Password management tools
Get yourself a password manager and stop committing these security crimes!
Using a cloud-based password manager will help you and your team avoid the following security crimes:
Insecure Passwords
Stop using passwords that are not complex and can be easily discovered by a Brute Force Attack
Password managers will create secure passwords for you. And the best part is that you’ll never need to remember them because the password manager handles that for you!
You WILL however, need a single very-strong password on your password manager. I recommend creating a password using the XKCD method of combining four random words
Insecure Storage
Stop storing passwords (and other secrets) in an insecure location such as a spreadsheet or a post-it note
Using a password manager means your passwords will always be easily accessible to you and to no one else.
Insecure Sharing
Stop sharing passwords with your team via email or SMS
Shared passwords are generally frowned upon in general, but there are times when they are simply unavoidable. In these cases, use your password manager to create a shared folder of credentials that you can share with some or all of your team.
Insecure Re-Use
Stop using the same password for more than one of your accounts - Here’s why
Using the same password for your social media accounts AND your bank accounts is how a lot of crime starts. Criminals will hack into a relatively insecure and steal all the usernames and passwords. They then try those same usernames and passwords at other sites. If a user has used that same combination somewhere else, they’re likely to be hacked.
For Example: In around 2008, MySpace suffered a data breach that exposed almost 360 million accounts. This list of usernames and passwords was then made available to the public on the internet. That same day, hackers were trying those same combinations of usernames and passwords at websites like banks, email servers, and social media accounts.
By using a unique (and strong) password for each and every one of your accounts, you can be sure that, if
Choosing a password manager
Zero Knowledge
Password Management is definitely a situation where you require a Zero Knowledge Service . This means that the service provider (LastPass for example) will have no ability to see anything you store within their system. This is because it is all encrypted in your local browser extension before it is ever uploaded to the their servers.
The obvious benefit of this is that a bad actor at LastPass would not have the ability to gain access to your passwords … but —even better— it means that if hackers somehow broke into LastPass and stole all your data, they would similarly not be able to decrypt or access your passwords.
A slight downside to using a Zero Knowledge service is that, if you lose your master password, the service provider has no way of helping you recover your passwords and you’ll need to reset all your passwords to regain access to your systems. Some password managers provide for self-help mechanisms such as resetting your password via email, or using a
Cloud-based
Using a cloud-based password manager means your passwords will be available across your devices (desktop, laptop, mobile) no matter where you are located (office, home, vacation).
I don’t recommend using an on-premise solution as a password manager unless your team is technically adept… and if this is the case, you probably don’t need this article at all!
Supports secure sharing
Ideally, your password manager will make it easy for you to securely share credentials with your team members (where required)
Requires 2-factor authentication
You 1000% want to set up 2-factor authentication on your password manager account. Not doing this is security suicide.
So which password manager to choose?
I use LastPass which was an early entrant into the cloud-based password management world and I’ve been using them since around 2010. However, there are other very similar tools with similar capabilities such as:
KeePass is another relatively popular password management tool, but it is software that you must install on your own computers (it’s on-premise software instead of a cloud service). I don’t recommend using an on-premise solution as a password manager unless your team is technically adept… and if this is the case, you probably don’t need this article at all!
