In today’s blog, we continue our theme in how to get rid of those pesky passwords once and for all. This is done with a Password Manager. Although it is very beneficial to use one, you need to be aware of its shortcomings as well.
- Make sure that your Password Manager uses some level of Cryptography:
In a very broad sense, Cryptography is the science of scrambling information and data while it is in transit, and descrambling it when it reaches its point of destination. Password Managers which make use of Cryptography represent the actual password as “hashes”, meaning they are in a garbled state until they are used to access a specific application. Not all Password Managers have this extra functionality, so make sure that yours has this.
- Offline and Online:
Password Managers come in either an offline or an online state. With the former, the passwords which are used to access your different devices are not automatically synchronized with another as you update or change you them. This means that you have to move the encrypted database of the Password Manager manually amongst these multiple devices. Or, you could use a Cloud based sharing service like Dropbox to do the synchronization for you. The disadvantage here is that you have to rely upon an extra tool. But, with the latter (online), the Password Manager will automatically synchronize any password changes or updates for you, in just a matter of a few minutes.
- Make use of 2FA:
2FA simply stands for “Two Factor Authentication”. As it was mentioned earlier, the Master Password which is created is not stored in the Password Manager. Thus, it is the responsibility for your employee to keep it safe. To add an extra layer of security, make sure that your Password Manager makes of the 2FA functionality. This primarily involves using a one-time code which is sent via SMS to your Smartphone, or it could be generated securely with a 3rd party app such as Google Authenticator.
- Don’t forget to log off!
When we are at work, and logged into multiple applications, there is a tendency to forget to log off when we are done using them. Obviously, this does carry inherent security risks with it. Therefore, when you are not using your Password Manager, make sure you log off immediately. Many Password Managers of today will also automatically log you off after a short period of inactivity. Make sure that you have this functionality enabled.
We wrap up tomorrow our look into Password Managers, and in a couple of days, start taking about a much broader tool that the business or corporation can use: The Identity Access Manager.