: https://keepassxc.org/

Over the next few weeks the Security Matters team will provide some tutorials for how to use this software.

Feature Image: “frtknx”, is a derivative of “050/365 | Fort Knox” by keepingtime_ca, used under CC BY. “050/365 | Fort Knox” is licensed under CC BY by Alex Dean Cybulski