Blog / Why Do You Need a Password Manager?
Keeping credentials in a password manager makes protecting yourself easier.
I’ve talked a lot in this newsletter about passwords from the point of view of an organization. This generally means having appropriate acceptable use and password policies around user behavior and device configuration. You don’t want your staff using personal passwords, simple passwords, and so forth. It’s important to set up good rules for employees to follow.
It’s not just about writing down the rules and collecting signatures though. Employees need to understand the principles of proper passwords, and relating them back to everyday use for their own lives can go a far way. So how do we go about protecting ourselves easily?
Offload the work.
You’ve likely got passwords for plenty of crucial parts of your life, like your bank account(s), social media sites, email, and any number of other things like game servers, YouTube accounts, and streaming services. Of course, one of the most common bits of advice on passwords that you’ll hear is “Do not reuse your passwords,” and for good reason. If an attacker does get ahold of your password, you don’t want them using it to breach other sites.
One option is to use a password manager, which is just a bit of software that stores your passwords to different services. Most can also generate random passwords with a configurable length so you never even know what the password actually is. In effect, you only need to remember one password to access the manager itself, and thus your saved passwords. They can be an excellent way to offload much of the effort of dealing with passwords.
What password manager should I choose?
There are many different password managers to choose from like Lastpass, 1Password, and plenty of others. I’m not going to make a recommendation on which one because really the only major differences are price and license limitations. Some solutions allow for multiple installations, sometimes on different devices, as well as support for mobile versions, and so on. Just remember to make sure to find one that suits your unique situation.
Security without a password manager.
If you don’t like the idea of a password manager then you need to be able to make good template of a passphrase and use a different version of it everywhere. We’ll keep the base passphrase simple, and modify it as needed for each service.
Step 1: Decide on a phrase.
Ex: “I need to setup a password for Facebook”
Make your passphrase something long and easy to remember (I like to use a sentence and include the spaces). Also make sure the base phrase satisfies the requirements of length, upper case, lowercase, and special characters (which includes spaces).
Step 2: Add a little bit on the end
Once you decided on a phrase, it’s time to tack on a little bit extra security. Oftentimes there are other requirements to your passwords, like numbers. So, add on a little bit of relevant flare to finish off your password requirements, like including the month and year.
Ex: “I need to setup a password for Facebook Nov 2022”
Step 3: Periodically change your base password
Not every site or service place forces you to to change your password on a regular basis, so you need to remember to schedule it yourself. This is easy if you just change that little bit at the end from step 2.
Ex: “It’s time to setup a password for Facebook Dec 2022”
Changing your passwords every 3-6 months is easy as long as you set yourself up properly. If you don’t feel the need to invest in a password manager, a simple pattern that makes it easy to remember your passphrase and variations is a passable alternative for people’s personal passwords. The key is not to overcomplicate the process. Change the little bit at the end for a couple of password changes, then once in a while change the up the phrase itself.
If you’d like to learn more about creating a strong password policy for your business or how to configure your own password manager, contact our cybersecurity experts and we’ll be happy to help out.
For today’s Shakespeare quote I’ll pull a line from the play Julius Caesar: “There is a time in the affairs of men, Which, taken at the flood, leads on to fortune.”
Be kind, courtesy your friendly neighbourhood cyber-man.