One of the methods that can allow people to manage large numbers of passwords while ensuring security is a password manager.
The most used password is 123456. But this poor password hygiene is understandable considering that the average person must manage between 70-80 passwords. So, no wonder people choose passwords such as 123456, iloveyou, and liverpool1.
The trouble with passwords is that they are embedded in our digital culture, and we must find a way to make them usable yet secure. Poor password hygiene and credential phishing cause data breaches and open the door to malware, such as ransomware.
What Is a Password Manager?
A password manager is a digital vault that stores passwords (and sometimes other details such as financial card information). It can also generate unique and strong passwords and pre-populate password fields to make account registration and logging in easier.
Types of Password Managers
There are several types of password managers:
Mobile Apps Password Manager
Mobile devices usually come with integral password management functionality. For example, native apps include Apple Keychain and Google Password Manager. In addition, other specialist mobile apps can offer password management functionality above and beyond the native password managers.
Cloud-Based Password Manager
If employees and others need easy, anywhere access to accounts, cloud-based password managers are a good choice. These password managers store passwords on secure cloud servers managed by a service provider.
Payment is usually via subscription, and usage is scalable with a company as it increases employee numbers. In addition, maintenance and upgrades are easy to deploy from a centrally managed console.
On-Premise Password Manager
Unlike the cloud-based password manager, an on-premise manager is entirely hosted and managed by an enterprise. On-premise password managers are helpful if internet access is unreliable. However, these password managers tend to have higher upfront costs and require ongoing maintenance by internal IT teams.
Browser-Based Password Manager
Most common browsers, including Chrome and Safari, offer browser-based password management. Syncing between devices is usually supported. However, syncing passwords is not supported if a user switches between different browser types. Typically, these password managers are free but have limited features.
Benefits of Password Managers
Password managers can offer many features beyond simply keeping passwords in a central location. As well as making login easier and seamless, more advanced password managers offer the following benefits:
Prevent Password Reuse
A Google survey found that 52% of people reuse passwords for multiple accounts and 13% for all accounts. Password reuse is a serious security issue; if a password is phished, it will open access to multiple accounts. A password manager can be set up to detect and prevent passwords from being reused across multiple accounts.
Create Strong Passwords
A password manager can be used to generate a strong password on behalf of a user when setting up an account. Strong passwords prevent brute force attacks. For example, 123456 takes 1 second to crack.
In contrast, a password with 12-characters containing one upper case letter, one symbol, and one number takes 34,000 years to break. However, it must be noted that even the most robust password is vulnerable to phishing.
Prevents Logging in To Spoof Websites
Google recorded over 2 million phishing websites in 2020. These sites are used to trick employees and individuals into handing over sensitive information, including passwords. Some password managers offer functionality to detect if a user is attempting to log in to a spoof website, then alert them to prevent phishing.
Password Theft Alerts
Passwords are often stolen during a data breach. Some password managers will alert a user that their password has been stolen in a data breach allowing them to change the password before it is used.
If you are wondering if your password has been stolen in a data breach, check out “have i been pwnd.”
Cross-OS Support
Employees often use multiple devices, each with a different operating system. Therefore, some password managers will supply multiple operating systems. For example, suppose an employee uses an iPhone and a Windows machine. In that case, the password manager will be able to sync passwords across both OS types.
Easy Offboarding of Employees
If an employee leaves an organisation, their access rights must be removed as quickly as possible to secure sensitive company information. This security challenge is recognised by 76% of IT leaders.
Password managers provide a mechanism to offboard employees rapidly and effectively, removing access to corporate accounts. In addition, enterprise password managers allow for centralised password updates and revocation of password-based account access.
Protect Financial Data
Password managers can also be used to protect other resources such as financial card information. This makes it quick and easy to make payments while ensuring the data is encrypted.
With all this functionality available, a password manager is an excellent option in helping alleviate security and usability issues. Yet, according to the Google survey, only 24% of people use a password manager.
Password managers are a valuable part of a layered approach to security. When used with Security Awareness Training, a password manager augments security and helps make the internet more usable and secure. Now is the time to consider using password manager across your company.
