Too many logins to remember? Try a Password Manager

Here’s the latest advice from cyber experts – passphrases should consist of at least 12- 20 characters that mix random words, numbers and special characters. They also strongly advise against using the same password for more than one application. If one application gets hacked and a password is exposed, the hacker can then access the app and all of the other accounts sharing the password can be compromised. Hackers use automated programs that test sites and services across the Internet, checking to see if they can gain access to accounts using exposed login information. Experts also recommend not to reuse passwords, especially if the password has been hacked before.

Trying to remember dozens of long and complex passwords can be quite tricky. There are two password management methods considered to be more secure than trying to rely on memory alone or resetting your password every time: using a password manager or keeping a password journal and securing it.

Use a Password Manager

The most commonly used automated password managers are storing passwords in the Internet browser or utilizing an app. Saving passwords in an Internet browser is the cheapest and easiest way to manage passwords, but the principal weakness in using this method is that anyone who uses the computer can access the online accounts. The other problem is that unless data is synced across all devices, the convenience of the browser remembering the password will be lost. Also, should someone accidentally download malware, accessing stored passwords within the browser is often the hacker’s first stop.

Password managers are downloadable apps that encrypt and store passwords for online accounts and profiles. Most will flag weak passwords, duplicate passwords, and help create better ones. Most password management apps store passwords in the cloud but some apps allow users to store their encrypted passwords on a device. These apps often offer features like generating random secure passwords, auditing passwords, and storing additional confidential information.

Password manager apps are not immune to compromise and, because of the data they store, are attractive targets for hackers. An individual that isn’t comfortable storing passwords in the cloud can maintain more control over their information by storing the passwords on a device. It may involve additional costs to store the passwords on multiple devices.

Another consideration in selecting a password manager is the cost and consequences of not renewing the service. There are free password managers and there are services that cost between $10 and $60 per year. The benefit of a free password manager, besides the zero cost, is that the customer is less likely to move on or fail to renew the service. The downside of a password manager that is paid for is, of course, the bill and the difficulty of migrating to a new password manager if the need to switch arises.

Write Them Down in a Notebook and Secure it

It may sound archaic, but writing passwords in a notebook and keeping the notebook in a secure place can be just as effective a solution as using a sophisticated password management app. Keeping passwords in a notebook can be a good solution in a single-user environment or even in a multi-user environment if the notebook is kept sufficiently secure. As with storing passwords on a single device, using the notebook approach is not convenient when using multiple devices, particularly if the devices are not in the same location (work and home, upstairs and downstairs).

With so many passwords to remember, it may be time to consider using a password manager or writing passwords down in a notebook and keeping it secure.

Want more information like this delivered straight to your inbox? Click the “Follow” button on the bottom right and enter your email address.

© 2020 The Hartford Steam Boiler Inspection and Insurance Company. All rights reserved. This article is for informational purposes only and is not intended to convey or constitute legal advice. HSB makes no warranties or representations as to the accuracy or completeness of the content herein. Under no circumstances shall HSB or any party involved in creating or delivering this article be liable to you for any loss or damage that results from the use of the information contained herein. Except as otherwise expressly permitted by HSB in writing, no portion of this article may be reproduced, copied, or distributed in any way. This article does not modify or invalidate any of the provisions, exclusions, terms or conditions of the applicable policy and endorsements. For specific terms and conditions, please refer to the applicable endorsement form.

Monique Ferraro

Monique is counsel in Munich Re’s US Cyber Practice at HSB. Previously, she was principal at a digital forensics, e-discovery and information security consulting firm and owner of a law firm. Ms. Ferraro is a Certified Information Systems Security Professional.