It is impossible to remember the multitude of passwords our modern lives require. However, sticky notes and repeated or easy to remember passwords are not an option when there are those actively trying to get hold of your information. That is why you might want to consider using a password manager to help you navigate all the websites and applications you need to access.
How do password managers work?
A password manager records the user name and password used to log on to a website. It will then autofill or allow you to copy the required password when you next visit that site. It will also check that you are not reusing passwords across websites and help you pick strong passwords when needed. Unique passwords for each site will ensure that if one site is hacked, your information is safe and unbreacheable in others. Additionally, password managers can store shipping addresses, credit card information and even documents. It is a digital vault that stores your credentials and identity all in one place, accessed with one master password.
Things to keep in mind
While having easy access to all your information with one password is convenient, it means that one master password becomes that much more critical. Many password manager services do not store the master password on their servers meaning there is no way to retrieve it should you lose it or forget it. You would have to create a new account and recreate all new passwords for each site or service if you lost your password.
From a functionality perspective, you want to ensure that your password manager can work across devices, although this may require a paid subscription. Most services have a free version but it may be limited to one device or platform.
Some services offer family accounts and even corporate accounts. You may want to keep corporate or family information secure and password protected. You can store that password in each of the user’s password managers so that password is shared, but securely.
You can use your web browser to store your passwords and that is certainly better than no password management at all, but it means that you are limited to the sites accessed through your browser. Once you leave that environment, you lose access to those stored passwords. Similarly with iCloud Keychain, once you leave the Apple platform, you lose access to the information stored in Keychain. Also this is not an option if you log into your home computer with your work credentials, because everyone who logs into your home computer will then have access to your work information.
Bitwarden, Lastpass and 1Password top CNet’s list of best password managers. Bitwarden comes with a free account across devices and the ability to share across a family of 5 with a subscription fee. Lastpass works across multiple devices and platforms. A recent change to their subscription model requires you to upgrade your account if you want to share between mobile and desktop. Lastpass is being implemented at the corporate level in some environments. It is important to note that Lastpass did reveal a vulnerability that has been fixed - and was never exploited - but raised some concerns. Lastly 1password, while not offering any free versions of their service, is a trusted if somewhat pricey alternative.
It is critical that you have 2 factor authentication enrolled for any account you are saving in a password manager. Firstly because every hacker is trying to hack every password manager, and secondly to save you if you inadvertently give up the password to your password manager. And never save your second factor TOTP code in your password manager.
If you are interested in implementing a password manager in your environment, or have questions, please give us a call at (650) 421-2000 or send us an email at info(at)hybridge.com.com. We would be happy to recommend one for you and your team to use.
Share this blog: