The practice of diversifying your password may be one of the most important security protocols to protect the company from hackers, but it also presents certain problems for the users.
Remembering unique passwords for many accounts proves problematic for many people. That is where a password manager becomes useful. But are password managers safe?
Though useful in managing passwords in an organization, password managers do not offer all-round protection on their own. This article lists some of the shortcomings of using password managers in an organization.
What is a password manager and how does it work?
A password manager is a cyber security software tool that stores credentials used to log into different accounts. When creating user accounts on different sites, security protocols require that you create a strong password.
By definition, a strong password is one that contains a fairly long list of characters. In addition, the password should have a mixture of capital letters and numbers.
Some sites go further and make it mandatory for the password to include at least one metacharacter. Furthermore, security protocols advise against using the same password for different accounts. In other words, every account should have a unique password.
As a result, remembering such complicated passwords especially when you have multiple user accounts becomes hard.
The manager eases the management of multiple passwords by storing the different passwords for each account in memory. When using the manager, the users only need to set up and remember one master password. This password is used to log into the password manager to access all the accounts.
There are two types of password managers which differ in how they manage user login credentials:
- Desktop-based password managers are installed on a personal computer and manage login credentials on your accounts. They store the credentials locally.
As a result, there is a risk of losing the credentials if you lose the device where the desktop-based password manager is installed.
- Cloud-based password managers are different from desktop-based password managers in the sense that they store login credentials in an encrypted format on the internet service provider’s network. Consequently, cloud-based password managers allow you to access your login credentials from any device provided you use the service provider where the passwords are stored.
Are password managers safe?
According to ISE, password managers have many benefits that trump not having one.
They guide users within an organization in practicing better cyber security practices such as having strong passwords on their accounts, using unique passwords, and frequently changing their passwords. However, leaving the management of passwords to a password management software has some weaknesses.
Because passwords are centrally managed and are protected under one application, a hacker that succeeds in bypassing the password manager’s master password gains access to multiple accounts. This poses a huge risk to an organization and leaves many persons asking, “Should I use a password manager?”
The reservations people have about using password managers in their companies are not unfounded. Below are some reasons that might make you reconsider using a password manager in your company.
1. Password Managers Are The Holy Grail For Hackers
Some well-known password managers such as OneLogin and Lastpass, have been successfully attacked before. Both companies have since then updated their applications but that does not guarantee full protection in the future since hackers also upgrade their skills and aggressiveness.
2. Experts Say Password Managers Have Serious Flaws
According to an article published on the Washington post, a recent study revealed flaws in some well known password manager applications. The applications leave the stored passwords exposed in the computer’s memory when left in locked mode.
3. Your Settings Might Leave You Vulnerable
Some password managers have many customization features, which make using them easier, but the customization features can also leave you exposed.
For instance, the autofill password feature can allow an unauthorized person to access some of your accounts so long as they have the master password.
While such a feature is good and eliminates the need to type in the password every time you want to log in, it can leave your accounts exposed.
4. Open you up to remote attacks
If your company uses a cloud-based password manager, it exposes you to greater risk through remote attacks that can happen without the hacker accessing your office premises.
A desktop-based password manager can only be accessed from within the company’s premises. In the unlikely event that a hacker accesses the desktop password manager and manages to bypass it, they gain access to multiple accounts.
5. Require more frequent updates
In a bid to curb the ever-growing risks from hackers, companies that provide password management software keep making updates and patches to their products. This means you should also keep your systems up to date for maximum protection.
As a result, keeping up with the software updates and security patches adds more tasks and consumes more time. Failure to perform the updates for your password manager exposes your system.
Never compromise security
for convenience, choose both!
Don’t become lulled into a false sense of security
Although password managers are a good choice when you want to enhance the security of your accounts, they also come with some problems as listed in the above section. After reading the shortcomings, you must be asking yourself, “Should I use a password manager?” We think not.
There are better approaches that work just as well. One approach involves using single sign-on technology, which authenticates a user once and grants them access to multiple accounts. This eliminates the need of having a different password for each account.
Another approach that companies can implement to replace password managers is using multi-factor authentication procedures. In this, users log in to their accounts by confirming their identity using a couple of ways that do not involve typing in a password.
The most popular multifactor authentication methods are SMS tokens, Phone calls, Email tokens, and Software tokens.
Our Security Software solutions
At Teamstack, we have state of the art software solutions that can help your organization manage login credentials and passwords.
Our Single-sign-on and multifactor authentication systems provide a convenient way for users of a computer system to log in and access vital data and applications.