The average internet user now has 100 passwords. At the same time, security professionals always warn us that we should have different passwords for each online account. Furthermore, all passwords should be sufficiently long and complex to ensure they’re safe from brute-force hacking attempts and other threats.
Of course, no one can be expected to remember 100 different passwords. This encourages people to use weak and easy-to-guess credentials. The sheer scale and complexity of manual password management is the main reason why millions of people use weak passwords, such as names of pets or favorite sports teams.
The focus of this year’s Cybersecurity Awareness Month is the human element, which includes simple, hassle-free ways to protect yourself online. When it comes to passwords, that means establishing an easy way to use complex passwords that are different for every account. That’s where password managers come in.
Before exploring the benefits of using a password manager, it’s important to understand what constitutes a strong password and why. The two most common ways to hack passwords are using dictionary attacks and brute-force attacks. Dictionary attacks try words from a dictionary or other wordlist, while a brute-force attack tries every possible combination of characters.
A weak password will take just a fraction of a second to attack. For example, a 10-character-long password made only of numbers takes less than a second for a typical computer to crack. However, if that password contains numbers, letters, and symbols, the amount of time it takes to try every possible combination increases exponentially. Randomly generated alphanumeric passwords with symbols that are 16 characters long take longer than the age of the universe for a supercomputer to hack.
However, dictionary and brute-force attacks aren’t the only threats to passwords. The easiest way for an attacker to exploit a password is either by using a social engineering scam or simply by guessing it. Learning how to recognize phishing scams and using a second authentication method can greatly decrease your susceptibility to social engineering.
Another oft-overlooked risk is the fact that, even without social engineering, an attacker might be able to guess your password simply by trawling through any publicly visible information on social media channels. Many people overshare on social media¸ thus giving identity thieves a huge resource where they can learn more about their victims, including their likely usernames and passwords. You know those Facebook posts that look fun and harmless? They might say something like “To figure out your band name, take the name of your pet and the model of your first car and post it in the comments below!” You’ve just given away key information to the public by commenting on that post. If you’re creating passwords that are easily memorable, they’re probably relatively easy for determined attackers to guess as well.
Password managers are programs designed to create, store, and manage online credentials. Popular solutions like LastPass randomly generate long and complex passwords whenever you open a new account or change a password for an existing one. They automatically enter those login credentials for you, whenever you want to log in. The passwords themselves are securely stored in an encrypted vault, which you will only be able to access with one manually entered password and a secondary authentication method, such as a single-use SMS token. This way, you only have to remember one set of login credentials to access all of your online accounts. In cybersecurity, this process is known as single sign-on (SSO).
Of course, a password manager is a single point of failure, which is why you need to protect it with an extremely strong password that only you can remember. However, it’s far safer than having the hundred or so single points of failure that comes with having to manage dozens of online accounts individually. Moreover, password managers can help stop phishing attacks by tying your login credentials to specific domains. That means they won’t work on malicious sites intended to steal passwords. There’s simply no better way to overcome the challenges of dealing with an ever-growing set of usernames and passwords than by using a password manager.
In short, yes! With Cybersecurity Awareness month in full swing, we're ensuring all our clients have the resources they need to be safe and secure online with LastPass. So, what does LastPass do?
Keep your organization safe and secure the simple way. Sign up for LastPass with SeedSpark by October 31 and get the first two months free!
Contact Us for 2 Free Months of LastPass!
*Offer available for new clients with 50+ employees and all current clients that do not already use LastPass.
SeedSpark provides managed services to bolster your security posture and mitigate the risks to your organization. Get in touch today to get the proactive IT support you need to succeed.