What is a Password Manager?

Posted on

Passwords, passwords, passwords! Why does every site, app, or account need a password? And why do they all need to be complex, unique, or even encrypted? How is a normal person supposed to remember all these different credentials and still keep a grip on reality? Some have heard of an application called a password manager but don’t know what it is or how to set it up.

Many people try to use various methods to help manage the confusing world of online security.

  • Some people use very easy to memorize passwords or passwords that are related to the service they are using (like shopping2020 for their favorite online store).
  • Others use the same password for all their accounts.
  • Still, others use favorite games, movies, a pet or loved one’s name, or birthdate to try to make passwords more secure.

Unfortunately, all these methods create significant security issues for users and lead to hacked accounts and endless trouble. According to a report by Avast (a leading provider of online security), 83% of Americans are using weak passwords. There were almost 1,500 data breaches reported in 2019, exposing over 160 million sensitive records, according to Statista. Users simply can’t afford to re-use passwords or use weak passwords if they want to protect their most valuable information.

The answer to your weak password woes? It’s time to start using a password manager. This article will cover what they are, how they work, the benefits of using one, top choices to consider, and how to get started easily.

Need help securing your entire infrastructure? Download your Security Infrastructure Checklist for SMBs.

What is a Password Manager?

A password manager is simply a tool for keeping track of all our passwords and account information so that we can meet the demands of complex, unique, unidentifiable passwords that will help keep our accounts secure. There are a number of different types of password managers that can help us secure our identities and still allow us to access all of our accounts without requiring a genius-level memory.

There are three types of password managers: offline-based, browser-based, and application-based.

What are the Three Types of Password Managers?

1. Offline Password Managers

The simplest type of password manager is also the oldest type: a physical book that contains all of our account information. Writing down your credentials in a “little black book” has been a proven method for keeping track of important information for hundreds of years. Unfortunately, these collections are vulnerable to several problems.

First, if someone else finds your password book, they have access to all your information. Secondly, if you lose the book or it is destroyed, you can be locked out of all of your accounts temporarily, or in some cases, permanently. Finally, it is easy to forget to update an entry in an offline journal, so sites that require you to change your password regularly may be difficult to maintain.

Key Takeaway: While this is not our recommended approach, offline password managers are an effective, albeit dated, method of securing and keeping track of passwords if you are diligent in keeping them up-to-date.

2. Browser-Based Password Managers

Like Google Chrome, many web-browsers offer password management features to help you manage your online account credentials. These password managers are an improvement over offline journals because they are easy to use and keep up-to-date. Generally, a browser-based password manager will offer to automatically fill in the credentials that have been saved for a website, making it easy to use long, complex passwords with the click of a button. Some browsers will recommend randomly generated passwords, store those passwords on your device, or even share them across multiple devices linked to your account.

While more secure than the password journal on your desk, browser-based managers do have inherent risks. Because they are generally operating in the background, you may forget that walking away from your computer could allow someone else to access your accounts. Similarly, if your device is stolen, your accounts may be vulnerable to someone who can break into the computer without having to provide any additional credentials to access your auto-filled passwords.

Key Takeaway: Browser-based password managers are a slightly more effective approach since they include autosave and auto-update features, as long as you lock your workstation when leaving your desk.

3. Password Management Applications

Password management applications specialize in protecting your personal information and ensuring you are using quality, unique passwords for your online accounts. Companies like LastPass, Dashlane, or 1Password provide secure access to all your account credentials. Good password managers provide both web-based and application-based access to your information, so you’ll be able to find your credentials even if you lose your phone or computer. These applications will also suggest randomly generated passwords that are complex and can be adjusted to your requirements, like the number of characters or the types of characters used (letters, numbers, symbols, or any combination of the three).

Additionally, most password management applications can utilize two-factor authentication to further protect your account from malicious users. You can also use your password manager to store information about offline security measures, like lock combinations, security questions, and any other important account details.

Many of these companies provide enterprise-level accounts that provide additional benefits, including the ability to share credentials with other users, manage groups of users, account recovery, or even account lockouts if an individual should leave the company.

Key Takeaway: Password management applications provide the best level of security, ease-of-use, and functionality once set up.

Top 5 Benefits of Password Managers

Password managers offer several benefits, including:

1. Move from Simple to Complex Passwords

Using passwords that are simple or easy to memorize creates a security risk because hackers can use a method called a “dictionary attack” to break into your account. Dictionary attacks utilize an algorithm to rapidly guess hundreds or even thousands of “common” passwords and combinations to discover your credentials. According to Nordpass.com, the most common password is still 123456, and it takes a dictionary attack less than one second to access an account using that password. Even a more complex password like “picture1” (including an easy-to-remember word and a number) can be cracked in less than three hours.

Liquid Web recommends password security practices such as using at least 12 characters with a combination of letters, numbers, capitalization, and special characters, or using passphrases.

2. So Many Passwords!

Using a complex password is a good step to improving your online security. However, if you use the same password for more than one account (or for all your accounts), you are making yourself vulnerable to a different kind of attack: an exploited database. If one of the businesses with your credentials stored in their database is compromised, all of your accounts are vulnerable. Many hackers will take a set of compromised credentials from one site and try that username/password combination for other sites. So while the online game you play may not be all that important, their weak security could make your banking account vulnerable to attack if you use the same credentials for both accounts. Liquid Web recommends using unique passwords for all accounts.

