Don’t Give Up on Password Managers

In today’s interconnected world, the need for strong and unique passwords has become more critical than ever. However, remembering complex passwords for multiple accounts is a challenge - that’s where password managers come into play.

Recently there have been a number of vulnerabilities and exploits of password managers.

Seeing a major password manager breached, it’s hard not to throw up your hands and say, “it’s helpless.” But don’t give up on all password managers. When used properly, they are far better than a password spreadsheet or sticking post-its of your credentials on your desk. And they are definitely more secure than reusing the same password to access more than one account.

Password managers are tools that securely store and manage credentials and other sensitive information. They commonly offer features such as password generation, auto-fill capabilities, and synchronisation across multiple devices. Passwords are encrypted and stored in an encrypted database, often protected by a master password or biometric authentication.

While password managers are generally secure, there have been some high-profile breaches of late, and this can cause users to become untrusting of the solution. It’s important to note that the breaches were mostly due to vulnerabilities in the infrastructure or implementation, rather than inherent flaws in password managers themselves.

To mitigate the risks, it is crucial to select trusted password manager providers that prioritise security, perform regular security audits, and promptly address vulnerabilities.

Best Practice Recommendations

  • Do Your Research
    Use a reputable provider for your password manager - one with a proven track record, and ensure that they are regularly independently audited.

  • Choose a Strong Master Password
    Select a master password that is lengthy, unique, and difficult to guess. Avoid common phrases, personal information, or dictionary words. A combination of uppercase and lowercase letters, numbers, and special characters should be used. You should also rotate your master password on a regular basis.

  • Enforce Two-Factor / Multi-Factor Authentication (2FA / MFA)
    Two-factor or multi-factor authentication adds an extra layer of security to your password manager account. By linking it to a mobile device or authentication app, you will receive a verification code that must be entered alongside your master password for access. This greatly enhances the security of your password manager.

  • Back Up Your Password Database

    Store regular backups of your password vaults and secure the backups. This helps safeguard against accidental deletion or device failures. Many password managers offer cloud synchronisation, but it’s wise to have an additional local backup.

  • Train Your Team
    Take your staff through how to use the password manager's built-in password generation feature and the importance of using strong and unique passwords for each of their accounts.

  • Prepare for the Worst
    Make plans for data loss - understand how you would rotate bulk passwords or move to another password manager at very short notice, in the event of a compromise or other outage. Build these into your disaster recovery plans and ensure they are periodically tested.

Ultimately, it’s best to prepare for any service to be breached. Cut your risk by keeping up with the latest technology for protecting your data. We can help. Contact our experts today to help you put appropriate security measures in place. Get in touch on it.help@swerve.nz or book a call.

Previous
Previous

8 Steps to Protect Your Company Data When People Leave

Next
Next

Is ChatGPT Safe for Businesses to Use?