The average person accesses dozens of password-protected websites per day, from banking sites to social networks. The actual number of logins usually goes unnoticed because mobile devices, internet browsers, and our many IoT (Internet of Things) devices connect automatically with saved usernames and passwords.
One of the greatest threats to cyber security is the theft of passwords. The business world is understandably concerned with password security because sensitive business data is only as secure as its weakest link.
A weak or compromised password can wreak havoc on a business in a matter of hours. Private information can be stolen, customer accounts accessed, Social Security numbers compromised, and financial records accessed all because of a weak password.
IT personnel with degrees in cyber security have an extensive amount of knowledge about password management, especially in a corporate setting. Many companies are opting for password managers services designed to organize, automate, and protect hundreds of user login credentials.
Unfortunately, many people still use their children’s or spouse’s names and birthdays, their pet’s name and wedding anniversary date, or some other easily guessable combination of personal information as their password for all of their login credentials. The reason is simple: Remembering dozens of different passwords without an easy to recall reference of some sort is impossible.
Since most internet users started when the internet was still young, they find years of bad password habits difficult and time consuming to overcome. Consumer information processing expert Punam Keller highlights some of the reasons people continue to use weak passwords in her Harvard Business Review article, “Why We Don’t Protect Our Passwords.”
Some people are still unaware just how easy simple passwords are to hack, Keller says. Others know about the danger and avoid it like an irritating chore. They lean toward wanting to do something to make their passwords more secure, but they procrastinate, sometimes until something bad happens and one of their accounts has been compromised.
Password managers such as LastPass, 1Password, and Dashlane provide a unique and helpful service. Once installed into a browser or onto a mobile device, they remember all of your passwords for you.
“[Password managers] are apps that keep track of passwords for you, automatically help you create good passwords, and simplify your life online,” explain tech writers Joseph Cox and Lorenzo Franceschi-Bicchierai in their article, “The Motherboard Guide To Not Getting Hacked” on Motherboard.vice.com. “If you use a manager, all you have to remember is one password, the one that unlocks the vault of you passwords.”
Because hackers have tools that will generate every possible password combination based on entered information (i.e. birthdays, names, addresses, favorite movie, favorite food, and so on), the best passwords for websites are ones that have nothing in common with anything associated with the user. Most password managers offer a password-generating service along with password vault services.
“As services online proliferate, creating let alone remembering a unique password for every single one becomes practically impossible,” according to NakedSecurity’s blog article. “Why You Should Use A Password Manager.”
“Thankfully, password managers can step in and help here by generating unique passwords for you. A strong password should be of decent length, contain a good mix of upper and lowercase letters, numbers, and unique characters. That means a good password could look something like this: Vp$lskFOyS4h^oql.”
Even with complex, password manager-generated passwords, users always face a threat when they continue to operate online. Hackers can still watch the traffic on public WiFi hotspots, and password managers themselves can be hacked, allowing hackers to obtain all of your saved passwords.
IT security company TeamSIK ran a security test on all of the most popular password managers, as reported by Mihhaita Bamburic in his 2017 article, “Password Managers May Not Be As Secure As You Think,” on BetaNews.com.
“TeamSIK found at least one vulnerability in each of the tested password managers, with Informaticore and Hide Pictures Keep Safe Vault scoring best in the regard,” reports Bamburic, “Avast Passwords had six vulnerabilities, followed by 1Password with five, Dashlane with four, LastPass and MyPasswords with three each, and Keeper with two.”
What password managers do to protect user passwords is to take one master password (which also should not contain any easily guessable information), and use it to encrypt all of the other passwords. When you come to a website that requires a login, the password manager will recognize it and populate the username and password fields with the appropriate information, as long as your master password is already entered on that device or machine.
“There’s a regrettable tendency to conflate product safety and product security,” writes IT expert Fahmida Y. Rashid in her article, “Keep Using Password Managers Bugs And All,” on CIO.com.
“It’s important to find and fix vulnerabilities so that attackers can’t break in. It’s still far better to use password managers with bugs, which can be fixed, than to rely on memory or other methods to try to keep track of all passwords.”
Maryville University’s online cyber security degree offers advanced training in current ethical hacking techniques, mobile security, digital forensics, and malware analysis. All skills are learned and practiced in Maryville University’s virtual training lab. Upon graduation, students may qualify for high-paying positions such as networking consultant, information security manager, security analyst, or network architect in some of the world’s largest tech companies. Contact Maryville University for more information.