One of the key pieces of advice passed out by cyber security experts in recent years has been to use a password manager.
Businesses require strong, unique passwords for each online service and piece of software they use, but remembering each of these passwords is a difficult task, especially if numerous people have access to the same system – hence the password manager recommendation.
But are password managers truly safe to use? The recent security flaw discovered by LastPass – one of the leading password manager providers – allowed hackers to steal passwords, while another manager, 1Password, has previously been criticised for allowing user bookmarks to be leaked.
Don’t use ‘browser-based managers’
Although password managers are still a preferable solution to physically writing down passwords or – God forbid – using the same master password for everything, Sean Cassidy of Defense Storm has suggested that it’s time to leave password managers operated through browser extensions behind.
“Browser-based password manager extensions should no longer be used because they are fundamentally risky and have the potential to have all of your credentials stolen without your knowledge by a random malicious website you visit or by malicious advertising.”
Generally, the advice is that software-based password managers are still safe, but only if you take measures to ensure you go with the right one.
“In this day and age we have so many passwords and they need to be strong so you can’t remember them,” said Professor Alan Woodward, a cyber security expert who offered some advice on choosing a password manager.
“I tend to look at the record of how they’ve dealt with security incidents in the past. It’s almost inevitable that there will be problems, but how they respond to their users is important. It’s a bit like a courier losing your package: it happens, but it’s how they deal with it that matters.”
Prioritise companies who are open about any problems they may have experienced and who take steps to fix issues; LastPass quickly raised the alarm upon discovery and implemented measures to stop something similar happening in future.
A further tip delivered by Woodward is to turn on two-factor authentication, which requires another step to access the account – a common one is for the user to provide an answer to a question that is personal to them.
Despite recent events, business owners are still advised to use password managers to safeguard their personal and their customers’ personal data, but to be careful when doing so – don’t just assume that protection is iron-clad. If you would like to implement two-factor authentication or for more information on cyber security, contact an IT support specialist such as Nimbus today.