Why not having a password manager is so passe

Did you know that the average Joe Blow has 100 passwords? No wonder people resort to using the same one or the good old password123 as an option. Other overused favourites include:

Here are a few more concerning stats:

These are all excellent reasons why trying to remember your password should be a thing of the past, along with that post-it note on your monitor (ditto with an electronic file with your passwords saved).

So, what is the solution? With everyone relying on increasing numbers of applications for work and personal use and applications asking you to enter longer and more complex passwords (think capital letters, numbers and symbols), it is understandable that you can no longer rattle them off like your crush’s phone number in the 90s.

The answer (hopefully, you have guessed by now) is to use a password manager.

There are a lot of password managers out there in the market, which can make it overwhelming to select the best service for your organisation. However, there are some primary features which are worth considering when comparing the options, as follows:

We use LastPass, which offers a long list of features and functionality, including SMS account recovery, weak or duplicate password alerts, a secure password generator and multi-platform support. We set up client accounts with a federated log-in, which connects your password manager to your Identity Provider, making it harder for hackers to access your information but enabling you to access your O365 and Lastpass accounts simultaneously.

While the Lastpass breach last year understandably raised some concerns (you can read more about that here), as long as you or your Managed Service Provider uses best practices, your applications will remain safe and secure.

If you aren’t a techie, this might not be something you frequently think about beyond “Wow, that seems like a lot of characters; I am never going to be able to remember that.”

If you have ever wondered why passwords seem to be getting progressively longer and longer, let’s do some quick math equations. If you use a six-letter password consisting only of lowercase letters, there are six possibilities for each letter or 26 x 26 x 26 x 26 x 26 x 26 = 308,915,776 possibilities. Let’s compare this to a password that consists of 12 characters and includes uppercase letters, digits and symbols. The number of possibilities expands to 19,408,409,961,765,342,806,016.

While the first number might seem impossibly large, we need to remember that computer processing power and speed are increasing all the time, and our goal is to make passwords impractical for a hacker to uncover. Suppose you shift from a six-character lowercase password to a 12-character password with uppercase letters, digits and symbols. In that case, it takes a computer 62 trillion times longer to run through the possible combinations. You can read more about the mathematics behind password length and complexity here.

The other question that we hear a lot is around why you can’t just use your browser password manager or similar. The obvious advantage of using Google or MacOS password management systems is convenience. Whether you are an Android user or an Apple user, you are sure to have received a bunch of prompts asking you whether you want to save your password. It is easy, requires minimal setup, and will sync across multiple devices.

The biggest downside? You are putting all your eggs in one basket. Using either of these options (or any other browser password manager on the market) creates a single point of failure, so if a hacker compromises one account, they can access them all. It might not be quite as risky as qwerty123, but it is far less secure than a quality password manager.

If you still rely on a good old Post-it note or the same password across your 100 or so applications, take this as a prompt to take a big step towards being more cyber secure and jump on the password manager bandwagon. You won’t regret it.