Are You Using a Password Manager?

NetgainCybersecurity & Compliance, Financial IT, Healthcare IT

How many passwords do you have? They have become essential for many websites that we login to, change often and can be hard to keep straight. Although passwords can feel like an inconvenience, they’re critical to protecting your personal information, and the security of your patients’ information.

Cybersecurity breaches are on the rise. In 2015 alone, five of the eight largest healthcare cybersecurity breaches since 2010 occurred, according to IBM X-Force’s 2016 Cyber Security Intelligence Index. To recognize the importance of cybersecurity, President Barack Obama designated October as National Cyber Security Awareness Month. Passwords are only a piece of the puzzle in keeping us safe online, but a very important piece. Here are answers to four questions that you might be asking about passwords.

1. Why do I need to change my passwords so often?
While changing your password does not make any chosen password more secure, what it does provide is confidence that no one else in the world knows your password. As time goes on, your password has a greater chance of being compromised. This is simply because hackers are working all day every day to gain access to sensitive systems.

Changing your password also gives security teams the opportunity to look into hackers who are trying to login using old passwords. The hacker is unaware that the password changed but after attempting to login with the old password, failed login alerts will occur and your security team can do further investigation.

2. Why am I supposed to use different password on every website?
When we register on websites, we trust that they will keep the password we give them secure and protect it from any malicious use. While most websites take precautionary measure to protect their website, some do get compromised and the password may be compromised as well. In a perfect world, you would be notified if your password is compromised but in some cases you may not be informed, or the website may not even know it happened. When criminals are able to gain access to a password, they will try to use the password on other sites. If different passwords are used for each website you use, a compromised password only provides access to that single website while keeping your account on other websites you’re registered on secure.

3. How can I possibly use different passwords on every website?
The best way to use different passwords on every website is to have a computer help you. One very functional way to do this is to use modern password managers. Password managers can run on your phone and computers and can stay synchronized so that your passwords are available on all of your trusted devices. Hackers have computers helping them find your password, we need computers to help us hide our passwords.

4. What password manager should I use?
Here are a few password managers to consider to keep your personal information secure:

1Password
At $3-$5 per month or $65 one-time license, this is not the cheapest option. I personally use this one. Although more expensive, I do believe that you get what you pay for and when it comes to securing my passwords, I want a high level of confidence that everything that can be done is done. If a product is free, the consumer is the product, and that’s concerning when it comes to security.

Notable features include synchronizing between devices and a watchtower, which alerts you if any of your accounts are to websites that have been compromised.

F-Secure Key
This mobile app is free and quite good. F-Secure Key also has a desktop application. The free version does not support synchronization, so most people will need the $16 per year version. F-Secure is a well-known and trusted malware protection company based in Finland. The company’s Chief Research Officer, Mikko Hypponen, has presented several TED talks and been interviewed around the world.

LastPass
At $1 per month, this is a cheap option that has been popular. LastPass did suffer a breach of their systems in 2015 and as a result released details on how they secure passwords. Their explanation provides an incredibly high confidence that they do everything that can be done. LastPass stores passwords in their datacenter and this is the primary reason why I do not use LastPass. Storing passwords in a datacenter creates a single target that many hackers would love to breach.

The rise in security breaches is making tools like password managers commonplace. Choose a manager from a reputable company and start with the most critical accounts, which includes anything that could damage you financially and your email account password. Many sites will send a password reset link to your email so if a hacker takes control of your email account, they can reset the password to other accounts making it important to take extra precaution when creating your email passwords.

Remember, hackers have computers helping them find your password, we need computers to help us hide our passwords. We need to start using unique, strong passwords for every account.