Are Password Managers really worth it?
- Security professionals recommend them
- The benefits far outweigh the risks
- Strong and randomly generated passwords
- Stop password reuse across multiple accounts
- Easy access to passwords with browser plugins and mobile apps
- Many quality managers are FREE!
Why your Colorado business should be using a password manager?
- You cannot remember a strong and unique password for all of your accounts
- You should not reuse the same password or variants of a password
- Access passwords in the cloud, via a mobile app, browser extension or desktop application
- There is a good chance that your passwords have already been leaked in a major data breach. Check here now.
But isn’t it a bad idea to put all of your passwords in one place?
When I first heard of password managers years ago, I’ll admit that I thought it sounded like a really bad idea. It is true that the attack surface is widened when putting all of your passwords in one place, but the benefits greatly outweigh any risks
The vast majority of top security professionals recommend password managers
- There has never been a major data breach of the top password managers
- The teams that oversee password managers have very tight security
- Many password managers are open source and are verified by the security community
Don’t save passwords in your browser
- It’s a security risk. Unencrypted passwords can be harvested by an attacker
- No auto generated strong passwords
How can I make a strong master password?
- It’s a good idea to start fresh, and re create all of your passwords including your master password.
- One of the most important things to do when using a password manager is choosing a very strong master password.
- Your password needs to be a minimum of 16 characters, but we recommend 26.
- A balance between security and convenience. You want to make sure that your password isn’t too complex that it can’t be easily typed in.
Here are some tips to make a memorable and super strong password.
Good security is balance between adequately protecting yourself and convenience. It is not advisable to make a lengthy password of random uppercase, lowercase, numbers and special characters. It would be too difficult to type in. Instead, Graynode Security recommends one of two methods.
#1 – Choose a favorite quote or passage from a book
This may seem counter intuitive, but choosing a long phrase that you can easily remember can create a solid and uncrackable password.
- The sentence needs to be long. We recommend 24 characters.
- Add a few numbers, special characters and include upper case characters.
Choose a sentence
Look up at the stars and not down at your feet
It’s a bit too long, so let’s shorten it to 26 characters
Look up at the stars and not down
Then remove the spaces.
Lookupatthestarsandnotdown
Next add a number, special character and capitalize a letter or two.
9Lookupatthestarsandnotdown&
This password would take centuries to crack even with a powerful password cracking rig.
#2 – Choose 4 Random words
Check your password entropy and strength.
Password entropy is a measure of how unpredictable your password is.
Don’t always rely on website password strength indicators to tell you how strong their passwords are. These are not always accurate and vary widely.
Use these two sites to check your entropy and estimated password crack time. Your password should take centuries or longer to crack not seconds, minutes or years.
https://apps.cygnius.net/passtest/
https://www.bennish.net/password-strength-checker/
What’s the best password manager to use?
There are quite a few password managers out there. Some of the differences include price, features, open source, team sharing and more. Let’s review a few of them and see how they compare.
1Password – Best overall paid password manager
- Wide browser support
- Authentication app
- Powerful auto fill integration with apps
- Command line tool
- 30 day free trial
Bitwarden – Best free password manager
- Open source
- Free to share with 2 users
- Unlimited passwords
Keepass – Self hosted option
- Free
- Not synced to the cloud at all
- open source
- Includes dark web password monitoring
- Ability to not store passwords on Dashlane servers
- Free and open source
- Stateless password manager. No passwords are saved anywhere, they are generated on demand
- The highest security option