Keep your data close and your passwords closer

With Data Privacy Day fast approaching, you can pretty much count on getting bombarded with lists of ways you can step up your game.

First, a quick recap of Data Privacy Day: Data Privacy Day (also known as Data Protection Day) is an annual international event held on 28 January. Data Privacy Day aims to raise awareness and promote best practices for privacy and data protection, so it’s a good thing for everyone but the bad guys!

We wrote this pretty great blog on the same subject last year – along with a list of actionable steps you can take to protect your data and reputation. But if it’s all looking a bit overwhelming, we suggest breaking that list into bite-sized chunks (much like eating an elephant) and starting with password management.

In this day and age, you’d think we’d be all over password management like a rash. But no, we’re not. There’s no shortage of industry research and stats to prove our point, so let’s have a look:

Around 49% of all data breaches involve compromised passwords. And sadly, we only have ourselves to blame.

We all know that managing passwords is a pain, especially since most of us have an average of 250 sites, accounts, and apps that require passwords to gain entry.

So, what are your options, and where do you start?

Implementing a password manager is an easy and affordable way to boost your data privacy strategy significantly – but you need to choose a reputable provider.

Let’s have a look at two of the most used password management solutions, LastPass and Google Password Manager (we’ll use Google for short from here on in), and discuss which one has the edge.

Both solutions use encryption to secure your passwords. Likewise, both also offer additional authentication. Google lets you set up device-based authentication when you’re auto-filling passwords, while LastPass offers MFA with options including SMS, one-time passwords, biometric data (fingerprints) for passwordless login, and push notifications. Note: LastPass supports 2FA, while Google offers limited 2FA support.

Importantly, LastPass is what’s called a zero-knowledge password manager, so it only stores your data in an encrypted form – and it doesn’t store your master key (the password that unlocks access to all your other passwords!) at all. This means LastPass can never access your data.

Google offers two ways to encrypt your data. 1. Standard encryption for data in transit and while stored on Google servers. The key used to decrypt your data is securely stored in your Google account. 2. On-device encryption – where your data is encrypted on your laptop, phone, etc., using your Google password or screen lock. It’s important to note that because Google Password Manager is (obviously) linked to your Google account, there are far more opportunities for account breaches.

Obviously, this is of prime interest to those concerned about their teams reusing their passwords or choosing the default 123456.

The good news is that both Google and LastPass can generate complex and unique passwords – so you don’t have to. Each solution will let you know if your password isn’t up to scratch (weak or strong) or has been exposed in a data breach, and offers an authenticator app to generate one-time passwords. What’s important to note, though, is that LastPass lets you set your own password parameters (such as difficulty, length, and more), whereas Google uses a DIY approach.

Additionally, they both save your login credentials (no limits to how many) and automatically fill in the details on your behalf when you’re logging in – a useful defence against keyloggers and phishing attacks.

You can add secure notes to your saved passwords in Google and in your secure LastPass vault (think credit card details, passport numbers, etc.).

Unlike Google, LastPass (the paid version) allows you to share passwords with trusted individuals and securely control access permissions.

This is where the overall similarities start to disappear – especially if you aren’t committed to using Chrome.

Google Password Manager works on Chrome, Android, and ChromeOS (but will work on other platforms if you’re signed into Chrome). LastPass works on Windows, macOS, Linux, iOS, Android, Chrome, Firefox, Safari, and Edge so that you can use it on your Apple devices.

Lastly, LastPass offers browser extensions for all major browsers, while Google is Chrome-focused.

If you use Chrome, then Google Password Manager is free. While LastPass offers a free version (fine for personal use), its paid plan is where it’s at for businesses.

As you’d expect, what you pay determines how much support you get. LastPass offers dedicated support, while if you need help with Google Password Manager, you’ll find yourself mainly reliant on community forums and online self-help instructions.

If you’re all about ease of use and convenience (not to mention free), then we reckon Google Password Manager might be enough for you.

But if you want to take a professional approach to protecting your employees and data, we believe an advanced, feature-rich, secure, and flexible business solution like LastPass is the answer.

Regardless of which you choose, there are a couple of things to note:

1. Nothing but education can help you when it comes to stopping employees from writing passwords on Post-it notes!
2. Likewise, the criminals are only getting smarter and slicker, so it takes ongoing training to ensure your team doesn’t fall for phishing attempts aimed at harvesting master passwords.
3. Times have changed. If you and your team aren’t using passphrases instead of passwords by now, you’re making life harder than it needs to be. Afterall, which is easier to remember (but harder for a brute force attack to break): D734KJv3*& or “Aunty Alice makes great Xmas pavlova”? (And yes, you can have spaces in your passphrase!)

If you’d like to chew over LastPass password management (and other data privacy measures), give us a call.