October is National Cybersecurity Awareness Month! Let’s talk about password management.
Keeping track of passwords can be a very frustrating task. When best practices are followed, passwords will not be reused between applications, old passwords will not be reused, and we are not permitted to just change a single number or character of an old password when setting a new password. As well, each application has its own unique minimum password length and complexity requirements. Needless to say, don’t leave your password on a post-it note under your keyboard, or in a notebook in your drawer at the office, and don’t store your passwords in a text document saved on your computer or in the cloud somewhere.
So how can we practice good password hygiene and keep track of all of those passwords? Use a password manager. There are a number of good password managers available on the market, and some are even free for personal use. Password managers will auto-fill username and password for your web applications. As well, password managers can generate very long-complex passwords for you (after all, you won’t need to type them). Password managers can perform “security checks” to warn you if you are reusing passwords between applications, or let you know when some of your passwords are not long or complex enough, or let you know when it’s time to change old passwords. Some password managers will also make you aware if one or more of your web applications have experienced a breach, so you can change your password and take appropriate action.
If you are concerned about giving someone the keys to the kingdom (a valid concern), make sure that every application and web application that requires credentials, including your password manager, has multi-factor authentication (aka MFA, two-factor authentication, or 2FA) enabled. That way, if your password manager is compromised, your accounts are still protected by MFA.
Once you get the hang of a password manager and MFA, you will find that it actually saves time over manually entering credentials.