Originally published in the Honolulu Star-Advertiser, June 16, 2020
As more and more services move to the cloud, tracking one’s passwords becomes more difficult. Combined with the ever-increasing number of bad actors on the internet, intent on committing bad acts, use of a password management program is virtually a requirement.
Gone are the days of using one password for everything, tracking your passwords in a spreadsheet or relying upon the recovery capabilities of the website. Passwords are being hacked at an ever-increasing rate, either through old-school brute-force methods, use of previously compromised credentials acquired on the dark web, or malware, including viruses propagated through social media sites.
Password management software allows you to store all of your passwords in a single location. In the past there was some concern that all of your passwords were accessible if someone gained access to your master password. Nowadays, however, with the use of multifactor authentication, that concern is largely mitigated.
Most password management packages integrate with websites and other software across multiple platforms, including computers, phones and tablets. Upon creation of a new account, you are prompted to save the password, and this data is logged and held in an encrypted database. Typically, you will be warned if your password is weak or a duplicate, and many packages generate random, strong passwords. You don’t have to worry about remembering these passwords, as most packages will automatically fill in the proper password.
What happens if someone gets a hold of your device? Of course, your device is password-protected, right? After all, you’re not going to invest your time and money into implementing a password management program, then leave your front door open. Most password management programs are pretty good at figuring out when to log you out and requiring you to log back in. If you have a multidevice license, you can always change the master password from another device.
So, what’s good? A couple of the more popular password management programs that have been around awhile are LastPass and DashLane. Both have free versions, which have some restrictions, but still functional nonetheless. In fact, most password management packages have a free or trial version, so one can try out a couple before deciding to shell out some dough.
LastPass was the victim of a well-publicized security breach last year, so that might give some pause. LastPass claims that no actual passwords were hacked, and anecdotal evidence supports that assertion.
What about password management for larger organizations? LastPass, DashLane and others have “enterprise” versions. At the endpoint the enterprise versions provide similar functionality as the consumer versions but include additional features for centralized management through- out the organization. This is especially handy for health care or financial organizations that have strict compliance regulations.