Password Managers: The Intrepid End of the P@$$w0rD Retention Battle

     The use of passwords to verify someone’s identity dates back to early times. Sentries would be stationed at various protected locations to prevent unauthorized access; often times, verbal passwords were exchanged in order to grant entrance or to obtain sensitive information. Today, passwords are still at the forefront of protecting your personal identity and information. Given this, users must use extreme care when creating a password. The ideal password is too difficult for cyber-criminals to guess and is able to withstand attacks from automated hacking tools. In general, the longer and more complex you are able to make your password, the stronger and more secure it is.

     The issue most people suffer with is remembering their complex passwords. As a result, many people will create one strong password and use the same one, or variations of it, for all of their accounts and devices. However, if you reuse your password, you put yourself at great risk for further exploitation. Once cyber-criminals are able to gain access to a particular password, they could have access to any other sites or applications you access with that same password. Ideally, you should have a strong and unique password for each of your accounts. 

     On the other hand, with so many different devices, accounts, and applications, it has become nearly impossible for anyone to remember all their unique passwords. Given this, the best solution to date is password manager software. These types of programs simplify the process by automatically retrieving your passwords and logging into websites and various applications on your behalf. In addition, some password manager software will generate strong passwords for you and store other confidential information such as your credit card information.

     Acting like a virtual safe, password manager programs collect all of your usernames and passwords and encrypt them into a database. To secure the database, you establish just one password which you have created for the password manager program. Since the password manager stores all of your information, you need to ensure the password you use to protect the database is complex and is something you will remember.

When trying to find the best password manager to use, keep the following tips in mind:

  • Use only well-known and trusted programs. The program you select should be well established and have lots of positive community feedback.
  • Make sure the program you chose continues to be updated/patched so you are always using the latest version.
  • Find a program which is simple enough, yet meets all your needs.
  • Ensure the program encrypts your passwords using the industry standard strong encryption.
  • Make sure it is compatible on all of your different devices and/or computers.
  • The password manager of your choice should provide tools for generating passwords and aid in password expiration dates. Look for one which will help you identify the relative strength of the passwords you have chosen.

 

References:

SANS Institute.  (2013). Password Managers.  Retrieved from, http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201310_en.pdf

Last updated: August 21, 2015