Implementing a secure password management system
Posted on January 31, 2022 by
Ben Stanley
Passwords are used to protect some of our most valuable personal and company data. However, despite advances in other areas of security, password protection is one that is lagging far behind. It is concerning that each year, the percentage of cyber attacks due to human error continues to rise, with 95% of cyber-attacks now involving some form of human error. Weak passwords fall right into that category as they are a result of inadequate security practices. Cyber attacks that exploit weak passwords are one of the most common forms of cyber attack. A common technique of attack cybercriminals use to crack passwords is called a Brute Force Attack (BFA). This involves a hacker using an algorithm or program that can try 2.18 Trillion username/password combinations in 22 seconds. Weak passwords are easily exploited and give a hacker full access to the crown jewels of confidential information and private data.
On average, 59% of organisations say their staff rely on human memory to manage passwords (I dread to think what percentage has them written down somewhere). There is a far better way to do this! Could you imagine only having to remember 1 password for the rest of your life? Well, let me introduce you to the concept of a password manager.
A password manager is an encrypted digital vault that centrally stores secures the password, and login information that you use to access all of your accounts and apps on your mobile device, websites and other services. In addition to storing your passwords in one place, a password manager will suggest strong passwords (which you don’t have to remember) that contain more than 13 characters and are a combination of uppercase and lowercase letters, numbers and symbols (e.g tnj@fhe0MGW1b!b6xqv). These passwords are extremely difficult – if not impossible to crack. Another added bonus is that regardless of the number of accounts you have, each password will be completely different. All you will need to do is remember one ‘master’ password to access your vault of other passwords.
There are various password managers available to choose from, some of which are free and others that charge for use. I suggest investing some time into choosing a quality password manager and finding one that suits your organisation’s needs. I personally could not imagine my daily life without one and the peace of mind that my personal and company data is so well protected is well worth the effort.
Once you have chosen a password manager, I suggest rolling it out company-wide and ensuring that every employee uses the same password manager (Top Tip – add the password manager control into your onboarding policy). A benefit of all employees using the same password manager is that passwords and account credentials can easily and securely be shared between other users. No more sending passwords through unencrypted chat channels!
ARX recommends the following password managers
Pricing: $7.99 per month / per user or $19.95 per month for 10 users (other pricing options available)
If you’re looking for a trusted password manager app to keep your login information private and secure, 1Password is the best password manager for the task, letting you access your accounts and services with one master password. It’s available for all major device platforms.
This nicely designed password manager lacks a free version, but you can check it out for 14 days before signing up. (Alas, that’s down from the earlier 30-day trial period.) An individual subscription runs at $36 a year and comes with 1GB of document storage and optional two-factor authentication through Yubikey for additional security. A travel mode lets you remove your 1Password sensitive data from your device when you travel and then restore it with one easy click when you return so that it’s not vulnerable to border checks.
Benefits
- Offers trial version
- Ability to separate work and personal accounts
- Share passwords with other users
$5.10 per user per month (1 user free). (other pricing options available)
The free version of LastPass once made it stand out as the best password manager in this category by giving you the ability to store passwords, user login info and credentials and sync all of it wherever you want across both your mobile devices or your browsers. And while you can currently view and manage passwords across mobile and desktop devices, as of March 16, you’ll have to choose to use the free version for either mobile or desktop.
The Premium version of the password manager also allows you to share passwords, logins, memberships and other items with trusted family and friends, use multifactor authentication through YubiKey and get 1 gigabyte of encrypted storage. Meanwhile, the Families plan gives you six individual accounts, shared folders and a dashboard for managing the family accounts and keeping an eye on your account’s security.
Benefits
- Free for 1 device
- Multi-factor authentication
- Mobile app logins
- Straightforward to use
$5 per user per month (1 user free). (other pricing options available)
Bitwarden is a great option for personal or business users thanks to both its open-source roots and its unlimited free version. This lean encryption software can generate, store and automatically fill your passwords across all of your devices and popular browsers.
Its free version lacks some of the bells and whistles of the two above, but its premium versions are just as feature-rich. Just like its closest competitors, a Bitwarden premium subscription allows you to share passwords, logins, memberships and other items with trusted colleagues, use multifactor authentication through YubiKey and get 1 gigabyte of encrypted storage. Although it has fewer features than the premium version, Bitwarden’s free version also offers a one-to-one texting feature called Bitwarden Send which allows you to securely share login information with another person.
Benefits
- Free version can be used across unlimited devices
- Open-source, secure and transparent
- User friendly/ easy to use