Less than 60 years ago, the computer password was developed for the first time-sharing operating system. Sophisticated hacking networks and password-cracking programs didn’t exist in that time, so passwords could be relatively simple and easily memorized as compared today. As the use of shared systems became more widespread, the importance of password security grew. Essentially, digital passwords are the first line of defense to protect your account and personal information from unauthorized access. From those humble beginnings to the present day, developers and researchers are still trying to figure out how to fix what seems to have always been a little bit broken: keeping your credentials protected with a fallible password-based solution.

Current Challenges For Securing Credentials

It is cumbersome to commit unique and complex passwords to memory for every account that requires login credentials. This reality has led countless users to unwisely use easy-to-guess passwords, which can be quickly discovered by dictionary scanners and cracking libraries. In most cases, users tend to recycle the same handful of credentials for most of the accounts they create, alternating between two or three passwords. This unsafe practice is common because it is easy, and the end-user is most likely unaware of the potential impact it can have on security.

Password reuse is one of the leading causes of breaches of credentialed systems. Among the key drivers of this issue is the desire for convenience. Most users don’t prioritize good password hygiene tactics, which would include the creation of strong and unique passwords for every system, service, application, router, switch, and other things that require logins.

To limit the risk of your accounts being compromised, cybersecurity experts recommend that you create/update all of your logins with complex and unique passwords every 90 days. Furthermore, you should update your passwords immediately any time there has been a chance or indication that your credentials may have been compromised or exposed.

What Truly Is A Complex And Unique Password?

Complex passwords use various uppercase, lowercase, numerical, and special characters in a unique combination to increase security. A minimum of twelve characters should be used, and a user should avoid using any personal identifiers for a password.

The Solution Offered By Password Managers

Password managers are programs that allow users to generate, manage, and store their credentials and related personal information. They are available with a range of features to meet users’ needs and preferences. Most offer solutions that not only store your passwords but can also secure your digital records like insurance cards, bank credentials, passports, and other important information. Other standard features include a built-in password generator, making it easy to create strong, randomized passwords that are unique and complex. Utilizing randomized passwords will help protect your accounts against hackers. Password managers can nd simplify your online experience by remembering your passwords and related information, so you don’t have to.

Multi-Factor Authentication

This feature adds more security but does require some significant sacrifices in terms of convenience. With multi-factor authentication (MFA), authentication factors are based on who you are, what you have, and what you know. Cyber Security experts recommend a password management vendor that uses not only MFA, but also the zero-knowledge security model (see below) because it consists of three layers of security defense. The first layer is the user’s encrypted data, which should never be accessed, viewed, or shared by the password manager software. The second layer of protection is the master password, and the third is the security key. Only the authorized end-user will have access to this information and the security key. Ideally, the more layers of protection will make it harder for hijackers to get access to your information.

Zero-knowledge Policy

Zero-knowledge policy is a verification-based algorithm that many password managers use to protect and secure a user’s sensitive information. The protocol utilizes a cryptography schema in which only the authorized user(s) can decrypt and access the stored data, be it access credentials or other sensitive information.

Some say this method is one of the safest encrypted solutions because only the user has the master password and key to decrypt their other passwords. As a result, no one besides the user can access their classified passwords, not even the password manager service provider. If a hacker was to compromise the password management account, or if a government agency was to ask the service provider to furnish a user’s stored credentials, all they would get is a series of encrypted data blocks with no means of unlocking them.

Types Of Password Managers

Desktop-based: This is one of the oldest types in password management categories. Essentially, all of the user’s data is stored on their machine, but the passwords cannot be accessed from any other machine or device. This type of software is not suitable for any situation in which portability is required, or multiple users need access to stored credentials.

Cloud-based: This password manager type is more flexible because you can access all of your credentials from any machine or device with access to an Internet connection. Most of the popular vendors also offer browser plugins for automatic capture and entry of credentials and other stored information and smartphone applications so you can use and sync your passwords across multiple devices.

Browser-based: Web browsers like Chrome, Internet Explorer, and Firefox have built-in password managers. Many end users take advantage of these because they are already present, and there is no cost involved. The chief drawback of these systems is the lack of advanced features (i.e., sharing credentials with other users) and somewhat lower security than other password managers. If you routinely switch between browser vendors on different devices, you’ll find yourself frustrated when you change a password on one device only to discover days or weeks later that your secondary browser is now offering an outdated set of credentials. Browser-based password managers don’t share credentials with alternative browsers.

Portable: This type of software-based password manager allows users to backup and manage their passwords with secure encryption algorithms. Only the knowledge of the master password or possession of a key-disk will give a user the ability to store and retrieve credentials. The chief drawback of this system is if the user were ever to lose their master password or the key-disk, they would have no way to regain access to their credentials.

Token-based: This type of password manager falls into the MFA category. Essentially the token or security key protects the user’s credentials with an added layer of security. This type of system may appeal to the more tech-savvy individuals because it is highly sophisticated. The main disadvantage is that it can be a bit more expensive than the other types mentioned above. To break this type of password management system, hackers would need to control the token. A token can be many things; the most common are security fobs, smartphones, access cards, and any other physical object that can be used as a key.

Other Advantages Of Using A Password Manager

Regardless of your vendor choice, most password managers require a user to generate and remember one “master” password to unlock and access any information stored in their database. This master password will protect all your stored credentials across shared accounts and platforms.

Multi-user features and sharing controls are suitable for workplace managers to keep track of their employees’ passwords and credentials used for work applications and websites. Each employee gets a private, encrypted vault that is secure to store files and confidential client data. The manager can grant and revoke access to stored credentials as needed.

With their convenience and robust security features, password managers encourage users to employ best practices, and they are affordable. Some top vendors offer a whole dashboard full of advantages for just a few dollars per month per user. Keep in mind that you will get what you pay for, so it is best to do your research on the best vendor that meets your expectations with the most relevant features for your situation. Prices usually vary depending on how many users and the quantity of file storage being used.

Potential Shortcomings Of Using A Password Manager

Password managers have the significant disadvantage of a single point of failure, because potential hackers may only need to know one master password to gain access to all of a user’s credentials. Once the hacker has access to the master password, then they may have access to all the stored passwords for the user’s accounts. To prevent this, it is strongly recommended that MFA is used for the master login to the password manager. Password management systems are not immune to security flaws, so you may wish to research if a vendor has ever suffered a breach, and if so, what data was exposed and how they responded. Weak security and past breaches are more likely to be found with free systems that lack crucial security features.

Another disadvantage is that some websites and online portals do not work with password managers because their interface design will not allow the password manager to auto-fill the login screen. This issue can make things inconvenient, especially when trying to understand the different versions and policies of each vendor.

Conclusion

Password managers are an imperfect solution, but it’s generally believed that their benefits outweigh the risks. They can help out with the most challenges of credential-based security when used correctly. It is essential to understand the shortcomings and the advantages to know the actual value of the service to your use case.

Each vendor will have its own set of “pros” and “cons,” depending on your situation. The fundamental goal of consistently using strong passwords rather than easy-to-crack passwords is of primary importance. Features vary by provider, so do your research to find the one that best meets your needs. Many providers offer a free trial – take advantage of this to try several systems and see which is the best fit for you.