Last week, we got a brief glimpse into Izak’s new book, You Don’t Need a £1 Million Cybersecurity Budget, where he showed as that robust cybersecurity is within reach for all SMEs that follow a few vital but basic principles. Last time, we looked at how you can stay safe and secure by implementing sound password policies with MFA. This week, password managers are centre stage.
WHAT ARE PASSWORD MANAGERS?
Once upon a time, back in the early Internet days, you probably only needed a few passwords for the essentials – shopping, studying, staying connected, and getting work done. But now things are way more complicated. On average, we are each dealing with about 100 passwords in our lives! Technology is supposed to make life easier, and it does in many ways, but every time we sign up for a new website or app, it’s like adding another password to our mental juggling act. It’s nearly impossible to remember them all. To be honest, do you ever find yourself using the same password for different accounts? Apparently, two-thirds of us do, but that’s a big no-no. Enter the password manager. A password manager is a software application specifically designed for the storage and management of online credentials. Its primary function includes generating passwords, which are subsequently stored in an encrypted database, securely protected behind a master password. Essentially, it serves as a sophisticated tool for safeguarding and organizing an individual’s online security infrastructure.
PASSWORD VAULTS VERSUS PASSWORD MANAGERS
A password vault employs data encryption to safeguard the information it contains, rendering it indecipherable to unauthorized individuals. Access to the vault is exclusively granted through a master password. Once unlocked using the master password, the password vault grants access to stored information, including login credentials and credit card numbers. A password manager is a tool for storing, securing, and managing personal data, such as login credentials and credit card information, within a password vault. The password manager acts as the interface through which users access their vaults. The password vault itself is responsible for storing and safeguarding the information within the password manager. Additionally, the password manager actively monitors stored passwords, with some capable of identifying weak or compromised ones.
THE BENEFITS OF PASSWORD MANAGERS
Saves your memory – You are no longer required to commit all your passwords to memory. Instead, you need only recall the master password that grants access to your password vault. Opting for a cloud-based password manager further enhances convenience by allowing access to your password vault from any location and device.
Auto generation – These tools can automatically generate highly secure passwords on your behalf. When creating a new account with a website or application, password managers typically prompt you to consider using an auto-generated password. These passwords are characterized by their length, alphanumeric composition, and virtually insurmountable complexity.
Protection against phishing – Password managers can serve as vigilant guardians against phishing sites. In the context of phishing scams, fraudulent emails imitate legitimate senders, leading recipients to malicious websites designed to extract login credentials. Browser-based password managers refrain from auto-completing username and password fields on unrecognized websites, providing an additional layer of protection.
Save you time – Beyond the realm of password storage, these tools save time by auto-filling credentials, expediting access to online accounts. Moreover, certain password managers can store and auto-fill personal information, such as name, address, email, phone number, and credit card details, streamlining online transactions.
Sync across different OS – Most password managers offer synchronization across diverse operating systems, accommodating users who navigate between Windows, Mac, Android, and iOS platforms. Additionally, compatibility with popular web browsers like Chrome, Firefox, Edge, Internet Explorer, and Safari ensures seamless access to passwords across different environments.
Protect your identity – From an identity protection perspective, password managers contribute indirectly by promoting the use of unique passwords for each site. This segmentation of data across various websites and applications mitigates the risk associated with a potential breach. While not infallible, this approach adds an extra layer of security that proves invaluable in the aftermath of a data compromise.
ARE PASSWORD MANAGERS SAFE?
You might have concerns about entrusting a program or app with your vault password and confidential details. Could app developers fall victim to hacking as well? The long and short of it is “yes.” Password managers are susceptible to hacking. However, even if cybercriminals manage to breach the system, it doesn’t necessarily mean they can access your vault password or other information. The data stored in your password manager is encrypted, typically employing industry-standard encryption like Advanced Encryption Standard (AES), making decryption nearly impossible. The robustness and security of your password manager significantly hinge on the strength and security of your vault password. In many password management systems, the vault password is not retained by the password manager or the owning company, introducing an additional layer of security.
OTHER PASSWORD MANAGER CONS
While password managers can be breached, this should pose a problem as the data in your password manager is encrypted and stored elsewhere. Reputable good password managers also do not retain your vault or master password. However, password managers do come with cons of their own:
- Forgetting your master password – What happens in the event of forgetting your vault password? In most cases, password managers will lock you out of your vault, necessitating the manual input of the passwords you recall until you regain access.
- Initial setup – During the initial setup of your password manager, a crucial task involves remembering and inputting your existing usernames and passwords for each site and account. While some password managers, such as Norton’s, may offer to store your password when you log in to a site for the first time after installing their software, the process typically requires upfront effort. Once entered, the password manager will then take over the responsibility of remembering this login information for future use.
- Cost – While certain password managers offer free versions, they often come with limited features. Premium options usually come with a price tag, offering added benefits such as user-friendly interfaces, breach alerts, priority customer service, automatic password updates, and seamless synchronization across multiple devices.
BACK TO THE BASICS
Password policies and password managers are an excellent start for getting your cybersecurity right on track, but there’s much more to the basics. In You Don’t Need a £1 Million Cybersecurity Budget, Izak outlines the cyber fundamentals every company needs, including antivirus and anti-malware monitoring, firewalls and intrusion prevention, access control and identity management, encryption of data at rest and in transit, and extensive backup and recovery provisions. By leveraging these foundational controls, SMEs can defend against almost all cyberattacks, under whatever guise they manifest themselves. Since its publication last week, You Don’t Need a £1 Million Cybersecurity Budget has become an Amazon bestseller. Do you want a blueprint for enterprise-level security that won’t leave you out of pocket? Then get your copy of You Don’t Need a £1 Million Cybersecurity Budget on Amazon now. It’s cybersecurity on point. If you need more help, don’t be shy. Just reach out to Izak today.