Being current on cyber security issues is difficult which is why I subscribe to Savvy Cybersecurity newsletter authored by Sean Bailey and Devin Kropp.
This month’s edition answers questions on password manager software.
When Sean Bailey and I began developing the Savvy Cybersecurity program in 2013, we too had questions about password managers. Were they safe? Did we feel comfortable recommending them to advisors and their clients? After some research of our own—including downloading and using password managers—we decided that they were safe and one of the best password practices you could take.
A password manager is a digital device that stores all of your username and passwords in an encrypted file on your computer and/or in the cloud. Your passwords are protected by one master password—the only one you need to remember.
Once you are signed in to your manager with your master password, the program will autofill the username and password fields for any known website. If you visit a new site that is not yet stored, you can easily save your login credentials to your password vault.
Using a password manager eliminates the challenge of having to remember unique passwords for all of your accounts. You only need to remember your master password to access everything else. Since we got so many questions on the topic, I thought I would answer some of them in this month’s newsletter.
How safe are password keepers? What password manager do you recommend?
Password managers are generally very safe. Password managers use strong encryption to secure your password files. Your passwords are so secure that if you forget your master password, not even the company can retrieve your passwords.
Password managers typically cost $10–$30 annually and most allow you to access your manager from your various devices such as your smartphone and tablet. Free versions exist but typically those only work on one device and have limited features. There are many password managers to choose from and it’s best to do some research to see which program best fits your needs. Some options you may consider are Dashlane, LastPass, 1Password, and KeePass.
Are password managers included on the iPhone acceptable?
The iCloud Keychain available on the iPhone and other Apple products is a safe and secure password manager. Apple uses strong encryption to protect this software feature and you can increase protection by enabling two-factor authentication on your device. One limitation of the iCloud Keychain is that it will not sync with non-Apple devices. If you have an iPhone but a Windows PC, you won’t be able to access your passwords on the PC. Other password managers allow syncing between different devices.
How do hackers figure out passwords?
Most often hackers purchase lists of usernames and passwords that have been breached at companies. Hackers know that most people reuse their passwords, so they will try your username and password on other sites. There are, of course, other ways hackers get your passwords, but this is the most common.