Drowning in a Sea of Passwords? It’s Time to Adopt a Password Manager

If you find yourself sinking in a sea of different passwords for different accounts, struggling to remember your login credentials and spending more time resetting passwords than actually using your accounts, it may be time to consider adopting a password manager.

Best (And Worst) Password Practices

The best practice is to create separate and inconsistent passwords for each of your accounts. That way, should a password be compromised, it can’t be reused to access your other accounts. Unfortunately, doing this for all your accounts can be an exhausting burden.

You may be tempted to configure your web browser to store your passwords. This method is insecure because malicious actors can easily steal these stored passwords to facilitate cyberattacks and fraud. You may also be tempted to use the same password with subtle differences for multiple accounts. Fraudsters are also good at exploiting this bad habit.

So how do you remember all those different passwords? You might find yourself creating abstract, single-use passwords and resetting them each time you attempt to log in to your accounts. This crude method of multifactor authentication is typically secure, but also time-intensive and tedious.

There is a ray of hope shining through all of this password complexity. A password manager enables you to store all your login credentials in a personal vault, which you can access with a single master password. This eliminates the need to remember multiple passwords, but the key is to choose the right solution to fit your needs.

The solution I’ve selected encrypts my login credentials using an AES-256 encryption model and offers multiple options to locate my stored passwords. For example, I can complete authentication steps manually or through automation, copy and paste credentials to my clipboard and view my passwords in plaintext if I choose. I can also install the password manager client on multiple devices or use a web-based service to access my credentials using my master password.

Choosing the Right Password Manager

An internet search is a good place to start when shopping for a password manager. During my own search, I consulted familiar sites that publish product comparisons and popular magazines that have evaluated several such solutions. In the end, I decided to select one of the leading solutions on the market that had features that were in line with my personal criteria.

My decision was ultimately based on the AES-256 encryption technology used to protect passwords within the vault. Other requirements included the ability to form-fill different user IDs and passwords based on my use of a secured master password. I prefer the added security of always being prompted for the master password to access the vault. I also looked for solutions that allowed mobile access to the password vault via both Android and Apple devices.

Keep It Simple to Protect Your Data

Passwords are the gatekeepers to your personal and financial information. Good password hygiene is critical to both personal data privacy and enterprise security.

Don’t make it harder than it needs to be. A password manager can help you eliminate the inconvenience and mental exhaustion of juggling multiple credentials and provide an additional layer of security to protect your accounts from would-be data thieves.

Share this Article:
Michael Melore

Cyber Security Advisor, IBM

IBM Cyber Security Advisor and recognized subject matter expert in Identity Access Governance, Access and Authorization architectures, and Security Intelligence. Past Professional Services and Consulting roles include: Lead architect for many of the largest authentication and authorization infrastructures. This includes two separate Billion user authentication infrastructures.Past speaking engagements include passionate discussions correlating blended threats across physical and logical infrastructure boundaries, Security Intelligence and Response, Identity Access Management and Governance, Security Visibility and Response, Defense in Depth, Security Immune System, Cloud Security, and Billion User Identity Crisis.Conference and Summit venues include Executive Alliance CXO Summits across US cities, Executive Network CISO Chapter Meetings across US cities, ISACA Pittsburgh Information Security Awareness Day, Nebraska Cyber Security Conference, Evanta CISO Summits across US cities, Montgomery County Community College, South Eastern PA Higher Education Executives Round table.