As I settle down to write this, I am aware that last there were stories in the media that a password manager called LastPass, may have had some of its customers master passwords compromised.
LastPass deny this.
Do you use a password manager in your business?
We do and we highly recommend our clients use one as well. The purpose of this blog article is to help explain the benefits of using one.
But first……
What is a password manager and how does it work?
Almost everyone has hundreds of passwords to allow access to a variety of online services. Most business owners will have even more.
For most of these services your username will be your email address, you then have a password. And then possibly the use of something called multi-factor authentication (where you enter a code, or confirm it is you by clicking allow on another app).
It is very easy to get hold of the email address, and with the use of automated software relatively easy to crack most passwords being used (check the strength of your password)
The software is equipped with a dictionary of popular passwords and words used, for example 12345678, Fluffy, Ben etc.
This is why using your name, child name, sports team etc. is not a good idea for your password.
One method used by hackers is once they have a password for one service, is to try this on multiple other services. This means as soon as one service is breeched then they could gain access to countless other services you use.
One thing to remember is that if a service provider is compromised, and a hacker has accessed the ‘back end’ and managed to pull off 100’s or 1000’s of details they will most likely post these on the Dark Web for anyone to purchase.
Best Practice for using passwords
- Never write them down or record them anywhere (this includes the book that says Password on it or even worse the file on your computer called password)
- Never use a password for more than 1 service or site at a time.
- Use a randomly generated password. I like using nursery rhythms for this. If you take the first line of Jack and Jill, you could have a password like J&Jwuah2fapow. (Note I don’t use this one)
So that is best practice but for most of use even remembering which rhythm we used for which site would mean we would probably end up hitting the reset password every time we logged in.
So, we all ignore the best practice advice above and
- Write them down
- Use the same password for multiple (or even all) log on.
- Use our pets name and a number and special case character (Probably an exclamation Mark) Fluffy2022!
Some of your team will be using weak passwords, or their passwords will be on a post it notes on their monitor! Look around when no one is in and see who the weak link may be in your IT Security!
What is the answer you ask?
As you can guess implementing a password manager is the answer. Almost all password managers work across all the major platforms (Windows, Macs, iOS and Android).
With this clever piece of software, you will be able to produce truly random passwords. Which can be as long as you want them to be and use number, lower-case and upper-case letters, along with special characters #~$^
The software can also be set up to automatically fill in the details when it comes to the site or service you are trying to connect to.
What is the downside of using this?
You still need a master password to access this, and of course humans being humans the temptation of using a weak (relatively weak) password is still too tempting.
A good password manager will also utilise Multi Factor authentication.
Even with the downside taken into account using a password manager is much better than not using one.
They make live a lot easier for us, whilst keeping us much safer. If you want to know which password manager we use, please contact us.