Toro-Blog-listing

Password Managers - It's time to take control

Written by Connor Conlan-Coke - Cyber Security Consultant | May 27, 2024 4:00:00 PM


We’ve all been there. That moment where a puff of the cheeks and roll of the eyes occurs. Nope, I’m not talking about rush hour traffic but that your password has expired.... Or, even better, your screen is telling you that you have entered the wrong password. It used to drive me up the wall. Think about it. How many online accounts do you actually have… Let’s chalk off the obvious ones. Email and social media accounts. There's a steady conservative 5. Now let’s add on all the household accounts such as utilities, council tax, insurances. I’m on 10 at least already. Now the floodgates are open, your travel, music, banking, shopping accounts. That’s just the tip of the iceberg. Don’t forget about the countless accounts you’ve created and only used once that now lie dormant. In fact, according to NordPass each person has an average of 100 online accounts. 

Now unless you have a unique photographic memory which allows you to remember a wide range of complex passwords then you’re going to have a dilemma. How do you possibly remember 100 sets of credentials? Well, let’s work through it. You’ve got the conventional method. Trial and error. Type in your go to email and password. If that fails, then it’s a password reset through your email client. A long-winded process that inevitably ends up with you typing in a variant of your old password in, which you’ll no doubt forget the next time, leaving you on the merry go round. Then there’s the old school methods of writing them down on sticky notes or saving them in spreadsheets. Again, time consuming, lacking in efficiency and most importantly security, creating vulnerabilities - something malicious threat actors thrive on in the digital space.  

What’s the fuss? Well, the issue comes with data breaches. Like the tide on a seawall, malicious online threat actors are continuously attempting to breach it. Occasionally they do and out spills a wave of personal information. Your credentials could be tucked up within it. Don’t believe me? Head over to www.haveibeenpwned.com after reading this blog to find out for yourself. Now if you’re one of the many who uses the same password for numerous accounts, can you see a problem? I do. You know that breach I just mentioned that potentially has your credentials within. What’s the chance the same set of credentials works on other platforms? Your email, social media, your cloud storage containing all your personal files and photos. All for grabs. The solution, a different password for every account.  

But how – A password manager. The first of which was created by Bruce Schneier back in 1997. Now since then password managers have come on a little however the concept is still the very much the same. A singular secure location where all of your personal information can be stored and accessed anywhere at any time as long as you have power on your device. Password managers not only store your credentials but actually generate secure passwords even when signing up to new accounts. Other added benefits include automatically populating your credential fields and notifying you if any of your online platforms have been breached, resulting in your personal information being leaked on the dark web. 

The trade-off – Now for those keen-eyed readers you will have noticed one key flaw with a password manager. A single point of failure. Either your master password to gain access is compromised or the actual password manager itself suffers a data breach. A scary thought. However, although this has happened in the past the likelihood is minimal with reputable password managers, and certainly much lower than the risk of reusing the same password everywhere. After all it is their sole purpose to be a goliath of a sea wall. As for the confidentiality of your own master password, that’s all on you. However, I’m sure you’ve got that covered. 

The truth – The fact of the matter is the pros vastly outweigh the cons. Impersonating and using other people’s credentials is the main avenue to online fraud and if you’re on the traditional, old-school method of password storage you’re the lowest hanging fruit in the tree. As with any good service you’ll have to pay however there are free options available from the household names, but you will lose certain added benefits. All in all, incorporating a free or even better, subscribed password manager into your life will vastly improve your cyber hygiene and you’ll find yourself perched on the top branch away from the threat that’s hunting below. Stay ahead of the game. Take control of your security, incorporate a password manager into your life, and avoid being easy pickings. Stay safe.