Because of the proliferation of security breaches, hack attempts and other daily vulnerabilities in this new era of technology, this subject is a constant worry on everyone’s minds whenever they create, use, or share a password. A recent keynote I attended (featuring Jason Brown of the United States Secret Service) confirmed this trend; people and businesses are in serious trouble in this Internet driven world!
The first problem we’ll address is directly related to password management and the storage of these codes. Where and how should I store my passwords? Based on commonly adopted best practices about what a good password should be and why you need to have separate ones for all your accounts, you will be left with potentially dozens if not hundreds of passwords and other credentials to store somewhere.
If you are like me and already have a hard time remembering your debit card PIN code, you may need some help.
1. What medium to use?
Using your brain is a pretty good way to remember things, but memory is not always the most reliable method based on the circumstances (emotions, stress, substances…). Since we live in an internet driven world, some security strategists believe the paper and pencil method is a great way to store passwords as it provides an off-the-grid solution (assuming you keep it hidden). So, if this works for you and you don’t need to have access to your passwords while you’re on the road, go for it!
Most of us, however, will prefer using some form of electronic vaulting. These are called password managers. Some reliable password manager tools are Keypass, LastPass, and Dashlane. Stay away from password protected excel spreadsheets. The excel spreadsheets are not a secure way to store your passwords and of course stay away from over-used typical passwords.
2. Location, location, location…
The biggest obstacle you will face with password managers is the location of the data. Electronic lockboxes are databases with encrypted records and controlled access. The location of this database can either be local (on your device) or in the cloud (stored online) depending on the chosen solution.
Internet based lockboxes are more feature-rich than their counterparts. The ability to access your passwords from any device regardless of its operating system or location is an advantage and a risk at the same time. Locally stored databases can still travel with you, but their synchronization among multiple devices can be challenging when you update them.
3. Password storing solutions
Password managers offer a variety of features from generating complex passwords to hierarchical sub-grouping (Shopping, Banking, Traveling). One popular feature is the ability to automatically submit the password alongside your login ID without the user opening the lockbox itself.
Some managers even offer the ability to automatically and regularly change your passwords on compatible web sites (typically social media sites, but the list is ever growing for utilities and shopping sites). Enterprise password managers also offer multi-user access with role based access control. You can use your electronic lock-box to store any other sensitive records like your physical safe code number, door codes, and Wi-Fi encryption keys.
4. Password manager risks
Convenience is still security's worst enemy! Storing dozens of passwords in a lockbox rather than expecting that your poor brain to remember them all is a great convenience, but it comes with risks. All of your sensitive data is now limited to a master password.
This means that if your master password is compromised, you are now in even bigger trouble as all your accounts and access codes are being delivered to the bad guys on a silver plate…
5. Safe password management strategy
Like everything in life, we must all make compromises. The more convenient you want password management to be, the more risks you will face, exposing yourself to hackers and other security threats. However, some basic rules should be applied to ensure a sound utilization of those products:
- Use a VERY strong password for your master lockbox access
- Store this master password in case you forget it at some point. (avoid electronic formats! Paper still works well)
- Create a two-factor authentication system of your own to further secure a potentially compromised lockbox (something you have + something you know). Pick a predefined prefix (i.e.: dog’s name) that you will always remember as a prefix of your actual password, but that will never be shown anywhere in the electronic lockbox records. This simple tip will go a long way in reducing the risk in using online passwords.
Nothing will ever completely prevent these risks, but if you take the proper precautions, you will be doing yourself a huge favor by protecting the vital information stored on the internet.
Jason Brown from the United States Secret Service recommended dedicating a computer in your home for online-banking only and to keep it turned-off when you’re done. This might be too extreme but it reveals the magnitude of cyber threats. As an IT managed service provider we see this password security becoming an issue for all businesses regardless of size.