Here's the audio version of this post:
This site contains affiliate links, which means we could earn a commission on anything purchased through those links. But, we only suggest tools we use ourselves or have tested and would suggest to our own clients. See our full disclaimer here.
These days, it feels like we are constantly stuck in the middle of an arms race between hackers and the websites that we use for our day-to-day business. Every couple weeks, it seems that there’s a new big breach exposing hundreds of passwords. And, unless you sign up for alerts from a service monitoring your accounts or get contacted by the organization with the breach itself, you can never be 100% certain yours wasn’t one of them.
It’s a full-time job to keep up with the news, change your passwords, and remember your new passwords. And woe betides anyone who tries to memorize their ever changing and appropriately complex passwords! That’s probably why so many of us give up and use the same passwords across several accounts (and really simple ones at that).
In a study on the most commonly breached passwords, (drumroll…) here were the top five:
You get the picture—the next ten aren’t any better. So, the most common passwords that people use are those that any low-rate hacker in a crime drama could crack right off the bat. That means that most passwords people are using today are basically open doors directly into the heart of their personal and/or business accounts for any unscrupulous hacker to walk directly into and take anything that they’d like.
And, of course, we’re sitting here thinking that this doesn’t apply to us. Surely our password is secure, and surely our business isn’t making these kinds of mistakes. However, that’s what nearly everyone who has had a company data breach thought, too, almost word for word.
A staggering 81% of company data breaches are caused by a company employee thinking to themselves that “password” is a fine password, getting lazy about their account security, and leaving the door open for anyone to walk right inside. We don’t want to stress people out, but the very real fact of the matter is that not only can this happen to you, but it may have happened to you already.
Using stronger, more unique passwords matters for security the way that washing your hands matters for health: it is the surest, simplest, and most necessary piece of the puzzle. Without strong passwords, nothing else you do really matters. If we didn’t need to memorize every password for every account, we could easily use unique passwords that were much longer and much more secure. We could all sleep a bit better at night.
Luckily there are tools that do exactly that: password managers.
What Is a Password Manager?
A password manager is a program that uses one master password to protect all your other passwords, which are stored in a password vault either in the cloud or on your device. Most good password managers will then automatically fill your other passwords into any site that allows them to, usually by way of a browser extension. This means that you only need to remember one very secure password, as the password manager stores all the rest of your passwords for you.
This is a huge time saver! Imagine no longer having to dredge up your memory, recover lost passwords, and type in long strings blind to get into your accounts. It also has the hidden benefit of protecting against phishing attacks.
Phishing attacks work by hackers creating professional-looking communications (typically via email) either asking for you to click a suspicious link or requesting personal information while claiming to be someone who would actually require said info, such as your password. A password manager only provides your password to the site if it’s the correct website asking, thus truncating the risk of you accidentally providing a password to someone you shouldn’t have.
Are Password Managers Safe?
It may initially seem spooky to give all your passwords to one other password, especially after having spent years scrupulously memorizing and re-memorizing them. Putting them all in one place behind one password may seem like tempting fate, and you should absolutely make sure your master password is very strong for exactly that reason. However, we haven’t seen that fear bear out in the long run.
Hackers have had a hard time making headway on hacking any password manager service. That is due, in large part, to these companies knowing exactly how juicy of a target they really are. That means that they have put their full weight behind providing security and making sure their servers are buttoned up.
The farthest any attack (that we know about) has gone is compromising the hints for one service’s user security questions. No hacker to date has accessed any of the actual password vaults of any password manager’s database (again…that we know about).
The biggest risk that you face when it comes to using your passwords is phishing. As we mentioned earlier, using a password manager dramatically cuts down on the risk of phishing attacks getting a hold of your passwords. You will absolutely want to protect your master password with your life, though. Be sure to write it down and keep it somewhere extremely safe. Some password managers also let you export your passwords as a spreadsheet, which you can encrypt for personal use or print off and lock away before swiftly deleting.
Best Password Manager Features
When shopping across the many different password manager options, it can be hard to know exactly what to look for. Here’s a list of some basic features that are important to consider when choosing a password manager.
A password manager can’t very well keep your passwords safe if they’re not properly encrypted. Look for a manager that uses AES-256 or better encryption. The difference between proper encryption is being able to crack your password in a week or so vs. AES-256, which will take longer than the age of the universe to crack the same password by algorithm. Encryption matters, and it’s cheap.
Vault Storage Locations
For most businesses, storing your passwords on a password manager’s servers in the cloud is going to be significantly more secure than anything you could whip up on your own. That said, for certain types of government work or other applications, you might need to keep your passwords in-house. Different passwords managers store their passwords differently, and the best of them will let you pick and choose.
Even with a password manager, if one of the sites you use the password for gets hacked, it is only one of your non-master passwords that will get exposed. The best password managers are watching for these events and will alert you when they happen so that you can change your password as soon as the breach is detected.
Integrated Password Generation
When you need to come up with a new password, good managers will help you come up with a sufficiently complex one. Since it’s stored, you can use something truly out there, like “!#ij10jops0ho830j((jp1fjapn==-,” and your password manager will generate it for you, rather than you having to type it in.
If a password manager doesn’t work across different types of operating systems, then you end up in a situation where you can’t use your accounts on particular devices—kind of defeats the purpose.
If you do forget your Master Password, you should know how you’re getting back in. This determines how easy it is for you to get access to your accounts and how hard it would be for someone to pretend to be you.
Password Sharing and Role-based Permissions
When running a business or sharing an account with your family, you don’t want everyone to have every password. By setting role-based permissions, you can share some but not all passwords with everyone that has certain levels of responsibility in the organization, and you can keep the HBO Max password away from the kids if you want to.
Example of a Good Password Manager: Dashlane
Dashlane is a strong password manager that features flexible vault locations (though it defaults to storing them in the cloud, as it should) and uses AES-256 encryption to protect you against anyone trying to get access to your passwords. It also features a robust security dashboard that displays new threats and breaches when they crop up so that you know when it’s time to generate a new password.
Dashlane works on Android, Windows, OS X, iPhone, and iPad. It also has browser extensions for every browser, saving you the hassle of copy-pasting passwords or typing them in manually. It also prioritizes a clean and easy interface that keeps using it extremely simple.
Dashlane is free for one device, and once you upgrade to premium for multiple devices, it offers easy-to-implement role-based permissions, which are also available on its much more robust business plan. Overall, Dashlane is an excellent, smooth experience that offers robust protection, and you can start trying it out for free.
Get it here: Dashlane for Business
No matter your industry, Eminent SEO wants to help your business work as cleanly and thoroughly as possible. Sometimes that means giving you security tips, but it more often means helping businesses and customers find what they’re looking for more easily.