There’s a reason why businesses are always looking for the best password management strategy. Almost 80% of hacking-related breaches are caused by weak or compromised credentials. Proper use of passwords is one of the critical steps to avoid becoming a cybercrime victim and applying password management best practices can make a whole lot of difference. Luckily, gone are the days of extremely complex passwords that were impossible to get right when typing and even harder to remember.
So, what are the best practices for password management?
When it comes to passwords, the most important thing is length. A complex password and ten characters long can be relatively easy to crack using something like brute force. However, an easy-to-remember 24-character passphrase is almost impossible to break.
But what is a passphrase?
Passphrase are passwords derived from sentences that are easy for you to remember. You’ve probably heard of the 8 4 rule for creating passwords like “P@$$w04D!”. That’s difficult to remember or type. What you can try is something like, “mypasswordismypasswordforthenext4months”, which is easy to remember but much more complex from a brute force standpoint.
XKCD made a brilliant comic about this which can be seen below.
One thing that shouldn’t be done with a password or phrase is replication. Don’t use the same password you use to log into Facebook to log into your bank account or work computer. This is typically where most people run into a problem, only Rain Man can remember that many passphrases with ease.
Luckily, there are tools that can help you manage your passwords and keep information secure instead of being leaked in the dark web for instance. Password managers store your passwords for you and fill out your log-in forms, so you don’t have to memorize all your confusing passwords. Plenty of apps have stored the passwords on your device, but the newer cloud-based options and tools offer certain advantages. The most popular seem to be LastPass, Dashlane and 1Password.
These tools allow you to use your devices and browsers to store passwords on the provider’s site. They store them in an encrypted way and only decrypt them when you enter your ‘master’ password. These credentials can be accessed remotely from any device as long as you know your master login. All these tools offer dual-factor authentication, an absolute must – otherwise, if someone steals your master password, they have access to all your passwords.
Here is a brief description of all these password management tools:
LastPass remembers your passwords on your behalf and makes it easy to audit passwords, create stronger passwords in general, and automatically change a password for you if a service has been hacked. It also allows you to share login credentials with trusted colleagues and uses multi-factor authentication to protect your passwords even if someone hacks to your account.
Dashlane is another password management tool with a two-factor authentication that allows you to share passwords with emergency contacts in case you can’t access your accounts, and change multiple passwords on multiple websites with just a few clicks. The tool also offers a dark web monitoring service that alerts you if any of your personal information is found on the dark web.
1Password comes with a strong password generator to help you pick out a good password, allows you to secure notes for other passwords or notes you want to keep private, a digital wallet for bank accounts and a password ‘recipe’ builder that helps you create strong passwords.
These are just a few management tools that can help you keep track of your passwords and make sure your information stays secure, and not fall in the wrong hands. Proper management of passwords is critical to cybersecurity and these tools can greatly add to your organization’s line of defence. Start taking control of your cybersecurity today by implementing these password management best practices. If you have further questions on whether password management tools are safe to use or what you should pay attention to when you’re in the market for one, reach out to our security experts, they’re ready to help.