IC University Blog

Password Managers: Never forgetting a password again leads to better, more secure password practices.

Posted by Julia Curtis on Sep 8, 2022 3:13:42 PM

When it comes to the security of your data, the importance of keeping your passwords safe is critical. Over 80% of hacking-related breaches are due to compromised passwords. Unfortunately, poor password habits are widespread. On average, a single password is used to access five different accounts; overall, 71% of accounts utilize duplicate passwords.

Users must improve their password habits, and the first step is to utilize strong, unique passwords for each login. Effective password practices can make it difficult to remember all your passwords with the sheer number of logins required today. That is where password managers come in.

 

What is a Password Manager?

A password manager is an application that stores and manages login credentials. There are several different types of password managers, each offering its own pros and cons. Additionally, users can take advantage of extra benefits like strong autogenerated passwords or helpful security tips and suggestions depending on the password manager chosen.

 

Types of Password Managers:

A web browser password manager is typically built into your browser and allows users to access login information from any device with the browser.

  • Pros: They are usually built into your browser, require no additional software, and are free.
  • Cons: Security depends on your browser security and can be much weaker than stand-alone password managers. For example, not all web browser password managers use a master password to encrypt all your logins, making them vulnerable to local attacks.

A local password manager is one of the oldest and most popular options. These applications encrypt and store passwords directly on a user’s machine.

  • Pros: The user has total control over the password manager's security, and limited access means fewer touch points for potential breaches.
  • Cons: Users with multiple devices would not have access to the saved passwords on each device. If the user lost access to the device with the password manager, they would no longer be able to access that stored data.

A cloud-based password manager lives in the cloud and can be accessed from any device, regardless of network or location.

  • Pros: Passwords are readily available from anywhere, allowing users to gain access on multiple devices and continue to recover passwords if a device is lost.
  • Cons: Security cannot be controlled by the user and is left in the hands of the password management provider. If a service is breached, your credentials may be compromised. However, if the company is keeping up with best practices, all your passwords should be stored in an encrypted format, and your master password should be stored only as a "hash," that's the result of an irreversible mathematical process.

 

How to choose a Password Manager:

The most significant consideration one should have when deciding on a password manager is security. No matter the type of program you use should be a strong advocate for additional protection. 

  • What are the application’s encryption and security policies?
  • Is there a history of security compromises or incidences?
  • Does the application require two-factor authentication or biometrics?
  • Will the application automatically create strong passwords for each platform it interacts with?
  • Does the application flag duplicate or weak passwords?
  • Does the application provide security suggestions?
  • Does the application check your passwords against a database of known compromised passwords?

 

Other Considerations include:

  • Is the application compatible with the hardware and software that you use?
  • Is the application user-friendly?
  • Does the application fit within your budget constraints?

 

Resources:
https://dataprot.net/statistics/password-statistics/
https://www.techadvisor.com/article/745824/is-it-safe-to-store-passwords-in-your-web-browser.html
https://www.passwordmanager.com/what-is-a-password-manager/
https://www.techtarget.com/searchsecurity/definition/single-sign-on 

Topics: Security, Password Manager, Password