In this tech insight, we look at challenges to using passwords, what password managers are, and why they are still so important.
The Limitations and Challenge of Passwords
Passwords have long provided a practical way to log in to websites, platforms, apps and other access gateways yet using passwords comes with many limitations and challenges, most of which are around security. These include:
Human Limitations and Human Error
People can typically only successfully remember shorter, more uniform, or more memorable strings of characters, and consequently these often end up being partly words, names, dates, or a combination thereof, which can make them easier to crack. Also, trying to remember longer groups of unrelated characters is unduly onerous for most people.
Password sharing (i.e., using the same password for multiple platforms/websites) is a security issue because if one site is compromised and password details are stolen, criminals can quickly attempt these in many other locations( which could result in financial loss and multiple accounts for one person being taken over.
The use of default passwords (e.g. with IoT devices and gadgets) or using very easy to guess/crack passwords are highly risky and expose users open to hacks, data-theft and financial loss. For example, the top 5 passwords in the (Nordpass) list of the 200 most commonly used passwords for 2021 are 123456, 123456789, 12345, qwerty, and password.
Cybercriminals have found passwords easier to beat in recent years due to factors such as:
– The massive leak of 2.6 billion rows of personal data from 12,000 files dubbed Collection #1, plus the many other collections of personal data and passwords now available to buy/swap/download on the dark web and other places.
– Password brute-forcing tools are now widely available online, e.g., Cain and Abel, Hashcat, John the Ripper, and Ophcrack.
Cyber-criminals can use the stolen/purchased password details for:
– Credential stuffing attacks. This is where cyber-criminals use software to automate the process of trying breached username/password pairs on many other websites to see if they can gain access.
– Phishing attacks. The stolen credentials can be used to automatically send malicious emails to a victim’s list of contacts.
– Targeted digital identity attacks. The breached credentials can be used in targeted attacks designed to steal a victim’s entire digital identity or steal their money or even to compromise their social media network data.
Password managers are typically installed as browser plug-ins. They are used to handle password capture and replay, and when logging into a secure site, they offer to save login credentials. On returning to that site, they can automatically fill in those credentials.
Password managers can also generate new passwords when needed and automatically paste them into the right places, as well as being able to sync passwords across all devices.
Popular Password Managers
Examples of popular password managers include Google Password Manager, Microsoft Authenticator, Dashline, LastPass, Sticky Password, Password Boss, Keeper (good for cross-platform uses), 1Password, and LogMeOnce. There are also password vaults in other programs and CRMs that act as password managers, such as Zoho Vault, and Digital Vault.
Google Password Manager and Microsoft Authenticator
Google’s Chrome browser has a password manager to help to stop people from using weak passwords by suggesting combinations of characters that may be more secure. Microsoft’s Authenticator app can manage passwords for both Edge and Chrome.
Benefits of Password Managers
The main benefits of password managers include:
– Convenience and saving time. Having the password available in a secure browser extension is very helpful where, for example, the password has been forgotten or the password is too difficult to remember. Password managers are also particularly helpful for businesses, most of which have a large number of passwords to remember/store, and for businesses that may need to store a number of logins for their customers’ apps and platforms (e.g. digital marketing companies).
– Added security. Most password managers use 256-bit, military-grade AES encryption, thereby ensuring password security while keeping passwords close to hand for when they’re needed.
What Does This Mean For Your Business?
Even though big tech businesses are now offering users ways to log in that don’t use passwords (Microsoft announced in September that it is getting rid of all password logins and encouraging the use of an authenticator app or other solution) many businesses still need to use multiple passwords in a secure and convenient way. Password managers, therefore, serve a useful purpose in tackling the challenges of human limitations and human error, helping with work on the go and remote or hybrid working (syncronising passwords across devices), and the ongoing effort of cyber-criminals. The increased strength and convenience, however, mean that that the days of passwords now appear to be numbered but, in the meantime, there are many different password managers for businesses to choose from.