5 Keys to Using a Password Manager

By:  |  Category: Blog, Cloud, Security Thursday, August 9th, 2018  |  No Comments
Password Manager

It’s hard enough to remember your passwords much less remember where you wrote them down. A password manager sounds like a brilliant solution.  One simple place to keep all those crazy long gibberish words. Unfortunately, hackers have targeted password manager companies recently too.

Is a spreadsheet locked in your drawer the only answer? Sandor Palfy, LastPass CTO believes that’s not the case, “Some people may be hesitant to use a password manager because they’re afraid of ‘putting all their eggs in one basket’, but it is a very, very safe basket.”

Cloud-based password managers like Dashlane, LastPass and Sticky Password employ zero-knowledge security protocols that encrypt users’ master passwords with an encryption key that is stored only on users’ devices (so that the companies have ‘zero knowledge’ of users’ passwords). This encryption includes thousands of rounds of authentication hashing, where an algorithm converts a string of text into a longer string, making it more difficult for hackers to crack the hashed text.

Strong encryption means that in the event of a breach, even exposed master passwords shouldn’t be compromised – but other sensitive information that would allow attackers to breach users’ other accounts could be exposed.

So in a nutshell, password managers are still a safe option but you do need to take certain precautions when picking one.

“While it’s impossible to be completely immune from the most advanced threats, selecting the right third-party password manager can help users to protect their credentials from the majority of attacks that they may face,” says Kurt Baumgartner, a principal security researcher at Kaspersky Lab..

5 Keys to Using a Password Manager

  1. Choose a password manager without master password recovery.
    Pick a password manager that does not allow for recovery of the master password. “If a malicious actor is able to get ahold of the master password through account recovery tools, this renders even the most secure password management programs useless,” says Baumgartner,
  2. Use Two-factor authentication
    Any online account has a risk of being hacked. One way to circumvent this risk is to use two-factor authentication to protect your password manager. Chrome supports two-factor authentication with your smartphone, and, along with Firefox and Edge, also works with authentication hardware keys such as Yubico. Third-party password managers including Dashlane, LastPass and Sticky Password supports two-factor authentication with your smartphone. “While two-factor authentication may still have some risks due to threats like SIM hijacking, at a minimum it puts one more layer of defense between the cybercriminal and your full arsenal of login information,” says Baumgartner.
  3. Turn off autofill
    You may want to consider turning off autofill. This also means logging into your password manager, then copying and pasting your passwords into the login screen.
  4. Use strong passwords
    When composing your master password, make it strong. “By today’s standards this means 20 characters or more, randomly generated passwords that contain lower and uppercase letters, digits and symbols,” says Sandor Palfy Last Pass CTO. Also whatever you do, don’t reuse your Master Password!
  5. Make sure all of your passwords are unique
    Make sure all your other passwords are unique. Dashlane Premium is one of the options that can automatically check for weak or repeated passwords then automatically replace them with a random, complex password.

If you need assistance with a cybersecurity solution give EnhancedTECH a call at 714-970-9330 or contact us at [email protected]


Kapersky, Last Pass, Techlicious

Leave a Comment
Read previous post:
SIM swapping
SIM Swapping Fraud

This is a eye opening read by Robert Lemos of Symantec on one of the newest scams to watch out...