Solving the Password Problem
It’s estimated the average person has over 100 online accounts, each with a password they need to remember. The number of online accounts we use is doubling every five years. You are told to use “strong” passwords that are a combination of letters (mixed case), numbers and symbols, not to use the same password more than once, and to change them all every three months. You are also told not to write passwords down because of the security risk.
It is highly unlikely that most people have the mental capacity or discipline to follow all this advice. The difficulty of remembering so many different complicated passwords can be overwhelming. So how do you minimize the risk of your accounts being compromised due to weak passwords? As with most problems these days, “there’s an app for that”!
Password managers automatically generate strong passwords and remember them for each account you use. You do need to create a “master” password (which should be a phrase or “memorized secret”) that gives you access to your password manager. Almost all top password managers sync across all of your devices.
What are the Pros and Cons of Using Password Managers?
There are important advantages to using password managers. The most obvious is that they automatically generate very strong, virtually unbreakable, passwords, and they eliminate the need for you to remember many passwords. But one less obvious and very important benefit is if you die or become incapacitated, your password manager should permit other trusted individuals access to your passwords. Without a password manager, your next of kin could have a very difficult time obtaining access to your digital records, including bank accounts, photo collections, LinkedIn, Facebook, etc. Online service providers may not provide other people with access to your accounts. This has become a very significant issue due to the exponential growth of our digital footprints.
There are risks inherent with using password managers. The most often mentioned is that it creates a single point of failure. If your password manager gets compromised, the attacker may have access to all your passwords. The other is the potential for the password company to go out of business or for the service to otherwise become unavailable. However, these risks are believed to be less than the much greater risk of poorly managed passwords.
Should I Use a Password Manager?
The answer is yes. Forgetting and resetting passwords can waste hours of your time, and using duplicate or weak passwords exposes you to significant risk. I have been using LastPass, which is one of the better known and more highly rated password managers, and have found it easy to set up and use. Logon pages are automatically detected by the password manager and password fields are automatically populated. Occasionally I’m required to log in to LastPass and enter my master password, however this has proved to be a useful exercise in helping me to remember it!
Using a password manager has lightened the burden of password management and improved the security of my online accounts. New guidelines from the US National Institute of Standards and Technology suggest that if strong passwords are used, then periodic password changes are no longer necessary.
We recommend that everyone use a password manager. Letting a password manager generate and remember strong passwords means never worrying about memorizing or changing passwords again.
If you would like to find out more about OTUS Group’s Risk Management Services, or need help improving operating efficiency, reducing costs and strengthening your organization, please contact me at 613-727-1230 ext. 212 or firstname.lastname@example.org
Richard MacNeill, FCPA, FCMA, CMC, Dipl. T. is a partner at OTUS Group, a team of advisors to business, government and not-for-profit organizations.