If you’ve been paying attention to the cyber security advice that regularly does the rounds (including from us), you’ll know “sort out your password habits!” tops the charts.
Good password habits (or “password hygiene”, as you might sometimes hear it called) mean it’s less likely some nefarious person will guess or steal your passwords, giving them access to your accounts.
It wouldn’t be unusual if you created your email account many, many moons ago. But maybe you can cast your mind back to answer this question: did you set your password as something like “123456”? And more importantly: have you changed it since then?
You might have heard of password cracking dictionaries before — they’re a tool that comes in super handy for attackers who want to get access to your stuff. These dictionaries are typically home to passwords that are commonly used, or those that have been exposed in cyber attacks — and you can bet old favourites like “123456” and “password” are part of the furniture.
We get it, though. Knowing your passwords would get blown over in a stiff cyber-attack breeze is one thing; knowing what to do about it is quite another.
Often, the real issue is that many of us still don’t know what makes a strong password and our brains can’t remember more than a few, let alone dozens of them.
Beyond Identity recently shared the results of their survey around password habits in the United States. More than a third of respondents had tried to guess someone else’s password, and nearly three quarters had guessed correctly. The same survey found that 10% of respondents thought someone would be able to guess a password of theirs by checking out the information on their social media profiles. Yikes.
It’s pretty standard these days to use a range of devices, accounts, and tools as we go about our business. According to a recent study by NordPass, people have 100 passwords on average. That’s 25% more than they had before the pandemic. It’s a lot. And it’s the main reason we reuse passwords or come up with ones that are easy to guess remember.
But the good news is that modern technology is here to save us — enter, password managers (also known as password vaults). If you’ve never used a password manager before, you’re in for a treat. They can seem a little intimidating (or just like a lot of setup) at first, but we promise they’ll make your life easier.
What’s a password manager?
Put simply, a password manager is a digital tool that creates (!) and stores your passwords in one secure place.
If you’re wondering if it’s really safer to keep all your passwords in one password manager than it is to keep each one on a piece of paper carefully hidden in different places or written in your notebook, the answer is — yes, yes, a thousand times yes.
While password managers aren’t bulletproof, they’re built with layers of encryption that make them difficult for attackers to get into. And a password manager can only be accessed if someone has your master password, which you’ll create during the setup process.
Types of password managers
Password managers can be cloud-based, browser-based, or as apps installed on your device.
Cloud-based password managers
You can install these as plugins in your browser, or you can access them through the relevant website. They’re very easy to use as well as being convenient, as they allow you to access your information across multiple devices.
Browser-based password managers
These are built into Internet Explorer, Safari, Chrome, and some other browsers.
While using an internet browser to log in to your accounts, you’ll typically see a pop-up asking you to save your login and password information for the site you’re on. It’s super convenient, but it’s worth remembering that browser-based password managers don’t have all the same features as a separate password manager app or software.
For example, they don’t let you share vaults or passwords that you may need to share with others (like your organisation’s social media accounts). These password managers also might not “lock” — so if someone who has access to your computer goes to a website that you’ve saved a password for, it will give them an easy way to log in to your account.
Password manager apps installed on your device
You can also install password managers as apps on your computer, tablet, or phone — making sure to install only from official and secure online sources, of course!
While password manager apps usually have a higher level of security, they can only be accessed from a computer they are installed on. It’s also important to remember that if you’re choosing this option, you need to be in the habit of backing up your device regularly — otherwise you’ll likely find you’re missing passwords at some point.
What are my password manager options?
There’s a wide selection of free and paid tools available — you might have heard of ones like 1Password, Bitwarden, Keep, Dashlane, and LastPass.
Some of these also give you the option of safely sharing your passwords with selected people — which means you no longer need to share passwords through emails, text messages, and sticky notes in your office. Happy days.
Why should I use a password manager?
Using a password manager will require you to change some of your habits, and that can be tough. So we’re going to run you through why it’s worth it.
Essentially, password managers help you create a more cyber-secure environment for yourself, whether it’s in your daily life or in your workplace.
Here are the top reasons we think it’s a change worth making.
Password managers generate strong passwords
Once you’re all set up with a password manager, you can say goodbye to using unsafe passwords (like “123456”) and hello to using strong passwords.
What’s a strong password, you ask? It’s one that has more than 16 characters and includes uppercase and lowercase characters, some digits, and some special characters (things like %, #, and !).
With all that to think about, it’s no surprise we fall back on the old “123456”. And this is one of the ways password managers really help — one of their key features is generating strong passwords for you with just a click.
Only one password for you to remember
This is probably one of the features of password managers that people love the most.
Let’s face it, our work environments change, we have multiple devices, and the amount of passwords we use quickly becomes impossible for us to remember. With a password manager, you can pick one strong master password, memorise it, and call it a day.
Store other valuable information
Password managers: not just for passwords!
You can also keep the answers to security questions for different accounts in your password manager, as well as information like credit card details.
In addition, if you’re using two-factor or multi-factor authentication, you can keep the associated backup codes in your password manager, too — all safe and secure in one place, under layers of encryption.
Passwords at your fingertips, across all your different devices
Cloud-based password managers let you access your data and information from anywhere using any device. With easy syncing options provided by a large number of cloud-based providers, the usual logic is the same — just one master password to remember, which you then use to access your vault and keep your accounts secure.
Password managers are awesome! What should I do next?
Now you know what a password manager is and why you should use one, set aside some time to find an option that works for you. While there’s no getting around the fact that setting yourself up with a password manager takes some work, we hope this post has helped explain why it’s absolutely worthwhile.
Before you know it, you’ll be ready to farewell those unsafe passwords scribbled on bits of paper around your office!
Setting up good cyber security practices like generating strong passwords and storing and sharing them safely through a password manager will make a big difference to how secure you are online.
If you’re ready to take the next step, let us help you keep building your cyber security superpowers. Our Security Awareness training programme covers cyber security essentials for you and your team in an engaging and action-oriented way — and you can start a free trial today.
We love to hear from you
If you enjoyed reading this blog post or if something sparked an interest, please share it with us. Drop us a line at firstname.lastname@example.org and let us know what you think.