With cyber attacks at an all-time high, one of the best means of protection is to implement better password practices across the entire organization. Simply asking employees to follow best practices for password management and having them listen would be nice, but as we all know, it’s not always that easy.
People like using simple passwords and often use the same simple password for everything. As a matter of fact, a lot of us do this. Recycling is great if you’re trying to be eco-friendly, but this is your private information we’re talking here. No surprise this can be can be a huge problem, especially in a business setting since 63% of confirmed data breaches leverage a weak, default, or stolen password. So what’s the solution?
What Is a Password Manager and What Do They Do?
A password manager automatically generates, retrieves, and stores incredibly long, complex passwords across every one of your accounts. They also can protect other vital online information like your PINs, credit card numbers, and even answers to security questions.
Despite the numerous benefits of password managers, they haven’t yet caught critical mass as businesses naturally have a fear that if their management system gets breached, their information will be exposed. While it may seem scary to keep so much valuable information in a password manager, all info is kept safe and secure with strong encryption methods, making it nearly impossible for hackers to penetrate.
What Else Can Password Managers Do?
In addition to creating and storing complex passwords, you can use password managers as a defense mechanism against phishing attacks. By incorporating an automated login script, the password manager can compare the current site’s URL to the URL of the stored site. If the two don’t match, the password manager will not fill in the login fields and will act as a safeguard against look-alikes and visual imitations.
Password managers can protect against keystroke logging malware too. By using auto-fills features for login fields, the user never has to actually type in any passwords, leaving the keylogger with nothing. These tools also allow for multi-factor authentication for both the password manager account and critical accounts like email, banking, etc., to add an extra layer of security.
What’s the Best Password Manager?
Of course, this is a matter of preference and there is no one single best solution. From features to price and more importantly, level of security, you should take time to understand each solution to select one that best fits your needs.
At Envision we like LastPass which is a freemium password management tool. It stores all of your encrypted passwords in a private account and has a master password that it’s protected by. It then syncs all the content with all of the user’s devices and encrypts all information at the device level with AES-256 bit encryption with PBKDF2 SHA-256 and salted hashes. It also supports automated password entry, site sharing/logging and form filling and multi-factor authentication. While it’s had hiccups in the past, it’s security about as safe as it gets and the company works diligently to address issues.
Remember no password manager is a one-size-fits-all solution, and there are plenty of others on the market, so do some research and see what password manager best fits your business.
If your organization is ready and eager to strengthen security with password managers, take advantage of Envision’s cybersecurity expertise to help you plan, deploy and manage a state-of-the-art password management system. All you need to do is schedule a demo with a member of our team