PASSWORDS. They’re a necessary evil hated by almost everyone. They’re either too hard to remember or too easy to guess.
Hence the rapid growth of password management services. But you might be wondering “Are they secure? What if it gets hacked?” In this post we will explore how safe password managers are along with their pros and cons.
LastPass Update: March 27th, 2023
Recently LastPass has made the news for less than wonderful reasons; A hacker was able to obtain a copy of an encrypted backup of the user passwords, website usernames, and form-filling data according to CyberNews. Another incident in 2019 was discovered when a researcher found a LastPass browser extension vulnerability that if exploited could expose 16 million users' credentials. This includes master passwords, email addresses, and password reminder questions. Because of this breach, we can no longer recommend LastPass.
Are password managers safe?
There is no way to be 100% safe online, so layering protections is the key to keeping your data safe. Think about your data as a castle. The more defenses you utilize, the safer your castle. For example, moats, drawbridges, and watch towers. Part of that layering should involve using a password manager. Password managers are extremely difficult to compromise, especially when combined with multifactor authentication and biometrics such as fingerprint authentication.
Every reputable password manager uses the “zero-trust" technique to protect data. So, you might be asking “What is zero trust? How does that keep my data safe?”. According to CrowdStrike zero trust is “a security framework requiring all users, whether in or outside the organization's network, to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to applications and data”.
One of the most effective functions of zero trust is MFA or Multi-Factor Authentication. It’s becoming standard with many applications, so you’ve probably experienced using this before. For example, if you have ever logged into your email account on a different computer than usual and been asked to enter a code that was texted to your phone to verify that you are who you say you are, then you have used MFA.
This is extremely important when it comes to keeping your data safe. If someone doesn’t have the code sent to your phone, then they cannot access your email, even with your password. MFA comes standard with most password managers.
So, what are the other benefits of using a password manager?
-You won’t have to create your own password. Password managers create unique, complex passwords for you.
-Cloud-based password managers will sync across devices, so they work the same way on your phone, tablet, desktop, and laptop.
-It can help protect your data by ensuring every password you have is different. This means if even the rare event that someone does access one of your passwords, they don’t have access to your other accounts. Because we humans like simple, we often re-use passwords.
But to be fair, there are drawbacks to password managers as well.
-All your sensitive data is stored in one place, protected by a master password.
-You might forget your master password, which is deliberately hard to reset.
If you are the type of person who can create long, complex passwords and remember them, then a password manager probably is not for you. For everyone else though, password managers can be an excellent way to keep their sensitive data safe.
Keep in mind...
It's important to remember that password security, while tremendously important, is only one part of the cybersecurity puzzle. Cybersecurity is like a boat; one small hole can cause catastrophic results. This means you'll want to implement layers of security including antivirus software, data encryption, and network protection.
If you feel overwhelmed by your business's cybersecurity needs, give us a call at 1-800-968-6925. We will work with you and your team to design a security plan that works for you without breaking the bank.
Check out our latest posts: