In this day and age, password managers have become integral. It’s not a matter of if you need a password manager, you simply DO.
If you are storing your passwords in an Excel spreadsheet, or Outlook contact notes, you are taking unnecessary risks with your sensitive data.
Excel encryption is easy to defeat, and Outlook contact notes get synced to every device that accesses the account. What happens to those notes when that device is lost or stolen? It’s easy to access contact notes once a device is compromised. What if the email account gets hacked? The attacker now has all your contact notes as well. In addition, users are everyday granting contact permissions on their devices to apps that may or may not be ‘above the board’.
An even worse practice is using the same password, or variations of the same password across multiple sites. This is possibly the most dangerous security practice you can have. A study¹ by Virginia Tech University found that:
52% of the users studied have the same passwords (or very similar and easily hackable ones) for different services.
Credential Stuffing is a term used to describe an attack in which hackers compromise one site, or obtain usernames and passwords from the black-market (known as the dark web) and then try those passwords on other sites like your email or bank, to see if you are using the same password. They employ computer algorithms to test slight variations on those passwords as well. Many people do, and credential stuffing is the cause of a lot of data breaches today.
A password manager is a must. Why? Because they allow you to use strong, complex, unique passwords for every site without struggling to remember multiple passwords. In fact, you only have to remember the master password for the password manager. They also allow for tiered access and multiple user accounts, so that your employees can get access to passwords that you allow, and not others. Their database is encrypted on every device with strong encryption, so that even if the device is lost or stolen, attackers wouldn’t be able to get the information.
At MoseSys we recommend RoboForm
Another popular alternative is LastPass
Both of these companies offer desktop apps, web browser extensions, and mobile apps. They also store your password database in the cloud. For those of you who may be concerned about a third party storing and possibly having access to your sensitive information, a good litmus test is whether or not they can recover your password if you forget it. Both RoboForm and Lastpass cannot. Your password database is encrypted using your master password as a key. This means you are in real trouble if you forget your master password. However, it also means that the companies themselves cannot access your sensitive data.
Ask a MoseSys associate today for more information and assistance in setting up a password manager.