Our modern lives are increasingly digital. We rely on the internet for communication, work, shopping, banking, and socializing more than ever before and the trend shows no signs of slowing. While there has long been a movement toward technologies to replace passwords, passwords remain the primary way we authenticate when logging in to our accounts and that’s unlikely to change in the near future.
Unfortunately, bad password practices continue to be a leading cause of cyberattacks, and recent breaches such as 23andMe illustrate why you should never use the same password for multiple accounts. When passwords are shared across multiple accounts, if one account is compromised, your other accounts are also at risk. Each account should have a unique password.
You also must ensure that each unique password is “strong.” A strong password should have the following characteristics:
• Length: 12-16 characters long at minimum
• Complexity: A mixture of:
• Uppercase letters (A-Z)
• Lowercase letters (a-z)
• Numbers (0-9)
• Symbols/Special characters ( !, @, #, $, %, etc.)
• Unpredictability: Avoid easily guessable words, phrases, or patterns like “password123”, “123456” or “asdfghjk”, or information that can be found online such as your spouse’s name. There is an entire field known as Open Source Intelligence (OSINT) dedicated to finding information online.
Weak passwords can easily be cracked using readily available tools such as L0phtCrack, Medusa, John The Ripper, or ophCrack. A recent Hive study found that a complex 8-character password can be cracked in as little as five minutes and a password with six or less characters can be cracked instantaneously.
Per Hive, an 18-character password comprised of only numbers takes six days to crack. A complex 18-character password using numbers, upper case letters, lower case letters and symbols, “oG!!Hp@cVgP.Y3jbPK”, for example, would take 26 trillion years to crack.
I suspect you are rolling your eyes at this point thinking “how in the heck can I remember dozens of strong unique passwords?” Enter the password manager, which provides a secure, seamless and effective password “vault” that will drastically increase your security posture while also making your life easier! Let’s explore the many benefits of a password manager.
Simplified, Secure Password Management
Remembering strong, unique passwords for each account is daunting. A good password manager makes it easy to generate and manage extraordinarily strong passwords that are virtually impossible for hackers to guess or crack.
For example, the strong password shown above was generated by my password manager. A password manager eliminates the need to remember complex passwords for each account and can automatically fill in your credentials from the vault when you sign in. No more struggling to remember or type complex passwords.
As a bonus, most password managers will securely synchronize your password vault across all your devices (smartphones, tablets, laptops, and desktop computers), allowing you to access your credentials and log in to your accounts from any device and any location.
Enhanced Security
The security of your password manager is critical, and a quality password manager will use strong encryption to protect your vault. Your passwords are encrypted locally on your device, during transmission to the password manager’s servers, and while stored on their servers. This ensures that even if their servers are compromised, your data remains secure.
Other important security features include multi-factor authentication (MFA) and biometric authentication (fingerprint or facial recognition) for added vault security. With MFA enabled, even if someone gains access to your password, they still need a secondary authentication method to login. To protect your password vault, ensure that you have a strong, unique password for your password manager and ensure that you enable MFA for your password manager.
Another benefit of using a password manager is increased protection against credential theft due to phishing. It’s increasingly common for cybercriminals to trick you into revealing your login credentials by impersonating legitimate sites. Password managers protect against this by automatically filling in your login credentials only on the legitimate sites saved in your vault. On a spoofed site, the password manager won’t autofill your credentials which alerts you to danger and helps you avoid being scammed.
Finally, most password managers include a password health check feature which evaluates the strength of existing passwords. It can identify weak, reused, or compromised passwords and prompt you to update them.
There are many benefits from using a password manager, and there are many excellent no-cost or low-cost choices. As of this writing, I recommend 1Password, but you can find many excellent options compiled by CNET, Tom’s Guide and PC Mag.
I’ve been using a password manager for years now and I can’t imagine not having one. Once you make the leap, I’m sure you will feel the same way. And remember, it’s absolutely critical to secure your password vault. I recommend that you come up with a long pass phrase that only you would know as the password for your password manager. For example, “Or@ng3Pl@typusPr3fersSt@rfruit!”, it’s easy to remember, easy to type but strong enough to be virtually uncrackable. When coupled with MFA and encryption, your password vault will be well protected, and you will be much more secure than the average person.
The bottom line is that a password manager is not just a tool for enhancing your online security; it can significantly improve your digital life. Strong, unique passwords are the first line of defense against many cyberthreats, and a password manager makes it easy to create and manage them. Start using a secure password manager today and experience a safer, more convenient, and more stress-free online experience. You, and your bank account, will be glad you did.
Dave Hatter – CISSP, CISA, CISM, CCSP, CSSLP, PMP, ITIL, is a cybersecurity consultant at Intrust IT. Dave has more than 30 years’ experience in technology as a software engineer and cybersecurity consultant and has served as an adjunct professor teaching software development at Cincinnati State for nearly 20 years. Follow Dave on X (@DaveHatter) for timely and helpful technology news and tips.