Password managers – Every year Cert NZ encourages cyber safe practices through their awareness-raising campaign called Cyber Smart Week. The campaign orbits around four key security awareness messages and using a password manager is on the list as a must to protect yourself online.
There is a very good reason for including the use of a password manager in the campaign. The fact is that passwords aren’t always secure – we are human, so we are inclined to choose passwords that are easy for us to remember and could be easy to guess. We also tend to share and re-use passwords that lead to our personal and employer accounts being compromised.
It’s generally accepted that credential (username and password) compromises are one of the leading contributors of data breaches.
So what exactly is a password manager?
A password manager is a safe… for your passwords. It’s usually built into your web browser (Google Chrome, Edge, Firefox) and can be available on your mobile device to ensure that your passwords are never far away.
When you use a password manager you won’t need to remember dozens of passwords and you can make passwords very long and complex – the password manager will remember and, in most cases, fill in the password fields for you.
How do I access my passwords in a password manager?
A password manager has one master key that allows you to access all your passwords – that means that you should make this password long and secure, use a password that’s unique and hard to guess.
It’s also encouraged to add an additional step of security to your master password, for example trusting the specific device, computer or Mac you log in with and adding Multifactor Authentication.
What do I need to get started?
The best place to start is to decide on which password manager to use. Many password managers have free and paid options and you can choose one that works best for you. Here are a few examples:
These password managers are usually built into your web browser and have mobile device apps that you can use too. Getting started is as easy as installing the password manager from the web browser’s application extension menu.
Where does a password manager store my passwords?
A common misconception about password managers is that your passwords are stored somewhere in the cloud, easily accessible to the password manager provider. Most password managers encrypt the passwords before sending them to their servers to ensure that they have no knowledge of what your passwords are when they are stored.
When do I change my old passwords once my password manager is installed?
The best answer is RIGHT AWAY! Some password managers, like LastPass and Dashlane can identify weak and duplicate passwords you regularly use. This will help you figure out which passwords need to be changed. As you log into your online accounts, your new password manager will prompt you to save your password in your new vault and make those website logins easier to access by pre-populating your credentials the next time you visit.
What can I do to protect my business?
Businesses are targeted through people – using phishing, malware and online scams. Enable your business to become cyber smart and by equipping your staff with practical, ongoing and relevant knowledge, tools and ideas through a robust security awareness programme.