Humans are terrible at constructing passwords and remembering them beyond about 10 characters in length. Currently most people have a preponderance of passwords and in some cases it is only “human” to use the same password which is not a good security outcome at anytime. Cyber and IT professionals often have upwards of a 1000 plus passwords that they have to track. Spreadsheet I hear you say…not that convenient and definitely not that secure. So enter the Password Manager a utility is made to store all of your passwords in a protected space often ironically secured by a password but it is one password at least.
How do they work?
Essentially password manages create and store a database of all your passwords and store them on your device(s) or in the cloud or both. You need a strong password for your vault/safe as an absolute minimum. Its should be complex, and at least 40 characters long remember this is the key to all your passwords. It is best to use the create a secure password function in the password manager for this and then write it down on piece of paper place in an envelope and a secure physical location…note not the top draw where your socks are!
Good password managers also allow you to enable another or secondary form of authentication, you should avail yourself of that feature. This makes sure that your password is not your only defence against account compromise or someone attempting to access it and locking you out.
You then simply go to your websites, programs and your password manager should prompt you to record your password. It would be wise to consider using the secure password generation feature of your password manager and go about the process of changing your passwords if they are not secure or repeatedly used by you.
Good password managers will check to see that your passwords are unique and occasionally audit and advise that you have either weak passwords or the same passwords. Now a word to the wise this may take longer than you think and you may not achieve it all in one session or even a month, but simply set yourself a goal to change say 5-10 passwords a day and you will get there.
Web browsers are now starting to supply these services in their latest iterations as part of the create a user profile service. It typically also stores bookmarks etc as well in a secured cloud service with the usual user “caveat emptors” in the conditions of use. Are they are feature rich as a Lastpass, 1Password not as yet but we do believe they will get there. Lastpass and others offer free functional versions for private use, there are also affordable corporate licenses and if you are doing cyber resilience properly you should deploy a password manager as part of your overall strategy.
Back it up!
Absolutely crucial you backup the database for your password manager at the end of any day where you change a password. We recommend your store it on an encrypted disk or USB stick and take a copy home or leave in a locked secure location at work.