In the digital age, we store everything from photos of families, invoices and financial documents, to our login details to every service we utilizing, on a PC or smartphone, right? So, it is little question why security is a subject upon everyone’s lips. The security game keeps changing, but in 2016/7 a new crave hit my fancy, password managers.
The whole premise of a password manager is to store a key and username for accounts in an encrypted database, allowing the use of a master password to retrieve the credentials upon request – nifty.
Storing a local database that houses both the username and password to a multitide of accounts? Sounds risky, right? Not if you use the right methodology (or, tool)! There are a large array of posts about “should you trust password managers“, and I tend to be concerned about the security surrounding the product as well, but let me tell you the 5 key benefits to implementing a password manager as one solution to your security, that make it worth while:
- Being able to use unique passwords per service reduces the risk of cross-service exposure should your password be leaked;
- Being able to generate “strong” passwords based on requirements allows for a more randomized and secure approach to accounts;
- Being able to ensure your passwords are stored in a centralized encrypted database, as compared to “passwords.txt”;
- Allowing restricted access to your personal data (such as licenses, two-step codes etc.) in a restricted application amplifies security and;
- Prevents you from forgetting passwords (and therefore, making easy-to-remember passwords, or repeating them cross-site)
Now, I would consider password managers as one layer to password security. When implementing a secure process for storing logins, one can never be too careful. For example, to ensure the integrity of my data stays secure (or at least, more secure), I implement the following approach to my digital accounts:
- I use 1Password to store my usernames to services, with the password field being a reference;
- I use EnpassIO to reference the password codename to the actual password and;
- I use Google Authenticator to provide a 2-Step Authentication approach.
This ensures that without access to both databases, there is no ability to compromise my accounts – the master passwords to both are unique and not recreated for any other service.
So, by relying on 3 unique services to all work in cohesion with one another for access to my accounts, I have improved the security layers surrounding my accounts. It is, however, worth mentioning that implementing 2-Step Authentication adds another layer of complexity to the account process. We will post more about two-step authentication in future posts.