Weak passwords and compromised login credentials are among the weakest links in enterprise security, according to the 2023 Specops Weak Password Report. Researchers analyzed more than 800 million breached passwords and found that the most commonly breached passwords consisted of eight characters or less. Those containing only lowercase letters were the most common character combinations cracked by hackers, making up 18.82% of passwords used in attacks. Those cracked most were ‘password’, ‘admin’, ‘welcome’ and ‘p@ssw0rd’.
According to the report, 83% of compromised passwords don’t satisfy the length and complexity requirements recommended in cybersecurity compliance standards such as the National Institute of Standards and Technology and the Payment Card Industry.
Password managers are designed to eliminate weak passwords and make it much harder for attackers to compromise credentials. In this article, we discuss five reasons why you should use a password manager.
- 5 reasons why you need a password manager
- Choosing a password manager for your business
- Recommended password managers
2 ESET PROTECT Advanced
5 reasons why you need a password manager
1. Your passwords are too simple
This is the biggest reason, bar none. If you’re using passwords that you can easily remember (such as password, password123, happyhappyjoyjoy, etc.) you’re at risk. Why? Simple passwords are easier to crack. With the right tools (and enough horsepower) a hacker can crack those simple passwords in seconds or minutes. Because of this, you want to make sure that the passwords you use are hard (if not impossible) to remember.
A good rule of thumb is that if you can easily remember a password, it’s probably easy to crack. The harder that password is to remember, the harder it is to crack. So when you use such difficult passwords, you need a vault to house them. That’s where the password manager comes into play.
2. Password managers include random password generators
Speaking of complicated passwords, you shouldn’t try to come up with complicated passwords on your own, or you’ll wind up with variations on your usual theme. Instead, you need a password manager that includes a random password generator to create very complicated passwords. Some password managers, such as Enpass, allow you to configure how complicated the password is. With these tools you can generate passwords that are 20 random characters long or even unpronounceable, random phrases. Make use of these tools, and your passwords will be very complicated and, therefore, strong.
3. You only need to remember one password
With a password manager, you only need to remember one password — the one used to gain access to your stored passwords. With this in place, you don’t have to worry about remembering all those new and highly complex passwords generated by the manager. Open the managing tool, type your vault password and locate the password you need. The one caveat to this is to make sure your vault password isn’t simple. It doesn’t need to be overly complex, just not obvious.
4. The numbers are against you
How many accounts do you have which require a password? Tens? Hundreds? The more accounts you have, the more likely the numbers are against you. Because of this, you probably use the same password for everything, which is a HUGE no no. You must use different passwords for every account. With that many different passwords, how are you going to remember them? You’re not (especially if those passwords are complicated). That’s another big reason to use a password manager.
5. Passwords will always be at the ready with device syncing
Some password managers allow you to sync your password database across all of your devices. With this feature, you can access your passwords on your desktop, your laptop and your mobile devices. This way you always have your passwords at the ready. If you opt to use this feature, make sure you have your password database encrypted with a strong password. The last thing you need is for a bad actor to intercept your database and crack it via brute force.
Bonus reason: It’s the wise thing to do
Yes, using a password manager does add a step or two to the log-in process. But when your data and security are at risk, those extra steps are worth it. With each passing day you continue counting on those simple passwords, you run the risk of data theft. Be wise and use a password manager … before it’s too late.
Choosing a password manager for your business
Password managers provide strong, random passwords that are different for every site or service. Unlike eight-character passwords that can be cracked via brute force in short order, these passwords are unguessable by any known technology. But as recent hacks of password managers made clear, the technology isn’t infallible. Here are a few pointers to guide the decision on which providers to favor:
Don’t use a startup based in areas where there may be a lack of policing of online behavior. Look for vendor candidates to be featured in analyst reports from the likes of Gartner, IDC and other well-known analyst firms.
Cloud versus on-premise
Tools that store passwords in the cloud are more susceptible to attack. Favor those that store them locally on your device.
Some password managers have better security safeguards than others. Those using a device-based password manager, for example, should ensure it can automatically lock after a very short time of inactivity. Additionally, choose tools where multifactor authentication, such as receiving a text to your phone, is required to unlock the password manager. Otherwise, a keylogger could easily be used by a hacker to compromise the machine. And demand encryption of stored passwords, logon names, URLs and other sensitive data from a prospective vendor.
Like any software or system, password managers contain bugs, and software vulnerabilities are sometimes discovered. These bugs and vulnerabilities can be exploited by attackers to gain access, sometimes even when they’re locked. Some vendors provide patches and leave it up to the organization to install them. Others deploy them automatically so they’re always up to date. Check into the patch hygiene practices of vendor candidates to see who demonstrates the most responsible attitude toward the patching of password managers. Similarly, be aware that password managers employ browser extensions and interface with other systems. Verify that your vendor of choice also pays attention to patching those.
Some password managers are much cheaper than others. But typically, the low-cost products lack many of the enterprise and security features needed by many organizations. Prices typically range from $2 to $5 per month per user. Larger organizations can take advantage of additional discounts for volume purchases.
Recommended password managers
A good general password manager with plenty of features and compatibility with many browsers, devices and systems. It comes with plenty of security features such as MFA, and users report it being relatively easy to use.
Dashlane may be better than Lastpass for those with more demanding security requirements. It comes with dark web scanning, secure virtual private network and synching between devices. Read our full Dashlane review here.
LogMeOnce might be best for those enterprises that operate over a wide range of platforms, device types and systems due to its wide-ranging, cross-platform support. It’s highly customizable but some users report that it has complicated setup procedures.
Subscribe to the Cloud Insider Newsletter
This is your go-to resource for the latest news and tips on the following topics and more, XaaS, AWS, Microsoft Azure, DevOps, virtualization, the hybrid cloud, and cloud security. Delivered Mondays and Wednesdays