Stories surfaced at the end of 2021 about the password manager, LastPass, having some of its customers’ master passwords compromised.
The Vice President of Product Management at LastPass, went on to state that the alerts were “likely triggered in error” due to an issue in the LastPass alerting system that has now been fixed, but this whole situation has caused some hesitation around the use of password managers.
DO YOU USE A PASSWORD MANAGER IN YOUR BUSINESS?
At Runbiz, we recommend it. We believe that the advantages of password managers far outweigh any risk, especially when you secure your account with multi-factor authentication.
Let’s start by telling you what a password manager is and how it works.
Most people have dozens of online accounts and services they currently subscribe to or have used in the past. This number is typically much larger for business owners and managers.
To login to each of these, you need your email address and a password. These details – along with something called multi-factor authentication, where you enter a code from another device to prove it’s really you – are the main weapons stopping cyber criminals from accessing your accounts.
These services all require you to sign in with an email address, a password, a sometimes a second device for multi-factor authentication to ensure that it’s you and not a bad actor. These are all of the factors that stand in the way of unauthorized users getting into your accounts.
For years now, scammers have found it easy to get email addresses, with them being widely available across the internet, but recently they have become very smart about guessing password. Most use automation tools to help their efforts along.
There are several common ways that someone would land on your password. The first being a common word attack. This is where they will try out thousands of common words as the password. It tends to work well against people who use their kid’s name, pet’s name or even their favorite football team’s mascot.
Another approach would be what is known as a brute force attack. This combines millions of combinations of random characters.
The most effective way for someone to access a wealth of information, is to discover a password you use on one account, then try it on all of your other accounts. If you are one of the many folks that reuse passwords on a regular basis, one account breach could lead to major trouble for you.
There are some simple best practices for creating passwords that prove to be very effective:
- Use lengthy, random passwords or full-on sentences (such as “$unshine@Th3BeachisN1ce.”)
- Don’t write out your passwords or store them anywhere that is not encrypted
- Avoid using the same password on multiple accounts
It’s easy to be aware of best practices but putting them into action is a challenge. Keeping up with multiple passwords and remembering which account they belong to is probably not going to happen. And we all know that resetting your password every time you try to log in is flat out annoying.
So, to make life a little easier, people compromise on these best practices and simplify.
Some of your employees will probably use weak password. Others might use the same one for everything. Or worst-case scenario, Bill from accounting leaves his password on a sticky note plastered to his monitor.
This is where a password manager comes in and makes the burden of these best practices more realistic and convenient.
When you create an account or it’s time for a new password, it will randomly generate a very long password (ideally at least 16 characters), that is tough for the human eye to even read. It also scatters in special characters such as %, $, and @.
Best of all, it remembers the password, and when it comes time to log in, you don’t have to type a single letter. It will autofill the password for you.
WHAT ARE THE CONS OF USING A PASSWORD MANAGER?
Most hesitation revolves around storing all your passwords in a single place. In theory, if someone were to hack your master password, they would have everything at their fingertips. But there are several layers of protection that we always recommend using. This starts with creating a very strong master password that uses the best practices we covered above. This is the only password you will have to remember, so you might as well go above and beyond. Second, enable Multi-Factor Authentication on all your accounts. Finally, when it’s available, turn on Face ID.
Can you eliminate every ounce of risk that comes with using a password manager? No. There is no 100% full-proof method with anything cyber-security related. Is using a password manager safer than not using one? We believe so, which is why we recommend them organizations that we serve.
Password managers make good cyber-hygiene realistic and attainable for busy people.
If you want our recommendation of which password managers to investigate, reach out to us here on our website and we will point you in the right direction.
WHO IS RUNBIZ?
Run Business Solutions is an IT managed services and website services provider based in Amarillo, TX. We support small to mid-sized businesses both regionally and throughout the country. We pride ourselves on helping businesses leverage technology, not just tolerate it. Runbiz is focused on enthusiastically providing excellent technical strategy, services, and solutions that drive our customers' businesses forward. We are passionate about our mission to empower you to do what you do best.
To learn more about our approach to IT, visit our Managed IT or Co-Managed IT pages. If you are looking to revamp your website to look and perform better, visit our website services for more information.
To speak to a member of our team, fill out the consultation form! We would love to learn more about your company, your technology needs, and how we can address the unique challenges you face.