Whitepaper | Password Managers - Are they effective?
Password Managers
Password managers are growing in popularity, and are highly recommended for all business and users.
Password managers randomly generate very complex, very long and unique passwords. They store them securely, along with other account details, so the user doesn’t need to remember them on each login. Password managers will also automatically prefill account and password information, greatly improving the experience of users who regularly login into multiple different websites or systems.
Once set up, the user will only need to type one password and then enjoy a seamless, one click login experience while simultaneously getting the benefit of very secure passwords.
Key features of a good password manager are:
‘No Trust’ architecture – this means all data is encrypted before leaving the device, so even if the password manager infrastructure suffers a breach, the criminals can’t read any passwords.
Generate passwords – In order to be effective a Password Manager must generate long, strong, unique and random passwords.
Multifactor Authentication – As a Password Manager will hold all passwords, it is critically important that it is highly secure. A good password manager will have the option for MFA to be used on every login.
Breach Monitoring – No matter how strong a password is, accounts can be compromised if passwords are given to the wrong person as a result of being tricked. Good Password Managers will monitor various dark web and underworld websites, and notify the user if their email addresses are included in the data criminals are exchanging
Unfortunately, password managers don’t always work for every corporate and personal application. They also need an initial password or passphrase from the user, and so the ability to create and remember strong passwords is still an extremely important skill for all users.
Why do you need different passwords?
There are many ways that a criminal could come to learn a password through no fault of the users. Once a criminal has a password, the length and complexity no longer matter.
As soon as the criminal has a password, they will begin trying it on as many systems as possible to see if the user has used the same password on facebook, Instagram, Hotmail, gmail, and so on.
Often this will be automated, with the email address and password combination tried on thousands of websites within seconds.
Other times the process my be more targeted, with the criminal using the email address to locate the user on LinkedIn, finding out where they work, then attempting to use the user name / password combination to access corporate data.
The uniqueness of the password prevents this, and ensures tthat if a password does become known, the breach is contained and the criminal only has access to a single system where the password was first set.
To discuss cybersecurity protection strategies for your business, leave your details below and an expert will get back to you.
Or call us on +618 8238 6500