Is It Time to Invest in a Password Manager?

Pawani Vaddi

This question for this edition of “Ask a Security Expert” comes to us from Matt Wilmot, who asks, “I find that password management is a common security flaw with many clients. What lightweight solutions are out there for MSPs to manage this issue for clients?”

Passwords have been a point of contention for MSPs – as well as their small and midsized business clients – for years. A seemingly simple problem of poor password practices and password reuse still represents a major security risk for organizations. In fact, according to the 2019 Verizon Data Breach Investigations Report, passwords continue to be one of the weakest links for companies, with 32% of the reported breaches involving phishing and 29% involving the use of stolen credentials.

For many organizations, juggling the hundreds, even thousands, of login credentials they use on a day-to-day basis can be extremely challenging. Using the same password repeatedly or storing passwords in an unsecured document poses a major security risk. The best solution you can offer your clients that is both convenient and secure is a password manager.

A password manager is exactly what it sounds like – an application that manages your organization’s passwords. It produces, retrieves and keeps track of all the long and complex passwords that you have, protecting them with strong encryption capabilities. All a user has to do is remember the one password to get into the application.

Mitigating Security Risks

Some argue that with a password manager you’re putting all your eggs into one basket. This may be true, but if you’re already only using one password for all accounts or are keeping all your passwords stored in one place, your eggs are already in one basket. So, why not store them in the most secure basket possible?

Some of the ways that a password manager can help you avoid security risks include:

• No longer storing passwords in a document or writing them down, which can leave the organization susceptible to a breach. To learn more about how to keep employees from writing passwords down on sticky notes, check out tips in this article.
• Eliminating the need to remember multiple and complex passwords. People often use the same or similar passwords for different accounts, meaning that if one password is exposed, all accounts are exposed. Password managers give you the ability to generate and track complicated and unique passwords for all your accounts.
• Signing into your accounts automatically. What many people don’t realize is that typing passwords to login each time can be dangerous by itself. Malicious keyloggers designed to secretly monitor keystrokes can record your passwords and retype them, gaining access to your accounts.
• Certain password managers also allow for two-factor or multifactor authentication. This helps to further mitigate risk by rendering password compromise insufficient to open the password manager. These stronger authentication techniques are critical to ensuring your organization (or your client’s organization) remains secure.

Improving Password Security Hygiene

Unless you have a photographic memory, with the ability to memorize hundreds of complex and random passwords, a password manager is necessary for both you and your clients to practice better password hygiene and overall computer security hygiene.

As technology continues to advance, there will be more options for streamlined password management, including the potential for biometric authentication that doesn’t require traditional passwords at all, instead relying on users’ fingerprints or eye retinas to login. Other forward-looking technologies like behavioral biometrics can also recognize the unique way a user types or even moves their mouse to confirm identity.

The traditional password won’t exist forever. But until passwords go the way of the dodo, password managers are here to help you manage today’s authentication woes.

Pawani Vaddi is a product manager for the consumer segment at Webroot and has spent more than six years in the cybersecurity industry. Her primary focus is on emerging consumer technology and its impact on users’ privacy and security. Follow Pawani on Twitter @Webroot or on LinkedIn.