October is Cyber Security Awareness Month and a great time to catch up with our Autumn IT Security Update.
This quarter, with both business and personal security in the limelight, I focus on how using a Password Manager will not only save you time but also prevent you from inadvertently giving your data away for free.
These days there are so many passwords for us to remember. Computer logins, umpteen web portal logins, app logins, social media sites and so on. The list is almost endless and in the short term at least, that problem isn’t going to go away.
We’re told (for very good reason) that it’s a terrible idea to use the same username and password for multiple sites and apps. This is because if your username and password are stolen, they will often find their way onto the dark web. From there, scammers will try that same username and password on various sites until they find matches (this is called credential stuffing). Hardly code breaking but it’s extremely effective if you use the same login details for everything you access. So, if one of your websites is compromised you should assume that all your sites\apps are at risk as well. You will now need to reset that same password on ALL sites\apps that use it, and as soon as possible before the cybercriminals gain access to cause some damage, usually financial. Nightmare, time consuming and avoidable.
Just look at your mobile phone and the apps installed – how many of those apps required an account with a username and password to be set up to protect your data? In some instances, your card payment data? When I looked at my phone, I counted 18 apps on my home page alone, all of which needed an account creating, and I’m sure that there will be a lot more elsewhere on it.
Every single one of those apps on my mobile phone has a secure and completely unique password. Where available, MFA has been setup and enabled as well. (I covered the importance of MFA in my last IT Security Update, so please refer to that if you’re unsure about it - and do get it setup.)
How do I remember all those passwords? I don’t. I couldn’t tell you any of my passwords, even if I wanted to. They are all long, strong, and unique. The only password I know (and need to know) is the one to my Password Manager (MFA protected of course!) that stores them all.
Web browsers have had the ability to save passwords for years and whilst they are improving and becoming more secure, there is still some way to go. Ultimately, they remain easier prey for hackers. A quick Google search found a browser password stealer targeting Edge, Chrome and Brave. I believe this one exploited the auto-complete function but there are plenty of others out there.
So where am I going with all this? You should use a third-party Password Manager to protect your password data and keep it secure, whilst helping to make your life easier. They offer convenience in the form of secure storage and more importantly, help to create better passwords, so that your online presence is less vulnerable to password-based attacks.
We use Keeper Password Manager internally here at Net Technical Solutions. I’ve been so impressed with it that I have subsequently adopted it for all my personal passwords as well.
Moving to Keeper as my Password Manager has improved my password security 10-fold. It highlighted passwords that existed on the dark web through its breach watch feature and it also highlighted some older accounts where I’d reused passwords – terrible! The browser add-ons are slick and well thought out; the database is fast and easy to search. I can also share credentials internally if needed with other members of staff which is handy, especially with MFA enabled on everything these days. Before this we had a mobile phone (mine!) that had all MFA codes on, so I was forever getting messages asking me to approve logins. Keeper also has a mobile phone app that can be used on your smartphones to gain access or unlock any apps\sites you may use.
If you’re interested in improving your password security and having more information on Password Managers, or any of your organisation’s IT security, please contact your account manager or firstname.lastname@example.org for more information.