Oct 7 – NCSAM – Password Managers – What are they? Why use them?

Once upon a time, during the early years of the Internet, you may have had a handful of passwords for a few essential web applications that you used to shop, study, stay connected, and get work done. Today, things are much more complicated. A 2017 report from LastPass found, on average, people had to remember 191 different passwords—just for work—not to mention their personal passwords.

While technology promises to make our lives easier, and it generally does, every new website and application we sign up for is another password we have to remember. For most, it’s become impossible to remember all of them. The 2019 Google Online Security Survey found 52 percent of respondents reused the same password for multiple (but not all) accounts. This is a big no-no.

Using giant lists of stolen passwords (aka “dumps”) bought off the dark web, cybercriminals can brute force their way into other sites or use old passwords to extort users in scams. This is the data breach domino effect. One breach leads to another and another and so on.

According to the 2019 Verizon Data Breach Investigations report, 80 percent of data breaches are caused by compromised, weak, and reused passwords.

So, how did we get here, and what can we do about it? Through 20 years of effort, we’ve successfully trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess.

When creating a new account, websites demand that we create long and strong passwords. Failing that, we aren’t even allowed to make an account. Assuming one gets past the account creation phase, you’re going to promptly forget the Enigma machine cypher you just made and resign yourself to using the “Forgot Password?” link as your everyday log in option.

Fortunately, you don’t have to remember all those passwords. A password manager can remember them for you. A password manager is “a software application designed to store and manage online credentials. It also generates passwords. Usually, these passwords are stored in an encrypted database and locked behind a master password.”

Once all your account usernames and passwords have been entered into the vault, your master password is the only one you have to commit to memory. Entering your master password unlocks your password vault, and from your vault you can then retrieve whatever password you need.

For a complete rundown on password managers our partners at Malwarebytes has a complete article about features, benefits, and types. The article can be found here https://www.malwarebytes.com/what-is-password-manager.

If you have additional questions regarding password managers feel free to reach out to the Help Desk at 717-871-7777 or feel free to email muncsam@millersville.edu.