Should You Use A Password Manager?

Password managers are pieces of software that store and recall passwords so you don’t have to remember them yourself. They’ve been around a long time, and are becoming more common and popular than ever. But should you use a password manager?

It used to be that password managers were considered reckless toys for lazy people that made your passwords -- and therefore your company’s cyber security -- more vulnerable. But now password managers are considered a valuable and important tool to help with personal and corporate cyber security.

How Password Managers Work

Password managers work by allowing you to set and store passwords in a digital version of a locked file cabinet. The “lock” is protected by a key -- what is often referred to as a Master Password. When you boot up, or wake your computer from sleep, your password manager will ask you to enter in your Master Password to have access to all your other passwords.

Then, logging into a website is as simple as searching for or typing in the name you assigned to the Login info (such as “My Bank” or “Amazon” or “Fantasy Football League”), and clicking “log in”. The password manager will navigate to the website’s login page and enter in your username and password. If you are already at the login page, your password manager will usually find it for you so all you need to do is click a button to log into the site.

Most password managers do even more, by storing common information you often enter into forms, such as your home address, work address, and so on. Some also store credit card information to make paying online easier.

And if you have lots of logins stored, you can usually make folders within the password manager (for specific projects, individual clients, personal v.s. work passwords, etc) and store your logins in the folders.

All good password managers encrypt your login files with strong encryption algorithms. Some password managers only store your collection of logins locally on your computer, while others also store your logins in the cloud so that they can be accessible on a home computer, office computer, cell phone, tablet or via the web. Entering your Master Password on any of these devices will give you access to your logins anywhere you go.

Should You Use A Password Manager?

There are certainly arguments against using a password manager (see below) but say that you should use a password manager for a number of reasons.

• Stronger Passwords -- Without a password manager, you tend to make your passwords too simple and easy to remember and type. Or if you use complex passwords that are too hard to remember, you might be storing them in an Excel or Word document. Worse yet, you might be writing down your complex passwords. But all of those approaches leave your passwords vulnerable to good guessing or discovery. Whether or not you decide if you should use a password manager, you should use strong passwords (see below) for all your logins. Password managers allow you to store and use strong passwords easily.
• Time Savings -- Among the biggest advantages of password managers is that they save you time, allowing you to log into a site in a couple of seconds. And if you find yourself logging into a couple dozen sites in a day...or more...then a password manager can save you a LOT of time. Compared to looking up dozens of passwords a day in an Excel sheet, Word doc or a piece of paper, password managers are lightning fast.
• Easily Organize Thousands of Passwords -- A business associate of mine builds websites for clients and has dozens of passwords for each client’s sites and resources. In total, he has over 2000 passwords. If he didn’t use a password manager, all sorted and organized in folders, then managing and using them would be near impossible.
• Share Logins Without Sharing Passwords -- Many password managers have the ability to share logins with other users without having to actually reveal the passwords themselves. The passwords get entered but remain invisible to the user. This, combined with “temporary” or “revokable” rights to these logins, means that you can safely share logins to company resources on an as-needed basis. It also means that you don’t need to worry about changing dozens or hundreds of passwords when employees leave the company.
• Business-Level Password Management -- Many password managers have “Business” versions that allow you to share passwords to individuals, among teams, or across an entire organization. Your IT department can control who gets access to what, keeping all your passwords and company resources secure. Plus, since each person has a unique login to the Password Manager, your IT department can actually see who logs into which resources, run reports, and detect illicit activity.

Use Password Managers for Better Cyber Security

The primary reason for using a password manager in your company is better cyber-security, which is our primary focus here at Digital Uppercut. When you have the ability to give access to company resources only to those who need it, then there is a lower risk of the passwords getting into the hands of people who shouldn’t have it. Should you use a password manager? We say Yes, but we often need to overcome one main fear about them.

The Main Argument Against Using a Password Manager

All of these features sound like great time-savers, but when we talk with some clients about using password managers, there is one argument against using them that we hear most often: “If all of the passwords are protected by a Master Password, then if someone gets this one password, they will have all of my passwords.”

While true to some degree, the biggest self-inflicted problem most people have with passwords in general is that they try to make them easy to remember. That means they make passwords that are too common and too simple, or simply use the same password over and over again. So if you choose a simple password like sequential numbers or letters, words with common number substitutions (“P@ssw0rd”), or any pattern on your keyboard (like “qwerty123”) as your Master Password, then you’re likely to have your passwords guessed or stolen.

All of your passwords should be Strong passwords, which means that they should be…

• Long -- More than 8 characters. The longer the better.
• Complex -- Use numbers, lower case letters, upper case letters, and punctuation
• Random -- No repeating characters, No words or sequences or common substitutions.

If you follow those rules with your Master Password, hide your keystrokes from prying eyes, and don’t leave the master password written down or stored in some unsecured place, then all your passwords will be secure.

Which Password Manager Is Best?

After answering the question “should you use a password manager,” the next question is, “Which one?” While there are many high quality password managers, here at Digital Uppercut, we use and recommend LastPass. It has all of the features we described above, and many more, that help us manage all our passwords for our clients’ resources, as well as allowing our clients to safely store, manage and control their own passwords.

As with any piece of software, proper implementation and best practices are keys to success. That is why our clients ask us to install LastPass for them. Implementation includes discussions with management and IT about who needs access to which resources so that we can create a strategy that will work best for your company.

Improve Your Company’s Cyber Security With A Password Manager

Let us help you get past the question about whether you should use a password manager. In short, if you’re not yet using a password manager for your business, consider doing that now. Contact us online or call us at 818-913-1335 to talk about how we can help you and your company improve your cyber-security with a password manager and other strategies. Cyber attacks on businesses are increasing every week. Social engineering, brute force attacks, Trojans, ransomware, malware are all on the rise. If your company isn’t already protecting itself -- and also planning for disaster in case one of these attacks is successful -- then you need to start now. Let’s talk.