If you’ve spent any amount of time in the financial industry, you’re probably familiar with the dos and don’ts of passwords:
- Use various upper-case and lower-case letters.
- Make sure it is at least eight or more characters in length.
- Include special characters.
- Create strong, hard-to-guess passwords.
- Although, this DO is relative because how do you know your password is strong without asking someone; and, yet, sharing it defeats the purpose of it being a strong, hard-to-guess password because someone knows it. It’s the Schrödinger's cat of passwords. But I digress.
- Reuse passwords.
- Use common passwords, like “password.”
- Make your password your kids’ or pets’ names.
- Keep your password written down in an easy-to-access area.
These lists could go on and on because there are so many rules and regulations surrounding passwords. In fact, recent guidelines recommend eliminating passwords altogether and using other ways to authenticate systems and applications. While technology has made great advancements in the area of authentication, we still have passwords.
So, when the time comes to update your passwords (best practice is around every 90 days), I understand that it can be frustrating, attempting to adhere to all the rules and regulations. Not to mention, taking into consideration how many different accounts you may have because using the same password across multiple accounts isn’t secure. Even as an information security professional, I get it. It’s a lot, especially when the time comes to actually remember all of your long, complicated, unique passwords. However, there are tools out there that can help. One in particular is password managers.
Before we get into why you should invest in using a password manager, let’s discuss what a password manager actually entails.
What is a password manager?
A password manager is a system or tool that creates a string of random characters, symbols and numbers in order to generate a strong and unique password. (Think: uE08hE7jf!HW@li48$). It also stores those passwords and other login information for you securely, so when you go to access a site that you have recently signed into with the password manager, it will autofill your username and password for you.
Why is a password manager worth the investment?
Well, I’m glad you asked. Some might say I’m biased because I’m a security professional who uses a password manager. But they really are worth the investment, and not only from a security perspective, but also from a convenience perspective. Let’s talk about it.
1. It can keep all of your passwords stored for you in one place.
Let’s face it, we all have so many different systems that we log into now. We have social media, email, banking, utilities, health care, shopping, etc. that all require us to develop a username and password to log in. That’s not including your work systems — email, core system, wires platforms, etc. Trying to create strong, unique, long passwords/passphrases for all of your accounts without reusing passwords or using passwords across multiple accounts is nearly impossible. That’s the beauty of a password manager. All of your unique passwords can be held securely in a password management system, and to make it even better, you’ll only have to remember ONE password – the password to log in to the system.
2. It increases the strength of your passwords.
Since password managers can create a password for you, using a random string of numbers, symbols, upper-case and lower-case letters, you can feel secure in knowing that you have unique, hard-to-crack passwords across multiple accounts. Depending on the password management system you use, it may also tell you if your current password is strong enough, which helps you avoid the Schrödinger's cat dilemma that I mentioned earlier. That, in and of itself, is a win in my book.
3. It can help protect you from phishing attempts.
Using the same password for multiple accounts, reusing old passwords, never changing your password and even creating weak passwords (i.e., your kids’ names, your pets’ names, the make and model of your first car or worse “password”), all can open you up to potentially being hacked by a bad actor. Another way bad actors can retrieve your information is through phishing attempts.
For example, say you received an email with a bad link and without thinking, you click on the link and fill out your login information only to realize that you just gave your credentials to a bad actor. That could certainly turn your day around for the worse.
Now, let’s rewind that situation and assume you’re using a password manager: Say you received an email with a bad link and without thinking, you click on the link. If your password management system is equipped with certain features, once you go to the link, it will recognize that something is wrong with the website and that it’s not the normal website you typically login to. With this knowledge, it won’t autofill your information, saving you from providing bad actors with your credentials.
4. It makes logging onto sites easier.
How many times have you had to go searching for your credentials to log onto a site? Maybe you have them stored in a secure document. Hopefully you don’t have them stored in your cell phone or written down on a piece of paper near your desk, but maybe you do. Whatever the case may be, it takes time to hunt down those credentials and use them to login. And have you ever finally found your login information and typed it in, only to realize you had the caps lock on? It’s frustrating and not very efficient.
However, with a password manager, the system can automatically fill out the information for you for multiple sites. And, if you have security questions, — like you should — some managers can store and fill those out for you too. Gone will be the days where you have to ask yourself “what’s my password again”? Plus, when it’s time to update your passwords, you won’t have to worry about remembering them. Utilizing a password manager really does make your logging in experience a lot easier.
There are quite a few reasons why a password manager is worth the investment, besides the examples I’ve provided above. In this day and technological age, staying cyber safe is critical. And since it’s Cybersecurity Awareness Month, I encourage everyone to do a deep dive into the different password manager options and find one that works best for you. Some options will provide you with a free trial so you can see how it works and what the benefits would be of using it to store your passwords.
I also recommend encouraging your credit union employees to utilize a password manager as well, since it is their credentials that safeguard your members’ personal, sensitive information. Stay cyber safe this month by going the extra step to protect your accounts by saving your passwords in a password manager. It really is worth the investment.
John Cuneo is the VP of information security at Vizo Financial. With over 10 years of information technology experience, Mr. Cuneo is well-versed in conducting information system risk assessments, providing security awareness training and analyzing security controls and reports.