In today’s landscape of rapidly escalating security threats, your credentials are the prize many bad actors and online threats are competing for. Your credentials (typically a username and password combination) provide access to online tools, accounts, and services for business and personal use. If compromised, they can provide the ability to steal your identity, your money, and cause significant impact to you personally and to the organization you work for.
So how do you best protect your credentials?
The most secure protection for credentials is to have them locked in your head; unfortunately, few (if any) of us are able to mentally maintain the several hundred credentials we accumulate in our business and personal worlds. Nearly as secure would be to write any credentials down on a physical document kept in a safe and only accessed when needed, which is neither time sensitive or practical. You are left with a need for a comprehensive tool to help you manage your credentials; something that keeps them safe and secure. And to be useful, it has to be easily available.
What do we want a credential manager to do?
- Securely store your credentials
- Help you create unique, random, highly secure passwords that are hard to compromise
- Allow easy & secure access to our credentials on any device (desktop, laptop, tablet, phone) or browser
- Enable you to safely share a credential with a coworker or family member
Apart from a document or spreadsheet stored in cloud storage (which really only accomplishes the first item above), there are two primary types of credential managers – browser based password managers (Google or Bing will remember your passwords), and dedicated credential managers (LastPass, 1Password or Keeper).
While a browser based password manager may be easy to use and already storing a number of your passwords, there are some key reasons to avoid browser based password managers:
- Browser based managers are limited to that browser; they can’t be easily used for other applications or browsers
- In a corporate setting, your security team is unable to administer and protect browser based managers
- Browsers suffer from frequent vulnerabilities that could expose your credentials to bad actors
- The ability to easily and securely share your credentials with others is limited or non-existent in a browser based manager
In order to get what you want from a credential manager, your best option is to invest in a dedicated credential manager. There are a number of great credential managers available, including 1Password, Keeper, Bitwarden, NordPass, LastPass and Dashlane. Though they have a few differences (and some have experienced disqualifying security breaches), all of them enable you to create complex credentials and store them securely, easily and safely utilize your credentials across any device or browser and share them if needed with coworkers. Using a credential manager also allows you to avoid common mistakes such as:
- Reusing a single credential across multiple sites or tools
- Creating passwords that are simple (easily compromised)
- Having credentials on sticky notes on or around your devices
Once you’ve invested in a dedicated credential manager, how should you use it to best protect yourself and your organization from compromise?
- Create a long (25+ characters), complex passphrase as your master password that is memorable
- XKPasswd – Secure Memorable Passwords
- Password Generator – Strong, Random Passwords | 1Password (select “Memorable Password”)
- Create your own, such as Doesn’t+monKEY+Construct@3trees or CrossFRIENDcountry#ski-dog308
- Utilize multi-factor authentication for your credential manager and all other sites and tools possible
- Randomly generate long, complex passwords using the integrated password generator for each credential you create
- Never use the same password for more than one credential
- If there is a need to share a credential (such as in a corporate setting), create a separate vault for shared credentials
- Install add-ins for your credential manager in frequently used browsers
- Don’t let browsers save your credentials
Though it’s not a guarantee against compromise, a dedicated credential manager is the best balance between protecting your access to websites and applications while maintaining ease of use.
As a reputable MSP, Digital323 knows the security needs of organizations and industry best practices to keep your IT functional, stable, and secure. A dedicated credential manager will secure your credentials, data, and applications and will protect you from disastrous data breaches.
Contact Digital323 to roll out a dedicated credential manager and other technologies to secure your data and applications.