Do you feel confident and comfortable with the system you’re using to manage your work and personal passwords?
That assumes you even have a system. With data breaches in the news practically every day, using a password management system is a must.
In the words of Jon Brodkin, Senior IT Reporter with Ars Technica, “The secret to online safety: Lies, random characters and a password manager.”
Will Allen, Information Technology Services’ On-Site Support for the University Registrar, cited Brodkin in a recent campus presentation about password management and vaults. Allen’s presentation was part of the summer series of Tec Talks, hosted by the Department of Computer Science, in cooperation with Carolina Technology Consultants, OASIS, ITS and others.
Do your passwords look like this? N5&5r5’jQ’rz4O!O.*Ly!&7Cfna57P
Many pros, a few cons
Sure, not this one exactly. But they should be this secure and random, Allen said. Password management systems can generate strong, random passwords.
The advantages of password managers, Allen said, are that they:
- Securely store passwords and other data
- Eliminate forgotten passwords
- Encourage good (random) passwords
- Discourage password reuse
- Keep all account information in one place, enabling you to easily keep track of accounts
One of those advantages is also a disadvantage—that they keep all account information in one place. Back up the database file. Another disadvantage is there is one master password. Do not forget that password.
Password managers aren’t only for passwords
What should you store in password management systems? Usernames and passwords, PINs and credit card numbers and their corresponding 1-800 bank numbers, in case your wallet is lost or stolen. Also store security questions and your fake answers. Truthful answers are insecure—an online search might reveal some of your answers. Instead, use false answers, Allen said.
Options include paper, local files and cloud
When deciding on a password manager, you don’t have to pick the latest and greatest technology tool. For less tech-savvy users, paper still works, if you store your list of passwords in a secure location.
Password managers save databases in local files or in the cloud. There are a variety of free and paid password vaults, including LastPast, KeePass, 1Password, RoboForm, Dashlane and Password Safe.
LastPass, which is one of the most popular systems, offers free, premium and enterprise versions. As a member of the Internet2 community, it offers discounts to education users.
LastPass officials acknowledged in mid-June that the network was breached, but they said they found no evidence that LastPass user accounts were compromised.
No need to limit yourself to one system
You can use multiple vaults, Allen said. He advises keeping personal and professional passwords in different files.
When you’ve selected a password manager, where should you start? Allen recommends:
- Make a list of all known sites and add them to the database
- Change passwords for all known sites
- If you log into a site that is not in the database, add it immediately and change the password
- When you create a new accounts, add it to the database
If, like most people, you have dozens or even a few hundred accounts and passwords, the process of building your database file or files won’t be quick. Allen said he started by plugging in five sites at a time. Most importantly, just get started with a password management system.