What is a password manager?

A password manager helps users create unique and complex passwords and store them in an encrypted fashion, meaning each website, application, or program that needs login information can use a more secure string of characters, letters, and symbols. Users don’t have to remember multiple sophisticated logins, and this sets high standards of passcode complexity, giving each sign-in unique and optimal security. The user has one single, more simple login (or uses facial or fingerprint recognition) to gain entry to all their stored passwords.

It is possible to save passwords in your browser, which might seem like enough for the purposes of recall, but this isn’t ideal across multiple devices, and users may be sacrificing security. Password managers are invaluable in today’s digital security landscape, where we have logins on various devices – such as a Windows laptop, an OS mobile, online logins through browsers, on a tablet, or via a Linux desktop. They mean we only need to remember one password for everything – safely.

What is an account takeover attack?

Secure and complex passwords are needed to fight against the ongoing surge in account takeover attacks. Account Takeover (or ATO) is a type of attack where cybercriminals attempt to take control of online accounts by making use of stolen email addresses, username, and password combinations.

These are invariably sourced through phishing attacks (fraudulent messages designed to trick users into revealing sensitive information or to deploy the likes of malware), social engineering (manipulating users into revealing confidential information), or data breaches (security hacks and data leaks, where confidential information is directly copied or stolen). They are then sold in batches on the dark web, where they can be bought by cybercriminals for only pennies and cents. Cybercriminals then use this data to access accounts and buy goods, buy gift cards, steal personal information and digital assets like social media handles or URLs, or to steal currency.

A gift for cybercriminals

Password reuse is a gift to cybercriminals attempting account takeover. Whenever a password is reused, it gives a bad actor the opportunity to gain easy entry to a user’s other accounts and services, by using automated software to try that compromised password and username combination across thousands of other websites until they get the result they’re looking for. It’s also likely an account breach will be across multiple accounts, wherever the breached password details have been used.

Most people only use a handful of passwords, and if one account is breached or compromised this makes their other accounts each-pickings for black hat hackers. Different and complex passwords are important for everyone – individual users, businesses, family groups, everyone – in the fight against online fraud and the recent growth of ATO attacks. Using password managers makes it much easier to have varying passwords and optimal password configurations.

Password managers recommendations

There are quite a few password managers out there, but (having asked our helpdesk team for personal recommendations) here are a few we use ourselves.

Bitwarden is free, open source, and secure. It’s a great starting point, very user-friendly, and the perfect choice for anyone who doesn’t need all the extra bells and whistles of paid services. There’s also a paid version for family groups, meaning everyone has access to those elusive Netflix, Disney+, and Spotify logins.

1Password has a tonne of extras and is a paid-for service (only $3 pcm). It alerts users when passwords are weak or if they have been compromised and works in all operating systems and on all devices with web browser plugins. 1Password also has a group version, pro version, plus lots of extra features.

NordPass is another paid service, from the same team that brought us the world-renowned NordVPN. It also offers and family and business package, with all the features of 1Password, including a limited-feature free version.

The inconvenience and stress caused by breached passwords and hacked accounts aren’t worth it. Password managers are invaluable and, in this day and age, necessary in the quest to keep our digital assets safe. For a small investment and a little time in retrospectively setting a few new and better passwords, you can be far more secure and have the peace of mind of knowing your details are markedly safer against one of the biggest cybercrime attack vectors.

The post Why we all Need a Password Manager appeared first on Blog.

*** This is a Security Bloggers Network syndicated blog from Blog authored by Nik Hewitt. Read the original post at: https://www.imperva.com/blog/why-we-all-need-a-password-manager/