With the cybersecurity incident first revealed by LastPass last August and updated a few weeks ago on December 22nd, questions have arisen on whether password management solutions are secure and whether they should be deployed in a business setting (and on an individual level).
In this article we will look at what password managers do, how they work, and why they are recommended for organizations and individuals.
What are password managers and how do they work?
Password managers are applications that store and manage online credentials. They can also generate passwords for online and offline use. Unlike other password storage methods, password managers can sync login information across devices, so the same password manager can be utilized on multiple devices people may use.
In addition, some password managers allow users to securely share login information for a selected service. This can be useful for shared business resources.
A valuable feature of password managers is the ability to generate and save strong passwords each time a new account for an online service is created. This feature guarantees that users create unique, secure passwords which significantly increases the security of online accounts and the information stored in those accounts.
Password managers typically store passwords within encrypted databases behind a master password. A single, strong password or passphrase is created that secures all other passwords.
Why should organizations use a password manager?
One study found that the average person has 70 to 80 passwords connected to business and personal accounts. This makes creating unique and complex passwords, remembering them, and managing them a challenge. This leads to passwords being written down and misplaced. It leads to passwords being forgotten and needing to be reset. It leads to the creation of weak passwords. It leads to the reuse of passwords across business and personal accounts which provides threat actors multiple opportunities to wreak havoc. All of which results in increased security risks for organizations, their employees, and their clients.
Given the above, the main benefits of using a password manager can be summarized as follows:
Avoids the creation of weak passwords and passwords reuse
Weak passwords can be cracked by savvy cybercriminals in minutes leaving organizations and individuals vulnerable. According to a 2021 report, cybercriminals can crack 92% of the top 100 passwords within 60 minutes. In addition, 65% of the top 100 passwords are vulnerable to almost instantaneous cracking. As far as the reuse of passwords, once cybercriminals gain access to a single breached password credential set, they will use automatic tools to check the login combination across a wide swath of the internet, including financial institutions, social media sites and business accounts.
Help with prevention of phishing attacks
Many password managers have autofill feature that automatically fill in user credentials on a saved website. This feature can help mitigate phishing attacks, since a phishing site, no matter how good it is, will not be able to match the saved URL within the password manager.
It should be noted that password managers are not solutions for preventing phishing attacks. They can’t prevent phishing emails that deliver malware. However, they can be a significant component of an organization’s broader cybersecurity strategy.
Saving passwords in one central location can help save users time by avoiding resetting passwords or repeatedly guessing passwords, which leads to account lockouts and associated downtime. Password managers can also generate strong, unique passwords for each new account. This accelerates the process of creating new accounts by taking the guesswork out of creating new passwords.
Are password management solutions secure?
All this takes us back to the question of whether password management solutions are secure. Reputable top-rated password managers are specifically designed to be secure. Most password managers use U.S. government-grade computer encryption to store passwords. This means that if a cybercriminal ever breached a password manager company, which has happened, they would not be able to decipher or use any of the stored passwords.
However, there is no 100% guarantee as cybercriminals continue to use sophisticated tools and processes to launch their attacks. This is the reason we highly recommend a layered approach to cybersecurity. And remember, cybersecurity is not a destination. It remains a journey of continuous improvement
To start a conversation about password management solutions or your organization’s cybersecurity journey, contact MicroAge today.