Back in 2018, Digital Guardian surveyed 1,000 Americans about their cybersecurity habits. The results were telling. In the US, the average email address is associated with 130 online accounts. When polled, over half of Americans admit to reusing passwords for multiple accounts, despite the fact that 1 out of 5 Americans admitted to having had an online account compromised.
The security issue here is obvious. Once a password is compromised, it’s fairly easy for someone to use that information to access any or all other accounts that share that password. And this isn’t an uncommon way for people’s privacy to be compromised. A 2019 Verizon security report showed that 80% of data breaches result from compromised, weak, and reused passwords.
But you can guess why people reuse passwords despite knowing the security risks—passwords can be hard to remember. Imagine trying to not only remember 130 passwords, but remembering which password goes to which site. And if you change your passwords annually like many security experts suggest, you’re quickly reaching a point where managing your online security is impossible.
What Do Password Managers Do?
One solution to the problem of remembering passwords is to use a reliable password manager. A password manager is a tool that stores login credentials for online accounts. If you use Google Chrome, you may be familiar with the box that pops up asking to remember your password for you. If so, that’s exactly what we’re talking about.
Some password managers also help users by generating secure passwords. Often these passwords are long, random strings of uppercase and lowercase letters, numbers, and signs that would be very difficult to remember. But since the password manager will store this information, the user is not burdened with recalling it when they login to their account.
Password managers have other benefits as well. Many sync across different devices and operating systems. This means you don’t have to worry if your password manager develops an impossible-to-remember password for a site you access frequently from your phone and laptop; as long as the password manager is installed on both devices, it will enter your login credentials on both devices. Also, many password managers will alert you if your credentials have been compromised in any data breaches.
How Safe Are Password Managers?
Password managers are not perfect. In fact, some have long histories of security problems. Does that mean password managers are unsafe?
The answer is complicated.
No software will ever be 100% secure. Developers cannot reasonably be expected to anticipate every vulnerability in their programs, especially with how quickly technology evolves. When it comes to cybersecurity, often our best choice is the most secure option rather than the perfect option.
The writers at BestReview.net make a great point, arguing that the question should not be whether a password manager has suffered a security vulnerability. Rather, “The question is…what does the team of developers do to protect user data, and what attack scenarios did they have in mind when they coded the software? Of course, if a service is static and the developers don’t keep their security up to date, then it can easily be hacked.” In other words, how do the developers respond when vulnerabilities are found in their software? For instance, a serious vulnerability was discovered in LastPass in September 2019. But unlike companies like Equifax, LastPass was straightforward with its users and fixed the vulnerability before it was exploited.
It’s also useful to compare the security features of password managers with other websites that store sensitive data. As Malwarebytes points out, Facebook, Google, and Twitter have all stored user data in text files without encryption. When these companies have suffered data breaches, both email addresses and passwords were exposed to hackers. In contrast, password managers use various forms of encryption. This means that while user email addresses may be exposed when password management companies suffer attacks, passwords cannot be stolen. Relative to many websites and apps you use daily, password managers are extremely secure. In fact, as How to Geek points out, password managers are much more secure than most common browser extensions people install.
The most important thing to look for when considering a password management service is that the service is evolving. As long as the service is continually working to stay current with its security practices, you will be more secure with a password manager than you would be without one.
Should I Use The Password Manager In My Browser?
Most web browsers today come with built-in password managers. These tools are handy, syncing across devices and automatically filling in credentials when you land on a page. They’re also free. When these tools initially launched, security experts warned against using them, but like most technology, they’ve improved over time. Many now suggest strong passwords and alert users if their passwords have been involved in security breaches. And some of these password managers are beginning to incorporate higher levels of encryption to make this data more secure.
However, built-in password managers in your browser often adopt better security features well after dedicated password managers have implemented them. This means passwords stored in your browser will be somewhat less secure than passwords stored in dedicated password managers whose sole focus is security. Password managers often offer more layers of security as well, with most offering encryption and two-factor authentication (2FA).
Browser-based password managers also lack some of the functionality of more sophisticated password managers. For instance, dedicated password managers allow multiple users to share common passwords (such as your Netflix login or home wifi credentials) or exchange secure information (like a credit card number). Some even allow you to “share” a password with another user, such as a coworker, without revealing the password. Instead of actually showing the login credentials, the password manager will automatically enter the login credentials into a website while displaying dots or asterisks to the user. This kind of password sharing is not an option with browser-based password managers.
Finally, many built-in password managers store your credentials on your hard drive without encrypting them. That means anyone with access to your computer and a little know-how can access all of your passwords pretty easily. In contrast, dedicated password managers either store your passwords on encrypted servers or allow you to choose where that data is stored. Overall, dedicated password managers give you more control over your data and how it is protected.
Balancing Your Security Needs Against Your Options And Budget
Online security is essential both in your personal and your professional life, but that doesn’t mean making decisions about security is easy. Often, making a good decision comes down to weighing your needs against your options and your budget. If you’re someone who stores a lot of personal data online in various accounts, your password management needs will be much greater than those of someone who keeps very little data online. Similarly, if you manage client data, your needs will be even greater. It’s important to consider these competing factors carefully and make informed choices.
If you’re concerned about the security of your business, contact TracSoft to schedule a security assessment. Using cybersecurity best practices, our experienced IT specialists can implement essential security features such as end-to-end encryption and limited lateral movement to ensure your data—and your business—is safe.