Practising Password Management

By Tyler W.

February 05, 2021

Practising Password Management

We all like to think that we will not be breached (even though the chances we already have are high). It is only afterwards that we look to see what has happened and the changes that can be made. We get caught up with the emotions of the invasion, and then invest in cyber defence strategies, and expand the cybersecurity budget. I am going to give you something that will drastically increase your defence before the fallout, and cost you nothing:

USE A PASSWORD MANAGER!

This is the most effective means of protecting your online environment. I am constantly amazed, appalled and frustrated at the amount of people who are still not using such a resource, especially when many options are free and open source. It is is so easy, you should remember one password, and that is the password to your password manager! The rest of your passwords should be so complex, and long, that you have no chance of ever recalling them. If you use the passwords offered by the password manager then there is almost no chance of that password being compromised with a brute force dictionary attack.

It is really important to distinguish a password manager from simply saving your passwords in your browser. All browsers and operating systems are not created equal, and generally a browser is not designed to secure passwords adequately – a browser is for browsing, and a password manager is for passwords. Understand and appreciate this key difference. If you can segment the use, you will also increase your protection, as generally, browsing is when you will be exposed the most. Furthermore there are scripts and tools that can easily (for certain people) exfiltrate saved passwords from your browser. The data you keep is not encrypted, whilst everything within your password manager is. This is the critical component to understand – passwords saved in your browser could be in plain text, whilst on your password manager they are hidden.

I will not get in to reviewing password managers right now, as this is really beyond the scope of the article and what I wanted to achieve, but my personal preference is KeepassXC, followed by Bitwarden, which are both open source options. Some corporate solutions include Lastpass, Dashlane, 1Password, amongst many more! Find one that fits your needs, and your budget, knowing simply that any security is good security.

A password manager is easily deployed and honestly can drastically improve your entire digital safety. Do not be paralyzed by the volume of options or the possible learning curve. Within a short time you will have mastered the minimum requirements, they are designed to be convenient and easy! Obviously sometimes this can cause other issues with browser extensions and such, however, for now, let’s just focus on the positives, and that is data protection. If you want any help selecting a password manager, please reach out to us at [email protected] and we will gladly assist. I implore you to get a password manager as an absolute priority if you are not already using one.

We would love to hear what your password manager of choice is, so please feel free to keep the discussion going below.