In 2022 there is no excuse to do not use a reliable password manager. Period!
In the age of passwordless authentication, IoT, smart devices and high speed internet connection data breaches are more common than usual, mostly because of the insecure password usage. Remembering long and difficult passwords is really counter productive but luckily there is the solution: password managers! The era of post-its attached to the display with corporate or private secrets must be over. Even the corporate security starts with the individual level safety. Today’s cyber world demands strong and thorough security considerations even in our personal lives. We have bank account credentials, paid subscriptions and other stored card informations on different websites and mobile devices. So, do YOU use weak or shared passwords? Do you have any default passwords in your devices? Think about it a bit!
Even the most lightweight personal password manager tool is much better than using nothing. A password manager helps to maintain a healthy password policy, and to use a different passwords per site and per service. You don’t have to know or remember any password anymore, only the master password of the tool if you use it that way.
Considering the method of installation of the software you will see two groups:
Cloud based password managers (you just use it, don’t manage it).
On premises password managers (you install, manage, backup and use it).
There are tools on the market you can use in the cloud and/or buy an installer.
One of the oldest and most lightweight password vault tool is KeePass. It is available as an installer or a simple portable package. The database file is standard, it can be opened from Linux, Windows and Android as well. The database file can be stored on OneDrive or DropBox, and it can be used from different devices (not in parallel). You can use a master password for opening the database or it is possible to use user keys instead (or both of them, of course). KeePass is open source and free to use. It is an on premises tool.
BitWarden and LastPass are cloud based password vaults, and they have packages for personal use for free. For about $5 per month you can buy even more features in the personal package.
1Password is also a cloud based password vault solution with personal packages for around $3.
PassBolt is both SaaS and on premises tool, but it is rather for small teams and businesses.
Both tools I mentioned above have their pros and cons, but using one is much better than using nothing.
Basic password education
Do not use the default password of any service or device.
Avoid using the same password for different sites and services. Use different passwords for work and for personal stuff.
Never use dictionary based passwords! They can be guessed with bruteforce in less than two minutes. It is true even for the longer (12-16 character) words.
For a healthy password policy use special characters, lowercase and uppercase characters and numbers wherever is possible.
Do not copy-paste passwords into plain text files, don’t type them if possible. Use the tools’ provided copy and paste methods or their plugins.
In 2022 there is NO excuse to do not use a password vault! IT Security is everybody’s responsibility, in the office and at home as well. Please take it seriously.
If you have a comment or other opinion, visit Tom’s IT Cafe Discord Server and share it!
Tom's IT Cafe 