Password Managers: The upsides are far more significant, so don't worry about the potential downsides. 

By: Alan Helbush

Last week there were stories that the LastPass password manager had seen some of its customers' master passwords compromised.

The company denies that happened. And some of the people who reported being affected may have reused old accounts with master passwords they'd used with other services.

Do you use a password manager in your business? If NOT, you should, and we recommend using one. Because we strongly believe the upsides of a password manager far outweigh any potential downsides.

Let's tell you what a password manager is and how it works.

The average person has hundreds of online services\accounts they use now or have used in the past. You may have many more if you're a business owner or manager.

You need your email address and a password to log in to each of these. These details, when combined with multi-factor authentication (where you enter a code from another device to prove it's you), are the primary weapons stopping cybercriminals from accessing your accounts.

Hackers find it easy to get email addresses and have become very sophisticated at guessing passwords using automated attack software.

For example, they might try a "common" word attack, where they try thousands of everyday words as the password. It's why using your pet's name, child's name, or favorite sports team is not a good idea. Hint, they get these from your social media posts (text and pictures)

They may also try a brute force attack, where they try millions of combinations of characters.

The easiest way for the bad guys to get in is to discover a password you use on one service and try it on all your other services. If you reuse passwords, it only takes one account\service to have a breach, and all of your passwords are at risk.

The best practice password advice can be straightforward but powerful:

  • Always use long, randomly generated passwords, or password sentences (such as "rope-fruit-parking-apple-swing-enormous")
  • Never write down passwords or record them anywhere that is not encrypted
  • Never use a password for more than one account\service
  • Keep them at least 21-characters long.

But, best practices are one thing. The reality is most people can't remember 1) what their passwords are and 2) which password is for which service\account.

Constantly resetting passwords because you can't remember them is annoying and ultimately not a good strategy.

The dirty secret is, people cheat. It's human nature to do this because we're all looking for small ways to make our lives easier.

Yes, some of your team will use weak passwords. Or use the same password across several services. Or – horror – use a strong password, but leave it on display on a sticky note on their monitor.

But, you think this wouldn't happen in 2022… but we've seen it.

This is where a password manager comes in. The password manager removes all of the stress and difficulty for you and your team in managing passwords.

It becomes integrated within your computers and mobile phones as it becomes routine these days. Password managers work with Windows, Macs, and all iOS and Android mobiles and tablets.

When you need a new password, it can randomly generate one for you. A very long password that's difficult for the human eye to read (ideally at least 21 characters). And it will throw in some special characters for good measures, such as $, & and #.

Then it will remember that password. And best of all, when you come to login to a service… it will automatically fill in that password for you.

Yes. You can log in without ever having to type anything yourself. Safety and speed in one piece of software (although we do recommend doing that in all cases)

What are the potential downsides?

They're all related, of course, to having all of your passwords in one place. In theory, cybercriminals only need to break your master password, and they can get into anything.

Of course, there are protections, and we always recommend you use them. For example, using a very strong master password is vital (you only have to remember that one password). Also, to mitigate this risk, ensure that the multi-factor authentication we mentioned earlier is always switched on.

It's also sensible to use extra protection where available such as Face ID or Thumbprint.

Of course, you can not eliminate 100% of the risks of using a password manager? But the risks can easily be minimized to an acceptable level.

But is using a password manager safer than not? Yes, we believe so, which is why we recommend them and supply them to our clients.

Password managers make good password practice easy for busy people.

If you want our recommendation of which password manager we use and suggest, don't hesitate to contact us.