3. Social Engineering

Social engineering refers to the practice of breaking into systems by first analyzing the information about a subject that is available through online and social media resources. Every time you fill out an online quiz about your favorite things or post pictures of your daughter’s Great Dane, you are giving hackers information about your possible passwords. When you use personal information to create your account credentials, you narrow the list of options that a hacker has to go through to guess your password. Password managers can suggest randomized passwords that have nothing to do with your personal information. Liquid Web recommends making your passwords unrelated to personal information.

4. Updates

Many websites and services (and most good password managers) will remind you to update your passwords frequently. Since no database is absolutely foolproof or secure, changing passwords frequently adds another layer of protection to your accounts. Password managers make updating your passwords simple. Liquid Web recommends updating your passwords every 60 or 90 days.

5. Freedom

Password managers can be used on all of your devices, meaning you won’t be tied to a hard copy for finding your information. Whether you are on your phone or your computer, you’ll be able to auto-fill complex passwords with the touch of a button, freeing you to get more done.

What are the Top Three Password Managers?

1. LastPass

Probably one of the most well-known password managers out there is LastPass. LastPass offers a feature-rich free version with no limit to the number of credentials you can add to your list. LastPass also offers paid versions of their service for both personal and business use.

The paid service allows additional features to be enabled, including password sharing, team password management, and dark web monitoring (for notifying you if your credentials appear in public forums or other hacker repositories). LastPass works with your browser as well as your phone, laptop, or any other connected device. With a user base of over 25 million people, LastPass is a powerful player in the password management field.

Best Features:

  1. Free account – The basic user account is available for free with no limits on the number of passwords you can save.
  2. Group management with the business account – Manage passwords for your whole team and update them all in one convenient spot.
  3. Dark web monitoring – LastPass continually monitors the sketchy parts of the Internet, warning you if any of your accounts have been compromised so that you can fix the problem before it becomes a big problem.

2. 1Password

Focusing on business accounts, 1Password is a leader in securing enterprise accounts and managing security for the highest-profile companies. Over 70,000 businesses trust 1Password to protect their information, including IBM, Slack, and Dropbox.

Because of its focus on business accounts, 1Password offers features like domain breach reporting, team sharing, and Slack integration. You’ll be able to manage your companies secure credentials from wherever you are while knowing that the encrypted connections are keeping your data safe. While 1Password does offer personal accounts, the free trial is limited to 30 days.

Best Features:

  1. Domain breach reporting – 1Password monitors all of the email accounts associated with your domain so you can track down any accounts that may have been compromised in a known data breach.
  2. Team sharing – Remotely share or revoke permissions to your team vault, allowing all your team members access to important login credentials for projects.
  3. Slack notifications – Get notified of team confirmations or recoveries, new member logins, or when someone signs in from a new device.

3. SecureSafe

Personal password management is made easy with SecureSafe. Compatibility with multiple operating systems and browsers, as well as ease-of-setup, makes SecureSafe a great choice for the personal user. Just set up the account, download the software for your Windows desktop or your Mac laptop, and start using better, safer passwords immediately.

SecureSafe makes it easy to select strong passwords with a password rating system, as well as a secure password generator. Additionally, your passwords are synced across all of your devices, so you’ll have access to the most up-to-date information, no matter where you are.

Best Features:

  1. Ease of setup – SecureSafe makes setting up your password management account simple, and they have apps for all of your devices.
  2. Password ratings – SecureSafe will rate every password you enter and warn you if a password has already been used or is too weak for safe use.
  3. Secure password generator – The software can recommend secure, randomized passwords, so you don’t have to try to come up with new passwords for every site. Just click the password suggestion button, and SecureSafe will provide you with a password that meets the most rigorous demands of security experts.

How to Use a Password Manager

Whichever type of password manager you choose, you can expect them to work in similar ways. Here are the three steps on how to use a password manager:

1. Setup Your Account

When you first start using a password manager, you’ll need to create the account used to access the rest of your credentials. Make sure the password you use for this account is unique, complex, and random. You may need to record this password in a secure location in case you forget it, but never store both the username and password together. You should also consider enabling two-factor authentication to help further protect this account.

2. Enter All of Your Credentials into the Manager

Whether you go through a list of your accounts and all of your credentials to the manager at once, or if you slowly build your database of accounts as you access them, you should eventually add all of your accounts into your password management system. This will help prevent duplicating passwords (the manager will alert you to duplicates) and can even suggest improvements to weak passwords. The more of your accounts you include in your password management system, the more likely you are to have strong, unique, up-to-date information for all of your online accounts.

3. Use the Manager to Enter All of Your Passwords

While this may seem like the obvious thing to do, many users forget to use their password manager for all of their accounts, leaving them vulnerable to reusing passwords or using weak passwords. Password managers can automatically fill in your credentials (once you’ve authenticated yourself) and can keep track of older passwords that require updating. Good password managers will recommend randomly generated passwords for new sites and will update your records whenever you create a new set of credentials or update an existing account.

Stay Secure With a Password Manager

Staying secure in a world of complex identity management doesn’t require a photographic memory or a team of security experts. Using a password manager will help keep your credentials safe and secure and allow you to use strong, complicated passwords that will deter even the most determined hacker.

Start today by finding the password manager that fits your needs and begin the process of strengthening your online security profile.

Need help securing your entire infrastructure? Download your Security Infrastructure Checklist for SMBs

eBook - SMB Security Checklist

Tagged with: , ,

Want more news and updates like this straight to your inbox?

Keep up to date with the latest​ ​Hosting news.