SSW Foursquare

Passwords - Do you use a password manager?

Last updated by Warwick Leahy [SSW] over 1 year ago.See history

If you need to remember the password then a passphrase is best. Preferably these should be made up of 4 random words with a length of at least 16 characters. These eliminate the requirement for special characters and are incredibly difficult for a computer to guess.

A strong password would looks something like this:

correcthorsebatterystaple

OK example - A strong memorable password

However the best passwords in the world are the ones you can never possibly remember. Computer generated passwords, with a length of at least 16 characters, offer the most protection. A super strong password looks something like this:

$Jun!ZW@gYS%bmy0($34hYj&8hsgfDF

Good example - A strong computer-generated password

This is obviously not something you can realistically type in every time you need to use it. Fortunately, the same tools that generate these for us also manage them, storing them securely and automatically entering them into websites and apps for us.

With a password manager, you don't have to remember that strong, unique password for every website. The password manager stores them for you and even helps you generate new, random ones. 

It does not matter which one. There are many great tools out there:

Figure: Why you should use a password manager

In an Enterprise you should use an Enterprise password manager

  • Keeper - Enterprise level password manager. Different groups of users can be given access to different passwords according to Business priorities.
  • 1Password - syncs passwords and personal data across all your devices. It's not quite as slick or capable as many competitors, but it's still an easy-to-use utility

The best enterprise password managers provide a security score for all your enterprise passwords - fix them if your score is low.

screenshot 20221025 093417
Figure: In Keeper you can see at a glance if insecure passwords are being used

They monitor your accounts, regularly checking if they have been released in a breach and notifying you of any problems.

keeper2
Figure: Keeper quickly shows you if any of your passwords have been released in a breach

They also allow administrative control of your accounts. In an enterprise you should be able to transfer any non-shared passwords if a staff member leaves (in case they forgot to share them). Lock their account and expire their master passwords. This is great when a staff member leaves but also super important if they lose a device.

keeper3
Figure: In Keeper you can lock an account expire a master password or even transfer their passwords

Personal security

You should use them for your personal security as well:

  • Keeper - Password vault on unlimited devices and provides secure sharing if you need to give your password to someone else
  • 1Password - Syncs passwords and personal data across all your devices. It's not quite as slick or capable as many competitors, but it's still an easy-to-use utility
  • Lastpass - Matches the capabilities of other top paid password managers and is easy to use. Platform syncing limitations for the free version make it significantly less useful than it was
  • BitWarden - Take control of your online password security and manage private data safely from any location or device
  • Dashlane - Put passwords in their place, we'll take care of them for you.
Adam Cogan
Warwick Leahy
Security - End Users
Security
We open source. Powered by GitHub