Notice that I didn’t say “Use a password manager”?
While using a password manager can make using generated passwords easier, they are two completely different things and should not be confused. Here’s why.
If you’re using the same password in multiple places, you’re not much better off from a cybersecurity perspective, even if you’re using a password manager. In fact, you might be more vulnerable. Why? Well, if the master password for your password manager is used in multiple places, i.e. another cloud-based system, and that other system gets hacked, guess what? ALL OF YOUR PASSWORDS ARE NOW VULNERABLE.
Hackers are smart and they know users have bad habits, they make a living on it. They will try to identify which password manager you use and breach your account.
Like any tool, a password manager has to be used correctly to be effective. You’re not driving any nails in with the claw side of a hammer. You have to use tools properly for them to be effective. IT tools are no different.
When you sign up for a new site or alter an existing password, always use a generated password. All major password managers have a generated password feature once you install them and for the most part password managers for personal use are free. Most automatically recognize when you’re updating a password. They’ll ask you to update your password manager’s entry for the site.
Use a generated password, agree to the update the password record, and move on with your day. Make the generated passwords as long and as complex as you’d like. You don’t have to try and remember them and you’ll very rarely need to type them out, if ever. But what about when you’re away from your desk?
Most major password managers have a mobile app as well, making those complex generated passwords portable. Just download the app, and you have access to your password vault on your mobile device. Even better, most don’t require you to type your master password except for when you first log in. They leverage biometric verification, meaning it uses your fingerprint to verify your identity. You can now search for, then copy and paste all of your usernames and passwords from your password manager, all from a mobile device.
…And speaking of master passwords, we recommend using 2FA (two factor authentication) and an 8 character password for your master password at a minimum. We prefer that you use 12 characters, but ya know, baby steps.
Although your new master password may be complex and hard to remember at first, it’s the only password you’ll ever have to remember. Never use this password anywhere else, and update it every 90 days. This habit alone will give you a massive gain on your own personal cybersecurity, as well as in business.
A whopping 95% of survey respondents share up to 6 passwords with other people and 59% are re-using passwords.Inc.com
If you can afford a business plan, invest a few bucks and get the business or professional version of your preferred password manager for yourself and your team. If you think you can’t afford that, take those unique user logins from Habit 1 and put them to work. Sign everyone up for a free account with their new, unique company email address. You won’t get the centralized management and provisioning perk of the professional system, but it’s still a big step in the right direction for cybersecurity in general.
We recommend using LastPass. It’s free for individuals and less than $5 a user for teams with centralized management so you can keep your business systems safe.
As a bonus, if you implemented unique user logins in both systems, you can track who did what and from where. That way if a security breach does occur, you have an audit trail if legal action is necessary.
From a productivity standpoint, once you build a good habit of using generated passwords you’ll notice a remarkable increase in time saved signing in to, and up for, web-based systems and platforms. No more stopping and thinking about a unique password or writing the password you used down (which is a terrible habit by the way). You’ll gain the added cybersecurity benefits of not reusing passwords naturally when you use generated passwords, which will go a long way in beefing up your security.
Regarding 2FA, Authy is our favorite 2FA app for TOTP. TOTP are those numeric sequences that have a timer on them, they regenerate every 30 seconds or so. I would highly recommend using this type of 2FA over text messaging since it’s more versatile and secure. It’s as easy as installing the Authy app on your phone and or PC and scanning a QR code.
We prefer Authy over Google Authenticate for a number of reasons, the most important being it’s far easier to recover access and authenticate if your phone number or physical device is lost, stolen, broken, or upgraded. If you’ve ever lost access to a device and were using Google Authenticate, you know what we’re talking about, and how long waiting on hold with Google support can be.