Password policy and management should be at the top of your company’s IT security practices list, as there are numerous ways in which poor password security can leave your organisation vulnerable to data breaches and malicious attacks. The National Cyber Security Centre’s (NCSC) Password Guidance document has a comprehensive list of the ways your passwords can be compromised, to give you an idea of the measures you need to take to protect them. Password managers are effective tools which go some way to ensuring you are protected in many of the instances listed by the NCSC, as we will explain...

What Are Password Managers?

Broadly speaking, password managers are useful pieces of software which store your passwords securely, allowing you to keep a log of your accounts and login credentials without having to remember each individual password. They can help you create secure passwords, and automate the process of inputting your credentials each time you want to log in.

Why Should I Use A Password Manager?

As password managers generate individual passwords for each of your accounts/sites, this limits the damage that someone could do should they get hold of one of your passwords. Approximately 59% of people use the same password across all of their accounts, which is rather worrying, as should someone find the password to one of your accounts, they have the password to them all. Password managers take away the hassle of having to create secure passwords for each website, generating a secure, complex password for you. A complex password drastically reduces the chances of someone using brute force techniques (guessing millions of different password combinations) to get into your account. You don’t have to worry about remembering all of these long, complex passwords either;most password managers have a function or a plug in which will automatically enter the password for the site you wish to use. If not, it’s a simple matter of accessing your password manager and copy/pasting the correct credentials. The only password you need to remember is the one to get into your password vault.

Any Downsides?

As you only need one password to access your password vault, if someone gets access to that, they not only have a list of all the accounts you are active on, but the login credentials for all of them too. Luckily, many password managers utilise 2-factor authentication, adding an extra layer of security, so it’s wise to choose a manager that employs this.

A lot of modern password managers sync your password back to a server somewhere, allowing you to access them online from anywhere. This is very convenient, however you can’t know for sure that your credentials are not being stored in a compromisable format, no matter how much the company say they are storing them in an encrypted or hashed state. Do some research into which are the most trusted password managers before handing over your data.

Our Picks

You should always research password managers yourself, as each person’s needs are different. We thought we’d point you in the direction of some of our favourite ones, so you can take a look for yourself. LastPass, Dashlane and RoboForm are all password managers which sync online and are stored centrally. KeePass allows you to keep hold of your vault locally on your own device, and is free, open-source software, whereas the other examples have a subscription fee attached to them. When researching, start with those to give you an idea of features, pricing and security features.

BirchenallHowden sets up all of our employees with password managers for their own accounts, to ensure that not only are their personal accounts protected, but our company and our clients’ data is protected too. If you would like more information on implementing password managers in your organisation, please get in touch. Our security consultants would be glad to have a chat with you.