Everyone needs a password manager. It is the only way to come up with unique and difficult to guessed accounting data for the site on which the employees constantly perform millions of operations. So, what are the best password management practices?
What is a password policy, and why use it?
In recent years, many companies have implemented the functions of multifactorial authentication, such as using a password and a unique code sent on a mobile phone to protect access to critical accounts. In addition, many companies, especially in the financial services industry, support the use of markers and other methods to generate and distribute random disposable passwords, which will be used in combination with static passwords.
Users are increasingly concerned about their security, and a suitable password should be the first line of defense. Obviously, not everyone is the same, and they can be more or less safe. The need to use password managers is directly related to the complexity of memorizing numerous logins and passwords for various websites. Naturally, password managers can increase the level of security, as they allow the use of a large number of different identifiers and passwords. Thus, the user can generate many users’ names and, thus, complicate the guessing process for the attacker.
The critical point here is that the user must trust the application’s role (safe storage, processing, and redirection of data to an authorized node). Password managers are not a panacea, although they enhance safety and increase the bar for the attacker by using the user interface to process environments requiring authentication. Users and companies should ensure that password management systems are correctly implemented and used, taking into account possible risk factors.
The best practices for password management
The most crucial step toward protecting passwords is to ensure their diversity. Politics should allow creating many different passwords that are difficult to guess. Below there are 10 standard practices for password management that will help protect the organization:
- Use different passwords for different sites;
- Use password managers;
- Consider the blacklist of common passwords;
- Passwords should be difficult, and you can increase the complexity stronger by increasing the length of the password;
- Do not use personal data when creating the password itself, hints to it, control issues for recovery;
- Use two-stage authentication where it is possible;
- Review the password policy regularly;
- If possible, do not use your passwords on other people’s computers (if necessary, do it in the “incognito mode” of the browser, or even better, type from the screen keyboard), in public open Wi-Fi networks, especially if there is no encryption of HTTPS when connecting to the site;
- The password should consist of a significant number of characters. The most common restriction today is eight characters;
- Do not store passwords on a computer or online.
Where to store passwords?
Perhaps there is probably no correct approach to creating passwords: in various ways, there are advantages and disadvantages (related to the ability to remember it, reliability, and other parameters). In addition, complex, unique passwords for each site are excellent, but how to store them? It is unlikely that all these passwords will be able to keep in mind. Storage of saved passwords in a browser is risky; they not only become more vulnerable to unauthorized access but can be lost in case of system failures and if synchronization is turned off, which is accessed using one master parole (you can additionally include two-factor authentication).