Loading

Selecting the Right Password Manager Program Cybersecurity Awareness Month - Newsletter 2

If you had one key that worked for your house, your car, your cottage, your safety deposit box and even your parents' house, would it make you nervous if you lost it? What if that key also had your home address on it? While that may seem like a scary thought, many of us are consciously making a similar choice when we choose to use the same password on multiple websites.

Imagine showing up for your first day at a new job, one of the first things you need to do is create a password for your account. Be honest with yourself, would you choose a password that you have used before?

The following video from StaySafeOnline.org walks us through that familiar experience.

One of the most important steps you can take to protect yourself online is to use a unique, strong password for every one of your accounts and apps. Unfortunately, it is most likely impossible for you to remember all your different passwords for all your different accounts. A simple solution is to use a password manager, sometimes called a password vault.

These are programs that securely store all your passwords, making it easy to have a different password for each account. Password managers make this simple, because instead of having to remember all your passwords, you only have to remember the master password to your password manager.

How Password Managers Work

Password managers work by storing all your passwords in a database, which is sometimes called a vault. The password manager encrypts the vault’s contents and protects it with a master password that only you know. When you need to retrieve your passwords, such as to log in to your online bank or email, you simply type your master password into your password manager to unlock the vault. In many cases, the password manager will automatically retrieve your password and securely log in for you. This makes it simple to have hundreds of unique, strong passwords, since you do not have to remember them.

Some password managers store your vault on your computer or mobile device, while others store it in the Cloud. Most password managers include the ability to automatically synchronize your password vault’s contents across multiple devices that you authorize. This way, when you update a password on your laptop, those changes are synchronized to all your other devices.

When you first set up a password manager, you need to manually enter or import your logins and passwords. Afterwards, the password manager can detect when you’re attempting to register for a new online account or update the password for an existing account, automatically updating the vault accordingly. This is possible because most password managers work hand-in-hand with your web browser. This integration also allows them to automatically log you into websites.

It’s critical that the master password you use to protect the password manager’s contents is strong and very difficult for others to guess. In fact, we recommend you make your master password a passphrase, a sequence of words that is easy for you to remember (such as "walked slowly in November rain") but difficult for someone else to guess.

If your password manager supports two-step verification, we recommend using that as well for an extra layer of protection. Finally, be sure you remember your master password. If you forget it, you will not be able to access any of your other passwords.

Choosing a Password Manager

There are many password managers to choose from. When trying to find the one that’s best for you, keep the following in mind:

  • Your password manager should be simple for you to use. If you find the solution too complex to understand, find a different one that better fits your style and expertise.
  • The password manager should work on all devices you need to use passwords on. It should also be easy to keep your passwords synchronized across all your devices.
  • Use only well-known and trusted password managers. Be wary of products that have not been around for a long time or have little or no community feedback. Cyber criminals can create fake password managers to steal your information. Also, be very suspicious of any vendors that developed their own encryption solution.
  • Make sure whatever solution you choose, it continues to actively receive updates and patches and be sure you are always using the latest version.
  • The password manager should include the ability to automatically generate strong passwords for you and show you the strength of the passwords you’ve chosen.
  • The password manager should give you the option of storing other sensitive data, such as the answers to your secret security questions, credit cards, or frequent flier numbers.
  • Good password managers support two-step verification/multi-factor authentication along with the master password.

Password managers are a great way to securely store all your passwords and other sensitive data. However, since they safeguard such important information, make sure you use a unique, strong master password that is not only hard for an attacker to guess, but easy for you to remember.

Saving Browser Credentials

It has been a long standing best practice to avoid saving credentials in web browsers. Web Browser security has significantly improved over the last couple of years and the attitude of saving credentials is shifting. Most third party password managers now offer a browser extension to manage and save passwords.

It is now considered reasonably safe to save credentials in Safari and Google Chrome password manager when you are following security best practices:

1. Securing The Device

Securing your device involves the following steps:

  • Install Anti-Virus (AV) software to prevent malware from stealing your credentials.
  • Keep software up to date to protect against security vulnerabilities
  • Require a pin or password in order to unlock your device
  • Only install trusted web browser extensions
  • Lock your device when leaving it unattended

2. Securing the Password Manager

You can make sure that your password manager is secure through the following steps:

  • Secure your password manager and master key by using two-step verification (multi-factor authentication)
  • Avoid saving or syncing passwords on a shared device
  • Lock the password manager when leaving it unattended

3. Register for Two-Step Verification

Registering for two-step verification (multi-factor authentication) on websites and saving the credentials in a password manager is recommended. Two-step verification will help prevent compromised passwords from being used successfully.

Recommended Password Managers

Here at Laurier, we do not have a specific password manager that we encourage students, staff and faculty to use. Laurier credentials should only be saved in a password manager when two-step verification has been configured. There are a number of the password managers on the market today that we would recommend reviewing:

Credits:

Information in this newsletter is credited to Government of Canada, CIBC, TrendMicro and DataEconomy. Created with images by ChristophMeinersmann - "privacy policy it computer" • freestocks.org - "untitled image" • Austin Distel - "The life of an online entrepreneur. If you use this photo on your site, I would be very appreciative if you would please credit in the caption or meta to "www.distel.co". Model: @Austindistel https://www.instagram.com/austindistel/ Photographer: @breeandstephen https://www.instagram.com/breeandstephen/ " • lukasbieri - "youtuber blogger screenwriter" • gagnonm1993 - "hacking coding code" • katielwhite91 - "ransomware cybersecurity cyber"