Between all of your online accounts, whether personal or work accounts, you probably have many unique — and complex — passwords to manage. And since you know better than to write them down in a notebook, have them on sticky notes hidden under your mouse pad, or stored digitally on your desktop, what are you supposed to do?
Passwords are one of the most vulnerable cyber defenses used to protect our online accounts, as passwords are the only barrier between online accounts and cybercriminals who have a desire to access to our data and systems. Utilizing a password manager is a security best practice that cyber professionals are recommending for us.
Along with other security tips, password managers minimize the risk of mis-managing our passwords. The question that arises here, are password managers secure, and what is our responsibility here to manage the password manager?
What is a Password Manager?
A password manager is software that allows users to generate passwords, store, and manage account information including usernames and passwords all in one location. Password managers offer other features such as complex password suggestions, identifying weak or repeated passwords used, and alerting its users when their credentials appear compromises. When you use a password manager, you will set a password that is often referred to as the “master” password. This will be the only password you will need to remember.
Password managers are available in different formats:
- An online service hosted by a third party and accessed through a website portal. This type is useful if you need access to the password manager from multiple devices.
- Software installed locally on a workstation that can operate either completely offline or connected to the internet to synchronize your information to a cloud database and get software updates.
Are Password Managers Secure?
Password managers can offer a high level of security level for account credentials and information, if best practices are used to secure their master password. Whether you use, or planning to get, an online, or an offline password manager, you need to follow the following practices:
- Do your research and get a trusted password manager software that has a high reputation in the industry.
- Use a strong master password for your password manager account and never forget it. Some password manager vendors would never retrieve your account if you can’t remember your master password.
- Enable two-factor-authentication (2FA) to your password manager account for an extra layer of security.
- Keep your password manager software, web browsers, and all other software you use up-to-date.
- Audit the list of devices that are approved to access your password manager.
- For work-related accounts, always use password managers that are approved by your organization. Follow your organization’s policies, standards and procedures when processing, storing or sharing work-related data.
Remember, if password managers are managed appropriately, they will offer you the level of security you are looking for to your online accounts’ passwords.
This post is presented by the GW IT Cybersecurity Risk and Assurance team with information from CISA.
#SecuringGW is a shared responsibility, so if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse@gwu.edu.
IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), ithelp@gwu.edu, or visit ithelp.gwu.edu.
