As we all spend more and more time online, we inevitably create more and more accounts to log into apps, websites, subscription services and resources. And as these account credentials pile up, we need a secure way to remember and manage all the associated passwords.
How many people have sticky notes placed in secret locations around their desks, in their wallets and in their homes? It’s no wonder: According to a 2019 LastPass survey, in the U.S., employees at an average midsize company must manage about 75 passwords for work. The same study reports that employees reuse their passwords an average of 13 times.
When you have a ton of passwords to remember, their quality tends to diminish. Simple passwords are easy to crack. And if the account you’re protecting with an easily hacked password contains valuable data or assets, the ramifications can be severe. In 2019, the average cost of a company data breach was almost $4 million.
Essentially, passwords are a static secret, and as malware and security breaches proliferate, stealing passwords is an easy way for hackers to get what they want. Once a password is stolen, the hacker gains whatever access is assigned to the account. If it’s something as sensitive as your bank account, the damage can be significant.
When it comes to passwords, the more complex the better. And with a good password management system, you only need to remember one.
Password managers: How safe are they?
A password management service lets you generate complex, unique passwords for each of your accounts and keeps track of all your passwords for you, with one master password that unlocks your “vault.”
The mobile security top 10
Get your free guide to better securing the personal and work data on your mobile phone. Download Now
As long as you’re logged into the password manager with your master password, it will automatically fill in your passwords, sometimes using biometric authentication to verify your identity. But, remember, if a hacker compromises your master password, they get full access to all of your accounts.
While there is still some risk associated with master passwords, password managers make keeping up with good password practices much easier and reduce your potential exposure to cybercrime. The average hacker looks for the easiest targets. Using a password manager to store all your passwords in one vault isn’t foolproof, but it improves your overall online safety significantly.
Best practices are still essential
Using a password manager doesn’t mean you can neglect proper security hygiene. Especially when it comes to your master password, you’ll need to choose a phrase — not just a word — that’s difficult to guess or hack. It’s critical that your master password is more of a passphrase — or even pass sentence — that contains a mix of letters, numbers and special characters. One solution is to string together a few unrelated words and mix in a few characters. Never use your master password with another account — many password manager help to flag duplicate usage.
Most of today’s password management solutions offer some form of multifactor authentication (MFA). With MFA, you need two or more credentials to successfully log in: something you know (like a password), something you have (like a token) or something you are (like a biometric face scan or fingerprint).
Experts agree that MFA benefits both employees and IT departments, as it bolsters security and users don’t have to worry about remembering all their work passwords.
Password management, simplified
A password management system is an attractive solution for its functionality and for its low cost. Many password managers on the market have a free version and a full version, which come with different features at different prices. For many people, it makes sense to sign up for the full versions for their added benefits and low monthly cost. They can also save you a lot of time from resetting passwords that you’ve forgotten.
One great free alternative is Samsung Pass, which comes on the latest Galaxy smartphones and tablets. Samsung Pass is a service that lets you save your usernames and passwords for apps and websites, and instantly sign in with your fingerprint or via facial recognition. The master password for Samsung Pass is built around your Samsung account. If you just switched to a Galaxy smartphone, activating Samsung Pass is one of the first things you’ll want to do to get your new device set up.