How to securely manage passwords

Secure Password Management for You and Your Business
If you have passwords written on sticky notes attached to your monitor, or maybe you write them in a notebook, in a pile of papers scattered on your desk, or, worse yet, you simply use “password1” for everything so you have less to manage, you’re definitely flirting with disaster. Sure, those sticky notes make it easy, and you can easily pass them around the office when the need arises, but what if they fall into the wrong hands and you or your clients are exposed to the risk of unauthorised access or even becoming hacked?

password-headerInstead, you should be using strong passwords and keeping them secure. A strong password is based primarily on length — the longer it is, the harder it is for hackers to guess or crack. Using a combination of different character types (upper, lower, symbol, number) also plays a strong role, especially for shorter passwords (8 characters should be the bare minimum). Unfortunately, this can make passwords hard to create and remember, especially if you desire — as you should — a unique login for every site and service you frequent.

Luckily, there are now services and applications to help you or your business generate, save, manage, and share your passwords and other sensitive information, securely. Password management tools typically have the capacity to generate passwords of any strength — with random strings of upper and lowercase letters, numbers, and symbols — and you don’t have to worry about trying to remember them. Most services are cross-platform and allow you to share over the web to multiple devices. The best news of all? You only have to use one master password to secure all of your information in these services (but, please, make it a strong one).

The passwords are typically not stored on any server, but instead, their hashes are stored and locally decrypted on your machine, so in the case that the system’s servers are compromised, hackers would not be able to obtain your passwords directly without physical access to your machine. For even stronger security, multi-factor authentication can be employed, which typically comprises a combination of something you know (your password or pin), something you have (a physical device, like a YubiKey or token generator), and, for the ultimate security, something you are (i.e., a fingerprint or iris scan).

LlastpassastPass is one of the most popular tools for password management, and they do offer an Enterprise edition with support for Active Directory, LDAP, and single sign-on. Administrators can manage users and assign them to shared folders with access to all the secure information within — which is not limited to just passwords. Credit cards, bank information, secure notes, and documents can all be shared and secured. Compliance reports can also be generated to ensure your users are conforming to your security guidelines. LastPass is inexpensive and bulk licensing prices are available if your business has a large number of users.

passwordmanager-dashboardDashLane is another top choice in password tools for both personal and business use. With a similar feature set to LastPass and an elegant user interface, it’s worth your consideration, but you may be turned away by the higher, flat-rate pricing.

KeePass has been a staple in password management for years and is especially popular amongst the free and open source software crowd. However, there is an enterprise service called Pleasant Password Server that utilises KeePass and allows for password sharing, etc. It is also FIPS compliant, which may be important if you work for the government.

Whichever system you choose to employ, you can rest easy, secure in the knowledge that your business is using best practices to keep you and your clients safe. Save those sticky notes for taking down lunch orders and talk to Computer Mechanics for your business IT management solutions.