Password Manager – The Good, The Bad & The Truth.

Tony MasonCyber Security, Data Protection, Password Management, Security Awareness & Phishing

As part of any security awareness training we cover passwords. We teach users how to choose secure passwords, with the right length and characters, pass phrases etc. However, the average person has to log on to over 170+ sites/services and usually only have 3 to 19 passwords. That means there are a lot of weak/shared passwords in use & some of these will be by your staff.

Therefore, not only our partner, KnowBe4, but also the National Cyber Security Centre strongly recommend you use a Password Manager, take a look here to see why.

This is in order to effectively reduce password reuse and improve complexity. But you may be wondering if it’s really worth the risk. 

Is it safe to store all of your passwords in one place? Can cybercriminals hack them? Are password managers a single point of failure? Take a look at this on-demand webinar by Roger A. Grimes, KnowBe4’s Data-Driven Defence Evangelist, where he walks you through these questions and more. He also shares a new password manager hacking demo from Kevin Mitnick, KnowBe4’s Chief Hacking Officer, that will reveal the real risks of weak passwords.

Password hygiene should be part of your security culture, from the onboarding process right up to the board.  

Check out KnowBe4 for more information about effective, new school, security awareness training that successfully changes users’ behaviour.

Factors to Consider When Selecting a Reliable Password Manager

With many password managers available, finding the right solution can be quite challenging. Look out for some of these password manager features to know you’ve selected the right one.

1. Zero-Trust Security – enforces strict user authentication and least-privilege access.  It restricts user access to resources that are necessary for the successful completion of tasks in a given role.  This ensures that only legitimate users have access to your systems throughout the digital process to greatly reduce your organisational risk.

2. Regulation Compliance – Here are some standards your password manager should comply with:

  • Federal Risk and Authorization Management Program (FedRAMP). Although this is mainly for government, a password manager that complies with FedRAMP ensures more security controls. 
  • General Data Protection Regulation (GDPR).  A password manager in compliance with GDPR is likely handling your data appropriately.  
  • Payment Card Industry Data Security Standard (PCI DSS). This regulation sets requirements to guarantee the security of payment processors when handling your debit or credit cards.

3. Compatibility with Your Systems and Software

4. Encryption – A password vault is the part of a password manager that actually stores the passwords for multiple applications. Password managers must have encryption, which scrambles credentials and makes them unreadable by attackers. Also, providers must store your password in its encrypted form as this makes them unable to access your credentials as well.  

5. Automation (Browser Extensions Should Work Automatically)

6. Password Generators 

7. Multi-Factor Authentication (MFA) – According to research by Microsoft, MFA can prevent 99.9% of account compromise attacks. A reliable password manager should require 2FA or MFA in addition to your master password before providing access to your account.   

Need a Password Manager? Consider our partner Keeper. Keeper is an easy-to-use password manager that is built with a proprietary zero-trust architecture and end-to-end encryption to secure your credentials. 

Get in touch with us for a free trial, 01628 362 784.