Where do you start good Cybersecurity? Password Corral; It is OK.

In today's workspace, managing a myriad of passwords has become a daunting task. If you are like me, you find that the number of digital doors we must keep safe is large and growing. My experience is that I need many passwords, passphrases and various authentications for access to my digital data.? How many passwords do you have to remember? To keep that many passwords unique and complex requires some help, it is not within my ability to memorize a great quantity of passwords.

?

Keeping passwords safe can be time consuming. If you are using an Excel spreadsheet, Google sheet, notebook or Post-it notes - either on your monitor or tucked under your keyboard - the risk of exposure is significant.? Stolen credentials were the leading cause of cyber breaches for 2023 and this trend is expected to continue in 2024

?

In my first article I wrote about using unique and complex passwords for each account as a good starting point and a key policy for improving your company’s security posture. Hopefully you have or are about to review and update any passwords not meeting the basic requirements described in that post. The next step in good security hygiene is to corral all those passwords safely.? That safety likely means using a Password Manager. A password manager is a highly secure software program that acts like a vault, a vault providing quick access to your account usernames, passwords, and more, while keeping everyone else out.

?

Two weeks ago, I was standing in line in at a local retail shop awaiting my turn to purchase goods and sundries and I witnessed a delay. The cashier tending to the person in the front of the line was held up because they did not have a password.? The customer at the front of the line informed the clerk that they believed the password was on a Post-it note under the keyboard. Yep, it sure was. It was even more curious in that the customer was not even a regular or local they just happened to have stopped in the day before and had the same thing happen.? Helpful chap.? I was not surprised but still it was surprising. To reinforce to you the audience member that this is common, I also recently saw a Facebook post of an office and in the office, there was a computer screen with a Post-it. Yes, that Post-it note was on a computer monitor and it contained credentials for an online business account.? When I told a friend about these stories in my best incredulous tone, they promptly admitted to having a Post-it under their keyboard with their own account credentials.? Three real life security vulnerabilities in just a few sentences for your consideration. What unsecured credential stories are you aware of even now? Please share the juice (but not anyone's credentials) in the comments below.

?

It stands to reason that if you build complex passwords and have many accounts that you would likely love to have a way to keep them all remembered and secured. The password manager does exactly that. The password manager then only needs you the human to remember one password.? A complex one that is not easy to guess.? You can even make that one password a bit crazy since it is one of the very few you will now need to remember. I may have gone wild creating my password because, according to maths and sciences it would take about 300 trillion years to crack with conventional methods. I am pretty sure that is a pre-quantum computer estimation, so perhaps as technology improves it may not actually last that long.? That is ok I will be changing it before then.

?

The current abilities of password managers are full of excellent features.? Password manager software possesses advanced features, the key features are storage of your accounts and then actually generating passwords for you according to the rules you either need to follow or that you desire to set.?

?

As a small business owner or IT professional for a small business, password managers in some cases even allow for you to directly enforce your password policies ensuring that everyone in the organization is using unique and complex passwords in your enterprise.? Password managers can identify when multi-factor authentication is available for accounts and encourage use. A password manager can work to 'audit' your passwords to rid your herd of passwords of any known compromised credentials.? The audit can highlight weak or easy to guess passwords.?? Better yet when you use the auto fill features, they will put your authentication information into your websites, programs and accounts for you automatically. You do not have to copy paste, no waste of any control c | control v time.? They even work across devices, browsers and platforms from laptop to desktop to phone.

?

Today's security requirements for a small or medium size business indicate that a security by design baseline is having a password manager for you and your employees.? Stolen credentials are used by threat actors to steal data, payment information, lurking about your company’s information, creating disinformation and other nefarious badness. I know that the security industry is great at producing statistics about impact and cost, which are significant and may seem sensational to grab attention, but your business can take immediate cost-effective steps right now to add a crucial layer of security in the password manager. I do recommend the software password manager you choose should be from a vetted vendor and not the password logbook still available at Barnes and Nobles, nor the excel file someone in customer service keeps and IT has no knowledge of.?

?

Alternatively, the Internet browser software such as Microsoft's Edge, Apple’s Keychain (yes not really a browser) or Google's chrome have all stepped up the password management game with better security and ease of use, but they still do not match security by design principle of the dedicated password manager.?? These systems have limitations, like Apple's Keychain being exclusive to Mac products. They also lack advanced features such as secure credit card storage, 2FA code generation and secure note storage.

?

It is human to want to make systems run smooth. Placing the password to the cash register under the keyboard can appear logical from some perspectives. Over the last few decades computer technology has improved many work process and there are relatively few industries that are missing out on improvements due to modern computer.? There has been a lot of progress since Alan Turing and crew created BOMBE to defeat the German Enigma machine. That machine operated at about 15 operations a second to break the encoded German communications, an impossible code to break manually. Today the recent chips in a handheld tablet have reached a performance of 38 trillion operations per second in just its neural engine. However, all this wondrous technology and speed can appear to scream to a halt when we need a password, and that password is not readily available or hard to remember. Which perhaps is why, as demonstrated above, so many people with great intentions (or at least perhaps not bad ones) find ways around it. Leaving your business at risk.

?

A password manager can corral, round up, wrangle and tame those errantly stored credentials reducing your business risk. Protect your organization and improve business resilience with a password manager.