PASSWORD MANAGERS: HOW DO THEY WORK? ARE THEY SAFE?

There are a ton of passwords we all have to manage and if you are following these three best practices, you change your passwords quarterly, your password is 12 characters + in length, and you do not use the same password on multiple sites. Managing and remembering your passwords is daunting!!

During my last four Cyber Security Presentations four questions have come up regarding passwords: 

  1. What do I do with all my passwords? 

  1. How does a Password Manager work? 

  1. Is a Password Manager Safe? 

  1. What Password Manager do you recommend? 
     

So those questions triggered the creation of this article. This is designed to give you a quick answer to the four questions.
 

  1. What do I do with all my passwords?

    1. The best solution is to put your passwords in a “for fee” Password Management System. Paying for this tool gives you more security and more of an assurance it will work. A password manager is a secure program that allows you to generate, store and retrieve all your passwords in one secure location. Yes this means time to rid yourself of the spreadsheet or the post it notes you have around the office.
       

  2. How does a Password Manager work? 

    1. Sign up for the service and set up a master password. The master password allows you access to your passwords on the system. Store that password in a secure place. (A physical Safe or a safety deposit box).

    2. Activate Multifactor Authentication that protects you when logging into the Password Manager.

    3. Transfer all passwords into the Password Manager either using a .csv file or manually input them. It is a nice time to clean up old and never used accounts. Some password managers have other tools allowing you to automate a bulk download into their system.

    4. Data will be encrypted by the Password Manager service using 256bit AE Encryption or an equally secure solution. This means that even if a bad actor is able to break into your Password Manager, they will only see encrypted data.

    5. Zero Knowledge Approach is maintained: The employees of the Password Manager company do not see the actual passwords so only you with your Master Password can see the actual passwords.
       

  3. Is a Password Manager Safe?

    1. Yes, a password manager is a safe solution, but nothing is a perfect solution. The Password Manager providers are continuously enhancing their products to improve the level of safety. Remember that all are not equally secure which is why we recommend using a “Fee based” solution as opposed to the appealing freeware version.

    2. Make sure the Password Manager you choose has the features identified above.
       

  4. What Password Manager do you recommend? 

    1. There are many password managers to choose from. Avoid the free offerings and stick to a pay as you go offering with the features above. River Run has tested many Password Managers over the last two years, and we use Keeper. Here is a list of some of the other highly ranked Password managers: 

      1. Keeper 

      2. 1Password

      3. NordPass

      4. Dashlane 

      5. Bitwarden 

      6. Password Boss 

      7. RoboForm 

      8. Zoho Vault 
         

We hope this helps you take one more step towards a more Cyber Safe computing experience. If you have any questions about Password Managers or you would like to help me spread the word about the importance of Cyber Safe Computing by having me speak to your group, please reach out. I am here to help! All the best!

Created by Paul Riedl, Jr.
CEO of River Run

Topics

 

Share this article

Blog