Cybersecurity Blog

Password managers the secret weapon against cybercrime – 09/01/22

 

 

Passwords, they are our saviors keeping our data safe while at the same time they are our oppressors clogging our brains and stressing us out. We know we should have long, complicated passwords and that we shouldn’t reuse them. However, who has the time to be that creative every time you sign up for a new service, never mind being able to memorize them all? It isn’t surprising that password reuse is as common as grilled cheese.

Attackers know that, which is why credential stuffing is one of their favorite attack methods. It takes little skill and effort. Just go on the dark web and find a list of stolen credentials, plug them into a software program and let it run. After a few minutes you have a whole list of websites that you can login to hassle free. You don’t even have to buy stolen credentials anymore.  Over a hundred of them are just sitting there, free for the taking.

Thankfully there is a way to have long, strong unique passwords for every service without losing your mind. This magical tool even logs in for you, saving you valuable time and effort.  The best part is you only have to create and remember one password. Yup, only one, the one to gain access to the tool. After that, this gift from the Gods creates passwords for you. They are long, complicated monsters that would take years to brute force hack. They would be impossible for a human mind to remember, but this genius of an application does it for you.

What is this mythical piece of software? It is a password manager. In the past they have been known for their ability to effortlessly store passwords, however their other skills are largely unknown. They are your secret weapon against credential stuffing.

There are many, many types of password managers. On workstations across campus you can find KeePass. While functional, it doesn’t look very user friendly and it strikes terror into the hearts of most. All it takes to tame the beast is a quick training session. However, for those less adventurous there are alternatives. The one we recommend is Bitwarden. It uses a browser extension to enable functionality and offers a full range of features for free.

If you aren’t sure if Bitwarden is for you, PC magazine does a great job of reviewing the most popular password managers every year. All of them allow you to use them for free for at least a week before you buy. I suggest picking three and trying them out one at at time. It works best if you only enter your login credentials for your most used services. That way you don’t invest a lot of time into a tool that you decide you don’t want to use later on.

Which password manager is the best? The one that you use. Each one has it’s own quirks and features. Some you may like, others you may not. If you don’t use the tool, then it isn’t the right one for you. That is why I recommend giving a few of them a try. Ideally you want to find one that fits in so seamlessly with your work that you barely notice it is there.

Leave a Reply

Your email address will not be published. Required fields are marked *