Too Many Passwords And Not Enough Memory
We all need passwords and we are all encouraged (or forced) to make them “complex” so that no one will guess them. This is potentially the most significant vulnerability that any individual or organisation has when they are trying to ensure that thier personal details and content is secured from theft and malicious use.
The Problem
The sheer number of passwords that we need to remember is daunting:
- User account to sign in to device
- Wi-fi password to access the internet
- User account for email provider
- User account for each individula web-site
- User account for each app
We all gravitate to using a single password as it is easier to remember, but then each time we need to create a password, the rules might be different:
- Numbers only for a pin
- 6 or 4 digits
- A mix of upper and lower case letters
- A “special character”
- Except these ones
- And no spaces
And then we need to change them regularly (you may have memorised it, and that could be a security risk ;-)
- Not that password: you used in the last five years on this application
A solution
Passoword managers are designed to store passwords securely, but, importantly, they are also designed to allow insertion of the values into forms that are requesting the information.
What this means in practice is that a password manager can understand the application that is requesting a user name and password and securely look up the values and insert them into the application.
That is the most basic feature that a password manager should be able to provide.
Other features that are particularly useful and simplify the use and increase the security are:
- Biometric authentication
- I don’t want my password manager running as soon as my device is switched on - I want to have to authenticate every time in case my device has been stolen or accessed by someone other than me
- Generate a secure password
- If I don’t need to remember it, why should I need it to be readable?
- Share a password
- I want to share passwords with family members, maybe even colleagues!
- Store different types of information
- Passwords are important, but so is a lot of other information that takes different formats, nees to be accessible and needs to be shared
- Wi-fi details
- Passports
- Insurance documents
- Safe combinations
- Passwords are important, but so is a lot of other information that takes different formats, nees to be accessible and needs to be shared
The options
I mentioned LastPass in the first part of this series, and there were a few comments about whether that was the best tool to use or not. In this post, I am not making a recommendation as everyone has different needs and there are many products available.
TechRadar has produced a comparisaon of free and paid password managers, and this review also considers personal/family and business scenarios.
Whichever product you choose, ensure you do some testing of the products and evaluate their features against your own needs.
How to use a password manager
There are multiple use cases where you will use a password manager depending on a variety fo factors. Each password manager has its differences but the following are the common scenarios where you will want to be able to use a password manager:
General
These are the key scenarios that you should be able to carry out using a password manager:
Action | Steps |
---|---|
Manage a username/password entry |
|
Generate a new password | For those times when you need to create or update a password, and you are confident you will never need to type it in because you are using a passowrd manager, the ability to generate a complex password is essential |
Store different types of content with appropriate, specific fields |
|
Share entries |
|
Configure settings |
|
On a Phone
These are the key scenarios that you should be able to carry out using your password manager on a mobile device:
Action | Steps |
---|---|
Find a username/password entry |
|
Record a username/password |
|
Manage a username/password entry |
|
Configure settings | It should be possible to configure the authentication settings, such as how often, and how to authenticate It should be possible to configure the password amanger to autfill by default or not |
In a browser
These are the key scenarios that you should be able to carry out using your password manager as an extension or add-in in your favourite browser:
Action | Steps |
---|---|
Install passord manager as extension in preferred browsers | Most password managers have an associated extension that once authenticated to allows the seamless integration within a browser |
Record a username/password |
|
Manage a username/password entry |
|
Configure settings | It should be possible to configure the authentication settings, such as how often, and how to authenticate It should be possible to configure the password amanger to autfill by default or not |
Summary
There are many password management products out there, but the key thing is to ensure that you have a tool in place that is a secure store of usernames and passwords, and has the ability to automatically fill in both values when prompted.
If used well, a password manager can allow for seamless login to all accounts from any device, removing the need to store passwords in spreadsheets, written on post-it notes or stored in any other insecure, non-transferrable format.