If you aren’t using a password manager to protect your passwords then you are a security baby. You have not yet learned the bare minimum requirements for taking care of your Privacy Hygiene. To protect yourself and your business, it is important to use strong passwords and keep them safe. Password managers are a great way to do this, but many people don’t know how they work or why they are important. In this blog post, we will discuss the benefits of using a password manager and how to choose one that is right for you. We will also compare password managers to browser storage and show why browser storage is not a good option for keeping your passwords safe.
Good Privacy Hygiene Rule #1: Use unique passwords for every account
Credential stuffing is a type of cyber attack in which hackers use stolen usernames and password combinations to gain access to other accounts. This is often done by using a list of known breached credentials, such as those from the Ashley Madison data leak. By using a password manager, you can ensure that your passwords are unique and strong, making it much more difficult for hackers to gain access to your accounts.
Good Privacy Hygiene Rule #2: Avoid linked service authentication
There are a few reasons why you should not use social media apps as an authentication mechanism for other sites and apps. First, it can be easy to lose control of your social media account. If someone gains access to your account, they can then access any site or app that you’ve authenticated with that account. Second, social media apps are often not very secure. They may not use strong encryption or they may have other security vulnerabilities. Finally, using social media apps as an authentication mechanism can be a privacy concern. If you authenticate with a social media app, you’re giving that app access to your personal information. So, it’s best to avoid using social media apps as an authentication mechanism.
Good Privacy Hygiene Rule #3: Make long passwords
Most people tend to choose simple passwords that are easy to remember. However, this also makes them easy for hackers to guess. According to the NIST guideline 800–63b, “Password length has been found to be a primary factor in characterizing password strength”. That’s why it’s important to use the most complex password options a site offers when creating an account. If you are creating an account for a website I recommend using a password generator to make the longest password the site will accept. The idea here is that you will never have to know what the password is and will always rely on your password manager to enter it. (You may have a couple of passwords in your life that you want to remember, in those cases follow the NIST guidelines for creating a pass phrase to make them long but easy to remember. But don’t forget to put the record in your password manager!)
Good Privacy Hygiene Rule #4: Be careful with your browser’s stored credentials
Every major browser can store passwords for the convenience of the user to log into their online accounts. This may seem convenient on the surface but there are a few gotchas you should be aware of. First, browsers are easier to hack than password managers and if your computer is stolen or hacked your browser’s stored credentials are an easy conquest. Second, there are many times when you need to create a user account outside of the browser experience and the ability to fire up the browser credential manager will suddenly not seem convenient. Third, browser credential managers tend to create multiple records for the same domain. If you ever need to manually update a password you will have to update multiple records which can be confusing if not time-consuming. And lastly, browser credential managers are not generally made with the same thought and consideration that 3rd party password managers are made. Features like password breach detection and password generation complexity options may not exist.
Good Privacy Hygiene Rule #5: Protect your password manager
I am often asked why a password manager is considered safe. There are many important features a password manager should have, but some of the most important ones are the ability to generate strong passwords, sync across devices, and provide two-factor authentication. Password managers must also be protected by a unique security login in addition to the device login. Every time you open the password manager you should be challenged for credentials. If the program is integrated with Windows Hello or Apple Face ID this process is seamless for the end user.
I use and recommend Keeper Password Manager Keeper Business Password Manager (keepersecurity.com).
There are many important factors to consider when it comes to online privacy and security. By following the tips in this blog post, you can help ensure that your online accounts are as safe as possible. Take the time to implement these good privacy hygiene rules and you’ll be glad you did. Thanks for reading!
GLM West offers consulting services that can help you with this and other IT outsourcing services, check out our website for more info! https://www.glmwest.com
Comments