Best Practices in Password Management
We all need passwords, even those who don’t want them are forced into having them.
The problem is we all have so many that the temptation is to make them easy to remember which is fraught with danger.
2FA helps, see our other blog post here but there are better ways, lets look at some here.
A Password System
Some use all sorts of algorithms to construct their passwords and make them complex yet able to be remembered.
While better than nothing they are toast if the hacker figures out the pattern… A password manager is superior.
Password Managers (Recommended)
Password Managers allow you to have one password to rule them all. Typically they store your passwords for you in some sort of digital wallet.
Your password manager should:
- have a very strong complex password or better yet a pass phrase to unlock it
- have a way to export or backup your passwords for safe keeping
- work across your devices and ideally have some sort of central management
- have a way to generate random passwords for the credentials it’s protecting
- work with fingerprint unlocking (biometrics) like that on some smartphones
Common password managers include Lastpass, ConnectID, RoboForm, Dashlane, Keeper, KeePass and more.
You should do some research and find which fits your needs best, we can help if you are lost.
If you run a spreadsheet or file with site passwords in your office now then Lastpass securely removes the need for this.
Consider the implications of someone emailing that list out or even just taking it when they leave.
We recommend Lastpass… and for those running teams look at the flexibility and control you get with Lastpass Teams for Business:
- Instantly add and remove team members.
- Safely share passwords with others.
- Give each employee their own vault for safeguarding their passwords.
- Store digital records: WiFi logins, software licenses, employee IDs, and more.
- Set security controls and restrictions based on your team’s needs.
Give them a go, try them out in your world – tip – do this when you have a few mins as you have to focus on this one.
Please consider what the password manager is protecting, don’t be too tempted for the free options which may be ok but if you need a feature then pay the small sum and keep yourself protected as it’s important to do security well.
Here’s a Password Manager Review that looks at some of the major password managers, it may help.