Is Your Password Manager Secure?
Apparently, you can't use "beef-stew" as a password. It's not stroganoff.
There is simply nothing that is 100% security-proof. The baddies are constantly upping their nefarity; you will likely be compromised sooner or later. The best you can do is do the best you can, which includes using a password manager app to control the misuse of passwords. It is more secure to use an app that creates unique and complex passwords for every login than relying on logins you create - helping to mitigate “brute force attacks,” “credential stuffing,” and “social engineering”.
Nothing is foolproof, but you need not be a fool about how you manage your passwords.
Don’t include personal information as part of them
Don’t neglect 2FA
Don’t reuse them
Don’t share them
It sounds simple, but as we know, simple does not mean it’s easy. It is mentally exhausting to dream up complex, strong and different passwords for every… single… site… we access, let alone remember them. This is where password manager apps (PMA) become critical to streamlining the password creation and entering process. I finally hit the breaking point and went all in on 1Password in April of 2021. I have not looked back, and I sing the song of jumping in on this to anyone who will listen. I write about password health and I speak on the topic. During one webbie, someone asked me, “How could a password manager possibly be considered a secure system if all your passwords - and possibly financial and personal data - are stored in a single place?”.
Great question. Really great question. Protecting access to the keys to your online kingdom should not be taken lightly and the answer has multiple layers to it. Some relate to how you are using it, and some relate to the password manager app itself.
Secure practices for a password manager app.
One: Use a complex yet memorable passphrase to access your app
Passwords are long, complex strings of numbers, letters and symbols that our PMA generates, but we can’t access them if we can’t get into the app - rendering them useless for their intended purpose.
You should use a memorable passphrase instead of a password to open your PMA. A passphrase is a string of 14 characters minimum that forms a phrase, and you enter them without spaces. It shouldn’t be predictable, and don’t make it obvious; perhaps make it silly and unintelligible to make it even more memorable. And don’t store it anywhere in your PMA.
Two: Consider if you should change your PMA access passphrase
There is some disagreement on this because you may have difficulty remembering a new one, but if the passphrase you use has words that may now be easy to guess, change it.
Three: Set up 2FA to access your PMA
Four: Don’t use the native PMA 2FA for your apps’ 2FA access
I realize that some of the PMAs have a 2FA generator for your apps, which may seem convenient. But it is counterintuitive to use the same app that has all your passwords as the one to provide your second line of access defence - to those who steal passwords…
Five: Every user should have their own login credentials and access levels to vaults and information
Six: Pay attention to and act upon in-app security warnings
Seven: Set a routine to download your PMA data
The app may be down or compromised, or you may want to change to another provider. Having your data outside the PMA gives you control over those situations. Don’t store it on your hard drive, though; use external storage. And for crying out loud, don’t name the file “passwords” or some such.
Eight: Secure your payment and PII (Personally Identifiable Information) details
To add details for these securely so you enjoy the convenience of having them readily available, leave out one key detail that you can remember. Your passport, for example, omit where it was issued, and credit cards leave off the CVV on the back
Ensuring a password manager app is secure.
Not all password managers are created equal, and some may better fit you and your organization than others.
One: Consider how you feel about using it
If you don’t feel comfortable using it, you won’t use it, which is self-defeating.
Do you like using it on all your devices - your mobile, desktop, and tablet…
Part of successfully implementing and using a PMA is putting it on all your devices
Do you feel good about the interface and the experience when you are using it?
Two: Consider the features that you need
Are you a team that needs masked login details (users can’t see or copy them), shared and separate vaults, and user-level permissions, to name a few?
Three: Consider its security track record and transparency
Four: Consider the PMAs’ security protocols
Advanced end-to-end encryption
Biometric authentication
Frequent security auditing
Multiple login protocols
PBKDF2 key strengthening
PMA account password is not stored or reused in the PMA - well duh…
One final thought on the benefit of using a password manager app is contingency planning - personal and professional. If something were to happen to you, who and how could your apps, insurance, banks and such be accessed? Using a PMA, and keeping a copy of your access details in an emergency document (securely stored - perhaps with an accountant or lawyer and in a safe) mitigates the confusion and frustration associated with emergencies.
If you found this topic interesting and want to learn more, here is a very detailed, non-app-centric article.
Featured Template
~~~
Featured Template ~~~
15% off discount code: BLOG
The Discontinuation of Services process can be lengthy and it's easy to miss steps. Streamlining this workflow will leave your client with a great final impression, and it will save you time and energy.
It takes effort, and trial and error, to get the full process mapped out tightly.
Luckily for you, we’ve already done all the leg work! Created by accounting professionals, these templates make the offboarding process harmonious and efficient.
What you get:
Checklists of tasks & to-dos
Email templates
Contracts (need to be legally vetted for your region)
How-to videos
Going All In On A Password Manager App
Tuesday, May 14, 2024, 1 PM - 2 PM EST
It can seem daunting to go all in on a password manager; to let go of the ease of using Chrome to store your login details, to not use your pet/child name and “1234!” at the end of those names (not that anyone does that)and to give up control of knowing your passwords.
Just because it’s simple does not mean it’s easy!
It may seem obvious that you must implement or improve your processes and technology choices for securing your passwords. Still, many of us haven’t because we need support and accountability to get it done.
This workshop is dedicated to giving you the actionable steps to get this done and dusted!
Simply yours, Kellie :-}
::Shameless Call To Action::
I sell bookkeeping templates, standard operating process handbooks and client guides.
15% off discount code: BLOG
