I have given a number of presentations on the general topic of cybersecurity that always include a discussion of password best practices. You know the spiel. Passwords are to be long and difficult to guess, different for every account or device, never reused, etc. Obviously, this can be a challenge. In fact, I’ll share, between my wife and I, we have over 250 different passwords we need to keep track of in our personal and professional lives. This is when the hands start to go up and it’s the same question every time. “How in the world do you keep track of all those passwords?” While there are several ways to do it, my answer always includes encouraging the use of a password manager. Of course, the next question is either, “What the heck is that?” or “Are those things safe to use?”
At the most basic level, password managers are software applications that allow you to conveniently store and manage all of your passwords. The data is encrypted and can only be accessed after you have entered a master password. Yes, you still need to remember a long difficult to guess master password; but having to remember just one is far easier than 250. Just don’t write it on a sticky note and place that on the side of your computer screen. You really must commit it to memory or store it in some other secure manner.
For me, the more interesting question is always the one about whether or not password managers safe to use because, in my experience, this is the concern that becomes the excuse to not make a change. At the outset, I would hope the use of a password manager would be viewed as far more secure than simply writing things down on a piece of paper or on sticky notes that are left lying around. Further, given the robust encryption in use, these applications are also going to be more secure than keeping a list of passwords in an Excel or Word file. But here’s the real value as I see it. The use of a password manager is going to be far more secure than picking weak passwords, not changing passwords and re-using old passwords, which is what so many do by default. Password managers are simply about making it easy to follow through with password best practices, which can go a long way in preventing a cybercrime.