Is Your Password Manager Secure?


Apparently, you can't use "beef-stew" as a password. It's not stroganoff.


There is simply nothing that is 100% security-proof. The baddies are constantly upping their nefarity; you will likely be compromised sooner or later. The best you can do is do the best you can, which includes using a password manager app to control the misuse of passwords. It is more secure to use an app that creates unique and complex passwords for every login than relying on logins you create - helping to mitigate “brute force attacks,” “credential stuffing,” and “social engineering”.

Nothing is foolproof, but you need not be a fool about how you manage your passwords. 

  • Don’t include personal information as part of them

  • Don’t neglect 2FA

  • Don’t reuse them

  • Don’t share them

It sounds simple, but as we know, simple does not mean it’s easy. It is mentally exhausting to dream up complex, strong and different passwords for every… single… site… we access, let alone remember them. This is where password manager apps (PMA) become critical to streamlining the password creation and entering process. I finally hit the breaking point and went all in on 1Password in April of 2021. I have not looked back, and I sing the song of jumping in on this to anyone who will listen. I write about password health and I speak on the topic. During one webbie, someone asked me, “How could a password manager possibly be considered a secure system if all your passwords - and possibly financial and personal data - are stored in a single place?”. 

Great question. Really great question. Protecting access to the keys to your online kingdom should not be taken lightly and the answer has multiple layers to it. Some relate to how you are using it, and some relate to the password manager app itself.


Secure practices for a password manager app.


One: Use a complex yet memorable passphrase to access your app

Passwords are long, complex strings of numbers, letters and symbols that our PMA generates, but we can’t access them if we can’t get into the app - rendering them useless for their intended purpose. 

You should use a memorable passphrase instead of a password to open your PMA. A passphrase is a string of 14 characters minimum that forms a phrase, and you enter them without spaces. It shouldn’t be predictable, and don’t make it obvious; perhaps make it silly and unintelligible to make it even more memorable. And don’t store it anywhere in your PMA.


Two: Consider if you should change your PMA access passphrase

There is some disagreement on this because you may have difficulty remembering a new one, but if the passphrase you use has words that may now be easy to guess, change it.

Three: Set up 2FA to access your PMA


Four: Don’t use the native PMA 2FA for your apps’ 2FA access

I realize that some of the PMAs have a 2FA generator for your apps, which may seem convenient. But it is counterintuitive to use the same app that has all your passwords as the one to provide your second line of access defence - to those who steal passwords…

Five: Every user should have their own login credentials and access levels to vaults and information

Six: Pay attention to and act upon in-app security warnings

Seven: Set a routine to download your PMA data

The app may be down or compromised, or you may want to change to another provider. Having your data outside the PMA gives you control over those situations. Don’t store it on your hard drive, though; use external storage. And for crying out loud, don’t name the file “passwords” or some such.

Eight: Secure your payment and PII (Personally Identifiable Information) details

To add details for these securely so you enjoy the convenience of having them readily available, leave out one key detail that you can remember. Your passport, for example, omit where it was issued, and credit cards leave off the CVV on the back


Ensuring a password manager app is secure.

Not all password managers are created equal, and some may better fit you and your organization than others. 

One: Consider how you feel about using it

If you don’t feel comfortable using it, you won’t use it, which is self-defeating.

  • Do you like using it on all your devices - your mobile, desktop, and tablet…

    • Part of successfully implementing and using a PMA is putting it on all your devices

  • Do you feel good about the interface and the experience when you are using it?

Two: Consider the features that you need

Are you a team that needs masked login details (users can’t see or copy them), shared and separate vaults, and user-level permissions, to name a few?

Three: Consider its security track record and transparency

Four: Consider the PMAs’ security protocols

  • Advanced end-to-end encryption

  • Biometric authentication

  • Frequent security auditing 

  • Multiple login protocols

  • PBKDF2 key strengthening

  • PMA account password is not stored or reused in the PMA - well duh…


One final thought on the benefit of using a password manager app is contingency planning - personal and professional. If something were to happen to you, who and how could your apps, insurance, banks and such be accessed? Using a PMA, and keeping a copy of your access details in an emergency document (securely stored - perhaps with an accountant or lawyer and in a safe) mitigates the confusion and frustration associated with emergencies.


If you found this topic interesting and want to learn more, here is a very detailed, non-app-centric article.


Featured Template

~~~

Featured Template ~~~

15% off discount code: BLOG

Discontinuation of Services Spreadsheet Workflow & Communications
$100.00

The Discontinuation of Services process can be lengthy and it's easy to miss steps. Streamlining this workflow will leave your client with a great final impression, and it will save you time and energy.

It takes effort, and trial and error, to get the full process mapped out tightly.

Luckily for you, we’ve already done all the leg work! Created by accounting professionals, these templates make the offboarding process harmonious and efficient.

What you get:

  • Checklists of tasks & to-dos

  • Email templates

  • Contracts (need to be legally vetted for your region)

  • How-to videos

Add To Cart

Going All In On A Password Manager App

Tuesday, May 14, 2024, 1 PM - 2 PM EST

It can seem daunting to go all in on a password manager; to let go of the ease of using Chrome to store your login details, to not use your pet/child name and “1234!” at the end of those names (not that anyone does that)and to give up control of knowing your passwords.

Just because it’s simple does not mean it’s easy!

It may seem obvious that you must implement or improve your processes and technology choices for securing your passwords. Still, many of us haven’t because we need support and accountability to get it done.

This workshop is dedicated to giving you the actionable steps to get this done and dusted!


Simply yours, Kellie :-}

::Shameless Call To Action::

I sell bookkeeping templates, standard operating process handbooks and client guides.

15% off discount code: BLOG

 

Kellie Parks, CPB

Cloud Process Creator

I craft processes and automation for future-thinking accounting professionals who believe in the mightiness of online technology.

I want every accounting professional to love running a cloud-based business as much as I do. 

Embracing the cloud requires effective best practices, consistent communication, and efficient processes, systems, and workflows. That's why we have dozens of pre-built templates to take the pain out of creating optimization in your firm.

Certified or partnered in over a dozen cloud applications, Alumni Intuit International Trainer Writer Network and the FreshBooks Partner Council.

I am a runner, water/snow skier and live-music fan.

I’m always wondering what you would do more of—outside of work—if processes, automation, and apps gave you your life back.

https://calmwaters.ca/
Previous
Previous

Payments Links - How They Help Businesses Get Paid Efficiently

Next
Next

“Dripping With Honey And Sprinkled With Cinnamon Sugar.”