You Need a New Manager

November 19, 2020

By Chris Tuzeneu

 Today, I am going to ask you to do the impossible. Then, I will equip you to do the impossible.

How many online accounts do you have, total? That you have ever set up at any point now or in the past? Now, how many separate passwords do you have stored in your brain right now, that you know? If there is any discrepancy between those two numbers, that represents risk. Why is this?

Every day countless cybercriminals are trying to break into password databases of any website imaginable: email, social media, shopping, banking, news, gaming…the list goes on. Now we expect the highest level of encryption and security from our online banking service providers, but do we have that same level of trust for the website of our local newspaper? It is almost certain that at least a few of your various online accounts store your passwords using weak security, or worse, just plain text.

Once a hacker compromises a password database, they will take those credentials and try them other places, just trying to get a match. Therein lies the danger of password reuse. If even one of your passwords is shared across more than one web service, that is like having the same key that opens your home, your business, your car, and your safety deposit box. If even one of those keys falls into the wrong hands, it’s game over for your personal safety and security.

So, you must do the impossible: as many online accounts as you have, whether it is a dozen or several hundred, you must use a different password for each. Simply appending the letters “FB” for Facebook and “WF” for Wells Fargo is not sufficient to confuse a motivated attacker. They must be completely unique, which becomes more and more difficult as the number of online accounts climbs.

You need a big key ring for all those unique keys, and fortunately a password manager can do that for you, without the jingling. Services like LastPass, Keeper, and Bitwarden exist to create, remember and auto-fill complex, unique passwords for every web service you use. A password manager will take the stress and frustration out of regular password changes, while giving you extra brain space and eventually hours of your life back.

A common objection to using a password manager is the risk of that company getting breached, then the crooks have the “keys to the kingdom” for all their users. But it’s much less likely for a company whose sole purpose is security to be breached, since their business model depends on them having the proper controls and protections in place. As long as you secure your account with a good passphrase, such as “Warpfactor7,engage”, this reduces the chances of your password being cracked. Also make sure to turn on multifactor authentication for the password manager (and any other service you have that supports it) so if the database is breached the bad guys still can’t get into your account without your one-time code. Taking that step alone will help you sleep better at night.

The front-end work to transition yourself into a password manager is the biggest expense, but the ROI for your security posture is tremendous. Secure yourself or your whole company with strong passwords and multifactor authentication wherever possible, and attackers will be moving on to easier targets.

Chris is the Vice President of Information Security for CivITas Bank Solutions. You can email [email protected] for more information.