Last week there were stories that a password manager called LastPass had seen some of its customers’ master passwords compromised.
The company denies that happened. And it’s possible that some of the people who reported being affected had old accounts with master passwords they’d used with other services.
Do you use a password manager in your business?
We highly recommend it. Because we strongly believe the upsides of a password manager far outweigh any potential downsides.
Let’s start by telling you what a password manager is and how it works.
The average person has hundreds of online services they use now or have used in the past. If you’re a business owner or manager, you may have many more.
To login to each of these, you need your email address and a password. These details – along with something called multi-factor authentication, where you enter a code from another device to prove it’s really you – are the main weapons stopping cyber criminals from accessing your accounts.
Hackers find it easy to get email addresses of course, and have become very sophisticated at guessing passwords. They use automated attack software.
For example, they might try a common word attack, where they try thousands of everyday words as the password. It’s why using your pet’s name, child’s name or favourite sports team is not a good idea.
They may also try a brute force attack, where they try millions of combinations of characters.
The easiest way for a hacker to get in is to discover a password you use on one service, and try it on all your other services. If you reuse passwords, it only takes one service to have a breach and all of your services are at risk.
This is why best practice password advice is very simple but powerful:
- Always use long randomly generated passwords, or password sentences (such as “rope-fruit-parking-apple-swing-enormous”)
- Never write down passwords or record them anywhere unencrypted
- Never use a password for more than one service
Best practice is one thing. The reality is it’s impossible for most people to remember a) what their passwords are, and b) which password is for which service.
Constantly resetting passwords because you can’t remember them is just annoying.
So people cheat. It’s human nature to do this because we’re all looking for tiny ways to make our lives easier.
Some of your team will use weak passwords. Or use the same password across several services. Or – horror – use a strong password, but leave it on display on a sticky note on their monitor.
You think this wouldn’t happen in 2022… but we’ve seen it.
This is where a password manager comes in. The password manager takes away all of the stress and difficulty for you and your team.
You integrate it with your computers and mobile phones. This is routine these days. Password managers work with Windows, Macs, and all iOS and Android mobiles and tablets.
When you need a new password it will randomly generate one for you. A very long password, that’s difficult for the human eye to read (ideally at least 16 characters). And it will throw in some special characters too, such as $, & and #.
Then it will remember that password. And best of all, when you come to login to a service… it will automatically fill in that password for you.
Yes. You can login without ever having to actually type anything yourself. Safety and speed in one piece of software.
So what are the potential downsides?
They’re all related, of course, to having all of your passwords in one place. In theory, cyber criminals only need to break your master password and they can get into anything.
Of course, there are protections, and we always recommend you use them. Using a very strong master password is key (you only have to remember that one password). And making sure the multi-factor authentication we mentioned earlier is always switched on.
It’s also sensible to use extra protection where available such as Face ID.
Can you 100% eliminate the risks of using a password manager? Of course not.
But is using a password manager safer than not? We believe so yes, which is why we recommend them and supply them to our clients.
Password managers make good password practice easy for busy people. If you want our recommendation of which password manager we use and suggest, please contact us.