Password Managers Demystified: 4 FAQs

Password Managers Demystified: 4 FAQs

A password manager is a useful tool for securing the numerous credentials we use every day.  Here’s what to know about password managers and how they can help protect your business.

What is a password manager?

It’s specialized software that helps you generate, store and retrieve unique passwords for both local applications and online accounts in an encrypted database, or vault.  The only password you need to remember is the one that unlocks the vault.

How do password managers work?

It all starts with strong encryption. AES 256-bit encryption is the industry standard for the most secure password managers. This encryption is also used by the military because of its exceptional strength.

Zero-knowledge architecture means your passwords are encrypted before they leave your device.  This prevents an attacker from deciphering them from a location other than your actual computer.

Most managers will ask you to use a master password for accessing your vault.  For an additional security layer, you should use two-factor authentication (2FA) or biometric authentication, like a fingerprint or face scan, if it’s available to you.

Some password managers will remind you to change the passwords regularly and evaluate their strength. Others will scan the dark web to check if any of your logins appeared online.  Some will do both, and then some.

What should I look for in a password manager?

First, decide which features you need.  Those built-in to browsers (for example, the pop-up you get from Chrome asking if you want to save the password when you log into a website) are safer than they were even a few years ago.  Still, they have limited capabilities.

For business purposes, a paid password manager is going to be more robust, convenient and secure than a free app.  Look for these features:

  • Password generators: If you don’t want to come up with your own passwords, most paid password managers will allow you to generate safe passwords with varying complexities. The best password managers will also be able to analyze your existing passwords for weaknesses and upgrade them with a click.
  • Autofill and auto-login: Most password managers can autofill your login credentials whenever you visit a site and even log you in automatically after you enter your master password. Fewer keystrokes for you!
  • Secure sharing: Sometimes you need to share a password with a co-worker. A password manager should let you do so without compromising your security.
  • Two-factor authentication: Increasingly, password managers support multi-factor authentication —using a second method such as a PIN, a fingerprint, or another “trusted device” for additional verification—to mitigate this risk. Choose one that does.
  • Protection for other personal data: Credit card and bank account numbers, addresses, and other personal data can be securely stored in many password managers and automatically filled into web forms.
  • Cross-platform support: Many password managers work seamlessly across multiple web browsers and smartphone apps.

What are the risks?

Remember, no technology product or service can guarantee 100% safety.  Quality password managers are exceptionally secure, but not foolproof.  These common risks are based on both the technology and personal behavior: 

  • All your sensitive data is in one place: If you store credit card or other personal information in the password manager, that would also be exposed in the extremely rare event of a provider breach.
  • If your device is infected, the master password could be exposed: If you fall victim to a phishing attempt, and your machine is infected with malware, when you type the master password it would be recorded.  From there,  cybercriminals would gain full access to the data stored in the password manager.
  • Choosing an inferior password manager: If it has weaker encryption, offers few features, and has poor reviews, don’t use it.  You get what you pay for.
  • Forgetting your master password: For obvious reasons, most industry-standard password managers have no way to recover your master password. In that case, if you forget your master password, you’re locked out for good.  One option is to store your master password (or a hint) in a physically secure place, in case you ever need it.

Even though it’s possible for password managers to be hacked, the scenario is highly unlikely.  While there have been a handful of reported security vulnerabilities, none resulted in the exposure of usernames and passwords.  Password managers are more likely to be compromised due to user carelessness.

Key Takeaways

Implementing a password manager across your organization makes sense for your overall cybersecurity protection.  Using one makes it quicker and safer to sign into websites you know.  It also reduces the chance you’ll sign into a look-alike site, since the password manager won’t suggest a password for a site it has never seen before.

If you’d like to know more about how CRU Solutions can help keep your business safer, contact us.