Graphic promoting password managers by Custom Code IT. The image features a dark background with an icon of a password manager application, showing fields for ‘Username’ and ‘Password,’ a lock icon, and a password being masked with asterisks. The text reads ‘Securing Your Digital Life’ in green, followed by ‘Password Managers’ in bold white letters. Above, the Custom Code IT logo is displayed, represented by curly braces and a gear icon. The design emphasises the importance of using password managers for digital security.

Password Managers: Securing your Digital Life (Part 1)

In the first part of this three-part series, we'll cover password managers: what they are, why they are used, and how to use them effectively.

Introduction

Are you keeping your passwords in an Excel Spreadsheet or hand-written in a book that lives in your desk drawer (which is technically better than the Excel spreadsheet)? You probably need a password manager.

You might be surprised to learn that password managers have been around since at least 1997, when Bruce Schneier released Password Safe originally for Windows 95.

With this in mind, why does it seem that the use of these tools has only recently become common practice in non-technical circles? A sound reason could be that we are more connected than ever, and the number of online accounts one requires to perform almost any task continues to grow. Just keeping track of what accounts you have, irrespective of password management, is hard enough.

Another solid reason is the advancement and ease with which anyone can purchase or rent extremely powerful computing services to crack passwords in seconds to hours. What used to be reserved for nation-state threat actors with deep pockets is now more affordable and accessible than ever.

 

What is a password manager?

A password manager is software that can manage, maintain and audit your online accounts and passwords. It serves as the single source of truth for your digital life. Modern password managers allow you to manage your 2-factor authentication codes and even securely share passwords with others.

Password managers can sync to the cloud to allow convenient access from all your devices or can be completely offline for extra peace of mind.

 

Why do you need a password manager?

Put simply and bluntly, humans suck at creating and remembering truly secure passwords, and we need a way to eliminate the cognitive strain of keeping accounts, passwords, security questions etc., in our heads.

We are doomed to create predictable (and thus easily cracked) passwords because our heart rate and blood pressure rise every time we need to create a new online account with thoughts of "I can't forget this important password" and "What password am I going to come up with now". We solve this in the most human way possible: Basing passwords on personal and circumstantial information.

Think about your current passwords; how many contain easily guessed words, your company name, dates of birth, pets or family names, or interests and hobbies? Another classic I have seen used is having the same "base" password, followed by the initials of the account/website it belongs to.

Example (for Facebook): MyPassword01FB!. This meets the complexity requirements of most online platforms, is unique for every website, but is highly predictable and easily cracked.

 

Choosing a Master Password

Once you have explored your options and decide on a password manager that works for you, you will prompted to create a master password. The master password is the Big Kahuna, the Chosen One, the be-all and end-all of passwords. It's what stands between you and access to all your other passwords.

This should be a complex passphrase that isn't used anywhere else and should be kept under lock and key (literally). If you forget it, that's it; you can kiss your passwords goodbye.

An example of a good passphrase might be something like: Wheat-Swing-Universe-Signal-Which-Gulf5

It's long, uses uppercase and lowercase letters, numbers, and symbols, and is relatively easy to commit to memory.

Keeper Security offers a great tool to help generate these secure passphrases.

 

Password Creation Best Practices

The joy of having a password manager is relinquishing knowledge of all passwords except your master password. Let the software do what it's best at—generating secure passwords. Depending on your password manager, you should adjust the password generation settings so that your passwords are at least 15 characters long and contain uppercase and lowercase letters, numbers, and symbols.

 

The Case for Businesses

All of the above applies to individuals and businesses, but there are some specific considerations/advantages of using a password manager in your business.

 

Employee Onboarding

The seamless employee onboarding experience is everyone's dream. How much time and money is lost trying to track down passwords or perform resets if the password has been lost or forgotten before a new employee can become productive?

These types of issues tend to be slow-burning, too. You might waste an hour or two over the first week and then feel like you're out of the woods, but as an employee needs to access more systems, they find they're still missing passwords.

The likely chain of events is that they talk to a colleague or manager, and now two (or more) people have been taken off-task to locate account credentials.

But wait, it gets worse. Without a password manager, every time an employee creates a new account for your organisation, it's done in isolation, and now they're the only ones who know it. You have now compounded the issues for the next new hire.

 

Compartmentalisation

Being able to restrict access to passwords based on job role, department, or business unit is crucial for most businesses. You want to ensure each employee has access to what they need: no more and no less.

Ensuring this process is seamless as an employee moves, changes roles, or exits an organisation provides peace of mind and reduces the time it takes to transition between roles.

 

Auditing

Most good password management tools allow you to audit your entire password "vault" to highlight weak passwords, passwords used for multiple accounts, old passwords, or even passwords that have shown up in data breaches. These auditing services can keep you on top of your password health and allow you to react quickly to any issues. 

 

Which One to Choose?

This is the million-dollar question. There are many good options, so we highly recommend trialling a few to find a solution that fits your needs and see which you like best. Some of the top choices are:

 

Need Help Deploying a Password Manager?

If you or your business want help choosing and deploying a password manager, we are here to help. You can give us a call or use our contact form.