Tips for Choosing a Password Manager
Cybercrime currently costs the UK economy around £27 billion every year. Small businesses and individuals are among the favorite targets, simply because most criminals view them as easy pickings. Passwords, which have played a central role in information security ever since the dawn of modern computing, are among the most frequently stolen assets. Given that the most common passwords are ‘123456’ and ‘password’, this is hardly surprising.
Large databases of stolen usernames and passwords routinely end up on dark web markets and forums, where cybercriminals trade them in return for cryptocurrency. The fact that most people reuse the same passwords across all their accounts greatly increases their exposure to attackers, especially if those passwords are weak. The risks have never been greater, and every business and individual must do everything they can to bolster their digital defenses.
Having a weak set of login credentials for a high-value account containing personal or financial information is an open invitation to hackers and social engineering attackers. Passwords are among the most stolen assets during phishing scams, where criminals send emails or set up websites that look like the real thing but are actually designed to steal passwords. These risks can be drastically reduced by using a reliable password manager, ideally, one that supports multifactor authentication (MFA)
What is a Password Manager?
Chances are, you probably already use a password manager every day. They are included in all modern browsers to make it easier for you to log into your online accounts by remembering your usernames and passwords. However, a third-party password manager like Dashlane or 1password can go much further, by generating strong, random passwords that even you will not know. This makes your passwords practically immune from phishing or brute-force attacks.
That said, there are also some innate risks of using a password manager. They are a natural target for hackers too, and some may contain vulnerabilities of their own. Moreover, recovering a lost master password can be complicated, and sometimes even impossible, in which case you may need to manually reset your passwords on each of the accounts you were using it with. However, good password managers also offer a range of secure recovery options.
Due to these factors, it is essential to choose a trustworthy provider that offers an optimal mix of security and convenience. After all, staying safe online will be much easier when you only have to remember one complex password to access everything on all your devices. But before you make the choice, be sure to ask yourself the following questions:
6 Questions to Ask When Choosing a Password Manager
1. How are your login credentials stored?
The biggest shortcoming of most browser-based password managers is that they store your login credentials on the local computer in unencrypted form. This means that, if the device is stolen, a determined hacker might be able to gain access to them. One of the most important benefits of choosing a standalone password manager is that the best ones always encrypt credentials in storage, whether they are stored online or on the local device. Be sure to choose a solution that provides AES-256 encryption for its password database, especially in the case of those that synchronize logins between devices.
2. How can you recover your account?
One of the oft-cited drawbacks of using a password manager is that, if you forget your master password, you will be locked out of all accounts. Similarly, if an attacker gets their hands on the master password, then they will have access to all of those accounts. Ideally, your stored credentials should only ever be accessible to you, and no reputable password manager would ever have access to it either. However, if you ever need to recover your master password, you will need some sort of recovery method, such as an emergency authorization for a relative or trusted friend or colleague.
3. Does it include multifactor authentication?
Passwords only provide one layer of security, so they are not enough for protecting high-value accounts like email, social media, or online banking. After all, any passwords, including master passwords, can be stolen by phishing scammers, regardless of their length or complexity. The best password managers, especially those designed for business use, also support multifactor authentication. With MFA, you will need to verify your identity with an additional security token, such as a one-time password or SMS code. This is especially important when logging in from a new or unrecognized device or network.
4. Which devices does it support?
One of the main advantages of using a password manager is that you will no longer have to enter your login information for every website on every device you use. However, this will only work if you choose a password manager that supports all your devices and synchronizes your login credentials across all of them. Ensure the password manager you choose is compatible with your preferred web browsers, operating systems, and devices. One that offers a similar user experience across all supported platforms will also make it easier to adapt to using it on all your devices.
5. Can it generate random passwords?
Another important benefit of using a standalone password manager is that most of them create random, strong passwords consisting of letters, numbers, and symbols that are both very hard to remember and practically impossible to crack. Even you will not know these passwords, but neither will you need to, since the password manager will remember them for you. Random password generation is not supported by built-in browser-based password managers, but it is a common feature of standalone solutions. Some password managers also provide security auditing features to let you know about any weak passwords that need to be changed.
6. What is the company’s track record like?
Last, but certainly not least, you should carefully evaluate the track record of the company that develops the password manager. After all, you will be putting a lot of trust in them. For a start, no reputable service provider will ever have access to your master password or the encryption key it pertains to. That way, if the company were to suffer a severe data breach, no attacker would be able to access user passwords, since they would be fully encrypted. That said, be sure to choose a company that has an impeccable track record with no recent data breaches. Consumer review websites are a good place to start when evaluating any software company.
What are the Best Password Managers?
A quality password manager, such as Dashlane, 1password, or Roboform, should offer both convenience and increased security. Although any password manager should offer advanced features not found in your average browser-based solution, it should be easy to use and avoid any unnecessary complexity. After all, the whole point of using one is to promote better digital security habits.