With the cybersecurity incident first revealed by LastPass last August and updated a few weeks ago on December 22nd, questions have arisen on whether password management solutions are secure and whether they should be deployed in a business setting (and on an individual level).
In this article we will look at what password managers do, how they work, and why they are recommended for organizations and individuals.
What are password managers and how do they work?
Password managers are applications that store and manage online credentials. They can also generate passwords for online and offline use. Unlike other password storage methods, password managers can sync login information across devices, so the same password manager can be utilized on multiple devices people may use.
In addition, some password managers allow users to securely share login information for a selected service. This can be useful for shared business resources.
A valuable feature of password managers is the ability to generate and save strong passwords each time a new account for an online service is created. This feature guarantees that users create unique, secure passwords which significantly increases the security of online accounts and the information stored in those accounts.
Password managers typically store passwords within encrypted databases behind a master password. A single, strong password or passphrase is created that secures all other passwords.
Why should organizations use a password manager?
One study found that the average person has 70 to 80 passwords connected to business and personal accounts. This makes creating unique and complex passwords, remembering them, and managing them a challenge. This leads to passwords being written down and misplaced. It leads to passwords being forgotten and needing to be reset. It leads to the creation of weak passwords. It leads to the reuse of passwords across business and personal accounts which provides threat actors multiple opportunities to wreak havoc. All of which results in increased security risks for organizations, their employees, and their clients.
Given the above, the main benefits of using a password manager can be summarized as follows:
Avoids the creation of weak passwords and passwords reuse
Weak passwords can be cracked by savvy cybercriminals in minutes leaving organizations and individuals vulnerable. According to a 2021 report, cybercriminals can crack 92% of the top 100 passwords within 60 minutes. In addition, 65% of the top 100 passwords are vulnerable to almost instantaneous cracking. As far as the reuse of passwords, once cybercriminals gain access to a single breached password credential set, they will use automatic tools to check the login combination across a wide swath of the internet, including financial institutions, social media sites and business accounts.
Help with prevention of phishing attacks
Many password managers have autofill feature that automatically fill in user credentials on a saved website. This feature can help mitigate phishing attacks, since a phishing site, no matter how good it is, will not be able to match the saved URL within the password manager.
It should be noted that password managers are not solutions for preventing phishing attacks. They can’t prevent phishing emails that deliver malware. However, they can be a significant component of an organization’s broader cybersecurity strategy.
Saving passwords in one central location can help save users time by avoiding resetting passwords or repeatedly guessing passwords, which leads to account lockouts and associated downtime. Password managers can also generate strong, unique passwords for each new account. This accelerates the process of creating new accounts by taking the guesswork out of creating new passwords.
Are password management solutions secure?
All this takes us back to the question of whether password management solutions are secure. Reputable top-rated password managers are specifically designed to be secure. Most password managers use U.S. government-grade computer encryption to store passwords. This means that if a cybercriminal ever breached a password manager company, which has happened, they would not be able to decipher or use any of the stored passwords.
However, there is no 100% guarantee as cybercriminals continue to use sophisticated tools and processes to launch their attacks. This is the reason we highly recommend a layered approach to cybersecurity. And remember, cybersecurity is not a destination. It remains a journey of continuous improvement
To start a conversation about password management solutions or your organization’s cybersecurity journey, contact MicroAge today.
3 Critical Cyber Threats For Businesses in 2019
Malware, vulnerabilities, and social engineering are some of the main concerns for IT security professionals. Although the tactics used to target businesses and individuals are…
5 Benefits of an Optimized IT Infrastructure
Is your current IT infrastructure helping your business thrive in its industry or creating obstacles for growth? If you’re still not using cloud technologies to…
3 Advantages of Using Cloud Infrastructure
Everyone knows that cloud computing is a hot trend, and its adoption should only increase over the next few years. According to one study published…
The Top 5 Office 365 Collaboration Tools You Need in Your Workspace
Office 365 is Microsoft’s latest business technology product and includes some of the most versatile and game-changing programs available to business owners. However, it can…
The Dark Web: What Is It and Why Should You Care?
The internet is a space that is made up of good and bad. The internet is paradoxically composed of three layers, particularly the deep web,…