We have written articles about passwords and good password practise in the past (here, here and here) and while this article will be a useful refresher, we wanted to share some updated news about a popular Password Manager we have previously endorsed.
LastPass offer a free product and a key feature of this changes on 16th March 2021 – more on this later.
Our password advice hasn’t changed over the years and to help you stay as safe as possible online we wanted to share the key points below.
Imagine a scenario where you only had to remember one password. How perfect does that sound? For ease we recommend you have one robust password, for a Password Manager, that will then be the only password you need to remember.
By robust we mean something that is easy for you to remember but difficult for a hacker to guess. We suggest the Three.Random.Words method (see point 2 below) and for additional peace of mind you can check how robust your new password is here.
1. Use a Password Manager. Let a Password Manager generate and store your passwords for the websites you visit. We recommend MyKi, LastPass and Dashlane.
2. If you are required to enter a password pick three random words (not family names or pet names or football teams) and separate them with a full stop, for example - Red.Ford.Rocket. Using the link above we can see the Red.Ford.Rocket password would take 4 billion years to brute force crack and is not shown on any previous password leaks – that means its very easy to remember and very secure to use.
3. Have a unique password for each service you access. There is no point in having one robust password if you use it everywhere – when one password or service is hacked, all of your passwords are known. If this seems overly complex remember the password manager is doing all of the hard work.
4. Don’t change them too often. Yep, read that again. Do not force your users to change their passwords every 30 / 60 days. Studies confirm that password laziness creeps in and for example, Password1 becomes Password2, then Password 3 etc – this wouldn’t take a hacker too long to guess if they were determined enough.
5. Use two factor / multi factor authentication. This is a system where once a correct username and password have been entered, a third party token needs to be entered as the final piece of the jigsaw to gain access to the account.
By remembering all of your usernames and passwords for you Password Managers promise both security and convenience. The password to your Password Manager is the only password you need to remember – once you have this the Password Manager tool does all of the hard work. Password Managers also allow you to create a unique, complex password on every site your visit which means if a service you subscribe to is hacked (DropBox, Facebook, Marriott, British Airways for example) only that password needs to be changed.
Password Managers use very strong encryption (commonly AES-256) and are encrypted with your password so even if the Password Manager company was breached your passwords would appear as jargon to the cybercriminal who obtained them.
With 2FA or MFA once a successful username and password combination have been input a final security token is needed to obtain access to your account.
This means that even if a cyber criminal knows your user / password combination, without this final verification step they cannot gain access to your account. More and more companies are encouraging 2FA / MFA on their accounts including banks, workplaces, password managers and even Facebook!
LastPass has however recently announced that its popular free service will stop syncing passwords between mobile devices and desktop devices from March 16th 2021. What this means is users who currently enjoy using LastPass on their mobile phone and desktop PC will lose the ability to sync any newly created password on either device.
Microsoft have also recently announced that is Authenticator App (a very popular choice for 2FA / MFA requirements) will become a free of charge Password Manager on mobile devices. Additionally, if you use the Microsoft Edge browser (or Chrome with an extension) you can sync your passwords between your mobile and desktop devices – this should see Microsoft become a key player in the Password Manager field over the coming months.
If you are looking for an alternative corporate solution, then Pro-Networks recommends its customers adopt the MyKi solution to control what staff members have access to while in work and prevent ex-staff members having access after they leave. If you would like more information on introducing the MyKi Password Manager and 2FA solution into your business please do get in touch.