Menu
5 things you should know about password managers

5 things you should know about password managers

Tools such as Last Pass and Dashlane can save you a lot of headaches

New data breaches are coming to light almost weekly and they reveal a simple but troubling fact: many people still choose weak passwords and reuse them across multiple sites. The reality is, remembering dozens of complex passwords is almost impossible, and carrying them around on a scrap of paper that you have to keep updating is a huge hassle. That’s why password managers exist. Here’s why they’re important, and how to get the most out of them.

Password variety is important

With password leaks being a case of “when” and not “if,” you should limit the damage attackers can do by choosing a different password for each online account. Remembering all those passwords is hard without making them predictable, and that's where password managers can play a big role. They’re available for most browsers and operating systems, including mobile ones, and provide a hassle-free login experience.

Password complexity matters

Most password managers can generate complex passwords for you, and that's important. Websites generally store cryptographic representations of passwords called “hashes,” but depending on the algorithm used, those hashes can be cracked. The more complex a password, the less chance an attacker will be able to recover it from the hash, so it's good practice to use passwords with 12 or more characters, combining upper and lower case letters, numbers, and special symbols.

Usually, you'll still need to remember a master password that logs you into your password manager. You may also want to know your password for a few critical accounts, like email, in case the password manager is unavailable for some reason. In that case, sequences of words combined with digits and uppercase letters can be just as difficult to crack. An example would be DogsCatsRabbitsMyTop3Animals. These are typically referred to as passphrases, because they’re longer.

Offline vs. online

Password managers employ a variety of security models. Some are offline, like KeePass, Password Safe or Enpass, which means they don’t synchronize across different devices: you have to move the encrypted database between the various instances of the program each time you add or change a password, or use a cloud sharing service like Dropbox to keep the database in sync. Others, such as LastPass, Dashlane and 1Password, automatically synchronize your passwords across different devices, and some even provide Web-based access to your password “vault.”

If you choose one of the service-based implementations, pay attention to the architecture and make sure it decrypts the database locally inside the application or browser, without ever sharing the master password with the service provider.

Don't rely on a master password alone

Protecting all your passwords with a single master key isn't the best idea, because it can create a single point of failure. But many password managers offer two-factor authentication, where accessing the password vault also requires a one-time code sent via SMS or generated by an app such as Google's Authenticator. Make sure the password manager you choose has this feature, and turn it on.

Even when you’re using a password manager, it's a good idea to enable two-factor authentication (sometimes called two-step verification) for all your online accounts that offer it. An extra layer of protection never hurts.

Make use of other security features

Some password managers offer the option to log you out after a period of inactivity. That’s useful, because it's not a good idea to keep the password vault open for extended periods of time, especially on a shared computer. Logging you out automatically can limit the damage if your computer gets temporarily infected with malware. It's also best not to flag devices as “trusted,” which disables two-factor authentication for that device.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags password managerssecurity

Slideshows

Top 50 defining moments of the New Zealand channel in 2016

Top 50 defining moments of the New Zealand channel in 2016

Reseller News looks back on a tumultuous 12 months for the New Zealand channel, assessing the fallout from a year of sizeable industry change. Whether it be local or global mergers and acquisitions, distribution deals or job changes, the channel that started the year differs somewhat to the one set to finish it - Reseller News assesses the key moments that made 2016.​

Top 50 defining moments of the New Zealand channel in 2016
​Hewlett Packard Enterprise honours high achieving NZ channel

​Hewlett Packard Enterprise honours high achieving NZ channel

Hewlett Packard Enterprise honoured its top performing Kiwi partners at the second running of its HPE Partner Awards in New Zealand, held at a glitzy ceremony in Auckland. Recognising excellence across eight categories - from distributors to resellers - the tech giant celebrated its first year as a standalone company, following its official split from HP in 2015.

​Hewlett Packard Enterprise honours high achieving NZ channel
Nutanix treats channel partners to Christmas cruise

Nutanix treats channel partners to Christmas cruise

Nutanix recently took to the seas for a Christmas Cruise around Sydney Harbour with its Australia and New Zealand staff, customers and partners to celebrate a stellar year for the vendor. With the sun out, they were all smiles and mingled over drinks and food.

Nutanix treats channel partners to Christmas cruise
Show Comments