In an increasingly web-based world, passwords are almost as common as the air we breathe. But keeping track of so many passwords can be difficult, and it often leads to some very insecure methods. Instead, what if there was a way to safely store all of your passwords in one place? Password managers make it a lot easier to keep track of multiple passwords, while still prioritizing security.
Yet despite their level of security, many people don’t trust password managers. After all, what happens if someone hacks into your password manager? Or what if you forget your master password?
In this article, we’ll address these questions and more as we uncover the truth about password managers and their role in cybersecurity.
The Problem With Passwords
Do you know how many passwords you actually have?
Most of us can name at least 10 or 20 of our accounts, but the actual number is more than triple that number.
According to NordPass, the average person has 100 passwords to remember.
How did this happen?
The widespread use of the Internet means that people are regularly creating accounts on a variety of websites. These sites include accounts for news, shopping, entertainment, and social media, to name a few.
The problem is that having 100 unique accounts doesn’t necessarily mean you have 100 unique passwords.
Since memorizing 100 unique passwords is nearly impossible, many Americans use the same password for all of their accounts. While this makes your password easier to remember, it also makes it a lot easier for cyber criminals to hack into your account. If one account is breached, then all of your accounts are suddenly at risk.
And the most popular passwords are extremely easy to guess.
NordPass found that some of the top passwords from 2020 include “123456,” “picture1,” and “password.”
Why Password Managers?
It seems that in many ways, traditional passwords are missing the mark.
Luckily, there are several things you can do to better secure your accounts.
One option is through Multi-Factor Authentication (MFA). Instead of entering a single password, multi-factor authentication requires you to provide at least two forms of credentials when trying to access an account.
But if one of your authentication methods is a weak password, it won’t do you much good.
The great thing about a password manager is that you no longer have to remember dozens of passwords. And you don’t have to rely on a single password to protect all of your accounts.
Instead, a password manager allows you to enter a single master password in order to access dozens (or even hundreds) of encrypted passwords.
But keeping all of your passwords in one location might make you feel really nervous. And rightfully so. If someone hacks into your password manager, they now have access to all of your saved passwords, defeating the point of a password manager in the first place.
So how can you keep that from happening?
We’ll give you some tips that will not only keep your password manager more secure, but will also help you protect your most important accounts in case your password manager is breached.
Securing Your Password Manager
The first step is making your password manager as secure as possible. As soon as you download a password manager and create a master password, write that password down and put it in a protected, physical location. A fireproof safe or a safe deposit box is ideal.
Unlike other accounts, a password manager doesn’t give you the option to reset your master password if you forget it. That’s why it’s important to keep a physical copy in a safe place. Having a physical copy of your master password can also provide another person with emergency access if someone needs to get into your account.
Randomization and Encryption
Once your password manager has been created, write down a list of all of your accounts so you can change your passwords to more secure options.
Add all of these accounts to your password manager, and make sure all of your passwords are as complex as possible. This means your password should be at least 10-15 characters long, and it should contain a mixture of capitalized and lowercase letters, numbers, and symbols.
Many password managers give you the option to generate a random password. You can even decide how long you want the password to be and how many symbols you’d like it to include. The length, complexity, and randomization of these passwords make them nearly impossible to guess. And since they’re saved in your password manager, you don’t need to worry about remembering them on your own.
Randomized passwords like these are definitely more secure than using a single password for every account. And your password manager will encrypt these passwords anytime you aren’t using the app, meaning a hacker trying to access your account won’t be able to read them.
Without the master password, it’s impossible to decrypt the passwords into plain text. That’s why there’s no reset option if you forget your master password.
Don’t Use Cloud Password Managers
It’s a lot harder to steal a file stored on a personal computer than it would be to steal a file stored on the Internet. And it would be even harder to steal a file stored on a flash drive that you only plug in when you need it.
It’s the same with password managers. Using a local manager is a lot more secure than storing your passwords on the cloud.
Use a Smartphone-Based Password Manager
If you want to keep your password manager really secure, then store it on your phone. Smartphones are even more locked down than your computer, which means greater security!
Your phone is often the most convenient option for a password manager, since you’ll have access to your passwords wherever you go.
Smart phones also generally require a PIN, fingerprint, and/or face scanner to open, so they’re a lot more secure than other devices.
In addition to storing your password manager on your phone, you can try layering multiple password managers to make them more difficult to hack.
Use a program like VeraCrypt to create an encrypted volume. You can then use this file to store your password manager. In order to access your password manager, you would need to unlock the VeraCrypt volume and then use your master password to open your password manager.
You can also download a password manager that allows you to create numerous vaults. That way you assign one vault to your most common passwords and a second, more secure vault to your most important passwords.
What if Your Password Manager Gets Hacked?
If you’re still nervous about someone hacking into your password manager, then there are a couple of things you can do to protect your most important accounts, like your bank, email, or any accounts connected to your credit card.
No Name Option
Passwords managers generally give you the option to assign a name to each of your passwords.
But instead of choosing a name, what if you were to assign the password to a specific phrase that describes that account?
For example, let’s say that my favorite place to eat is Taco Bell. Instead of listing Taco Bell as the title associated with the password, I could instead type “Favorite Place to Eat.” Or better yet, I could simply write, “Favorite Place.”
Pairing passwords with phrases instead of account names makes the password virtually useless for hackers, unless they can figure out which account the password is associated with.
You don’t need to utilize this method with all of your passwords, just the most important ones.
Salt Your Passwords
“Salting” a password simply refers to a code that slightly changes the password you have saved in your password manager.
For example, you might create a variety of unique passwords and choose to add a single word on the end, like “chocolate.”
Let’s say your password manager generates the password “STEUzk43f#x8UC.” That’s the password you would keep saved, but when you use the password for an account, you would instead enter the password “STEUzk43f#x8UCchocolate.”
In this example, the word “chocolate” is the salt. When you store your password in a password manager, leave out the salt. That way, if your account is hacked, the attacker won’t have your real password.
Your salt can be located anywhere in the password, whether it’s at the beginning, at the end, or even somewhere in the middle. Just make sure you know the correct location when setting the password. If you want, you can even leave a reminder in the notes section of the password manager to help you remember where to place the salt.
Another option is to store a password in your password manager that’s longer than the actual password.
Let’s say you choose to save passwords with 3 extra characters in your password manager. When you go to type in your password, all you have to do is use the autofill function on the password manager and then backspace 3 times.
Just like with the no name option, you only need to salt really important passwords, like your bank or email account(s).
Bolster Your Security with a Password Manager
Your password is often your first line of defense when it comes to security. Creating strong passwords is key to your organization’s security, and a password manager will make it easier for you to safely store your passwords.
But a password manager isn’t the only key to strong security. We can provide you with a free consultation, where our team of security experts will assess the needs of your business and help you identify the gaps in your security.
Contact us to schedule your consultation today!
Here at CR-T, we take pride in providing enterprise-level IT services at prices that work for small businesses. Our team of experts can become your IT support department, responding to issues quickly, often before you even know about them. Covering everything from your servers and network infrastructure to your computers, workstations and mobile devices, we provide end-to-end solutions for all your technology needs.
Time and experience have helped us develop best practices and workflow procedures designed to keep your focus on your business, not your technology.
Blog & Media
Managed IT Support
Amazon Web Services
When you go to the hospital to have your appendix removed, you don’t expect your identity to be stolen as well. But like any other