Too Many Passwords And Not Enough Memory

14 Jan 2022 6-minute read Al Eardley
ProductivityAdoption
Password Manager

We all need passwords and we are all encouraged (or forced) to make them “complex” so that no one will guess them. This is potentially the most significant vulnerability that any individual or organisation has when they are trying to ensure that thier personal details and content is secured from theft and malicious use.

The Problem

The sheer number of passwords that we need to remember is daunting:

  1. User account to sign in to device
  2. Wi-fi password to access the internet
  3. User account for email provider
  4. User account for each individula web-site
  5. User account for each app

We all gravitate to using a single password as it is easier to remember, but then each time we need to create a password, the rules might be different:

  • Numbers only for a pin
    • 6 or 4 digits
  • A mix of upper and lower case letters
  • A “special character”
    • Except these ones
    • And no spaces

And then we need to change them regularly (you may have memorised it, and that could be a security risk ;-)

  • Not that password: you used in the last five years on this application

A solution

Passoword managers are designed to store passwords securely, but, importantly, they are also designed to allow insertion of the values into forms that are requesting the information.

What this means in practice is that a password manager can understand the application that is requesting a user name and password and securely look up the values and insert them into the application.

That is the most basic feature that a password manager should be able to provide.

Other features that are particularly useful and simplify the use and increase the security are:

  • Biometric authentication
    • I don’t want my password manager running as soon as my device is switched on - I want to have to authenticate every time in case my device has been stolen or accessed by someone other than me
  • Generate a secure password
    • If I don’t need to remember it, why should I need it to be readable?
  • Share a password
    • I want to share passwords with family members, maybe even colleagues!
  • Store different types of information
    • Passwords are important, but so is a lot of other information that takes different formats, nees to be accessible and needs to be shared
      • Wi-fi details
      • Passports
      • Insurance documents
      • Safe combinations

The options

I mentioned LastPass in the first part of this series, and there were a few comments about whether that was the best tool to use or not. In this post, I am not making a recommendation as everyone has different needs and there are many products available.

TechRadar has produced a comparisaon of free and paid password managers, and this review also considers personal/family and business scenarios.

Whichever product you choose, ensure you do some testing of the products and evaluate their features against your own needs.

How to use a password manager

There are multiple use cases where you will use a password manager depending on a variety fo factors. Each password manager has its differences but the following are the common scenarios where you will want to be able to use a password manager:

General

These are the key scenarios that you should be able to carry out using a password manager:

Action Steps
Manage a username/password entry
  • Add a username and password
  • Associate a URL to the entry
  • Add a description and other custom fields that are requested as part of authentication
  • Group entries in "folders"
  • Configure whether the entry is automatically populated or not
Generate a new password For those times when you need to create or update a password, and you are confident you will never need to type it in because you are using a passowrd manager, the ability to generate a complex password is essential
Store different types of content with appropriate, specific fields
  • Passwords
  • Wi-fi connections
  • Insurance policies
  • Passports
  • Bank Accoutns
  • Payment cards
  • Notes
Share entries
  • Share particular entries with colleagues or family members
  • Access shared entries when using the associated URL or app
Configure settings
  • It should be possible to configure each entry to aufill or not
  • It should be possible to configure the password amanger to autfill by default or not

On a Phone

These are the key scenarios that you should be able to carry out using your password manager on a mobile device:

Action Steps
Find a username/password entry
  1. Open the password manager
  2. Authenticate with biometrics fo multi-factor authentication
  3. Search for the application or address of the website
  4. Copy the username or password from entry
Record a username/password
  1. Open a website or app
  2. On a registration page, enter a username/email address and password
  3. The password manager should prompt to record the details. Approve the prompt
  4. The next time the website or app is opened, the password manager, if running, should populate the fields
Manage a username/password entry
  1. Open the password manager
  2. Authenticate with biometrics fo multi-factor authentication
  3. Search for the application or address of the website
  4. Edit the details stored for the entry or delete it
Configure settings It should be possible to configure the authentication settings, such as how often, and how to authenticate It should be possible to configure the password amanger to autfill by default or not

In a browser

These are the key scenarios that you should be able to carry out using your password manager as an extension or add-in in your favourite browser:

Action Steps
Install passord manager as extension in preferred browsers Most password managers have an associated extension that once authenticated to allows the seamless integration within a browser
Record a username/password
  1. Open a website or app
  2. On a registration page, enter a username/email address and password
  3. The password manager should prompt to record the details. Approve the prompt
  4. The next time the website or app is opened, the password manager, if running, should populate the fields
Manage a username/password entry
  1. Open the password manager
  2. Authenticate with biometrics fo multi-factor authentication
  3. Search for the application or address of the website
  4. Edit the details stored for the entry or delete it
Configure settings It should be possible to configure the authentication settings, such as how often, and how to authenticate It should be possible to configure the password amanger to autfill by default or not

Summary

There are many password management products out there, but the key thing is to ensure that you have a tool in place that is a secure store of usernames and passwords, and has the ability to automatically fill in both values when prompted.

If used well, a password manager can allow for seamless login to all accounts from any device, removing the need to store passwords in spreadsheets, written on post-it notes or stored in any other insecure, non-transferrable format.

Comment on this post: