[Reading Time – 1 minute 24 seconds]
Virtually all security professionals agree that the best way to manage all of our long, complicated, and unique passwords for all of our accounts (you do use long and complex passwords, don’t you? A password manager is a good idea. A new research paper has shown that a password manager alone does not make it easier to create strong passwords. To be effective, users must use a password manager at all three phases of managing passwords.
Research has shown that password managers don’t always have strong passwords. It is not the fault of password managers, but how they are used. A 2017 study showed that many people misuse password managers.
Users are creating weak passwords, those that are easy to remember, and then storing them within the password manager instead of relying upon the password manager’s built in random password generator.
Despite the fact that password managers can store unlimited numbers of unique passwords (and users are storing the same password over-and-over in them), password reuse is a common problem.
Use Password Managers Correctly
According to researchers, the latest research paper presented at USENIX security conference clearly showed that password managers do indeed impact password strength and reuse. This is only true if password managers are used for all three phases.
Password creation (using manager’s built in password generator).
Password storage (save the passwords that are unique in the manager)
Password entry (using the manager for passwords to be entered into the online prompts that require a password).
Researchers say that “Using a workflow. . . From password creation through storage to entering leads to stronger passwords.” Passwords that you enter manually into a prompt rather than using the password manager’s automatic entry feature are weaker.
The big takeaway from this is that password managers work, but only if we use them to create, store, and enter passwords.
Related:
Passphrases are not recommended for passwords.
Pivoting
IT, Networking, and Cyber Security Instructors – Take a deep dive into the Live Virtual Machine Labs at MindTap. Watch the recording of our recent webinar: Just In Time Training for Live Virtual Machine Labs.
