Password manager apps: Why you could be a “hacker’s dream” without one!
Cloud computing and web-based apps have undoubtedly improved business efficiency. But once you and your team start using various online apps, one aspect quickly becomes inefficient (not to mention downright annoying): having to repeatedly enter usernames and passwords to log in.
It’s bad enough having to enter a multitude of login credentials when you first open the apps each morning. But many apps automatically log you out if you haven’t been using them for a few minutes. And while it’s a nice security feature, it means you have to repeat the entire process whenever you take a breather.
Wouldn’t it be great if a ‘master control’ app could automatically enter your username and password whenever an app asked for them? Of course, you’d have to log into the master control app first, and that login process would have to be very secure. But just imagine how much time and frustration it could save.
The good news is that, to quote an all-too-familiar phrase, “There’s an app for that”. In fact, there are quite a few password manager apps available.
And you really should be using one.
Why you shouldn’t enter your passwords any other way
“But I don’t need a password manager app,” you say. “I use the same username and password for all my logins, so it’s pretty easy to remember.”
Congratulations. You have become what’s known in the online world as “a hacker’s dream”.
Why? Because once a hacker figures out your username and password on one site, they can use the same username and password to access every other site you use. And before you assume they couldn’t possibly know the other online sites you use, they can run a program that tries your username and password on hundreds—if not thousands—of sites in a matter of minutes. It’s not a question of whether they’ll find those other sites. It’s only a question of when.
“But it’s more convenient doing it this way,” you might say.
Sure it is. For now. But you may think differently when every online system you use—online banking, email, social media, etc.—has been compromised.
Even if you discover the security breach straight away, it can still take months—if not years—to recover. You could lose your savings, your business, or even your identity.
But there’s no point creating different usernames and passwords for each site if you’re just going to put them on sticky notes. Whether it’s a physical one on your whiteboard or an electronic one in your computer, they’re still incredibly easy to find and use without your knowledge.
How about storing them in a note-taking app such as Evernote or OneNote? Without any form of encryption, these apps aren’t much better than the sticky note app on your computer.
And for goodness sake, don’t email them to yourself so you can use a keyword search to find them. Not only will they be stored without any encryption, your email can easily be intercepted and read.
So, unless you have a perfect memory and can type incredibly fast, the only real solution to having unique, secure passwords is to use a password manager app.
Here are six reasons you should use a password manager app.
- You’ll no longer be “a hacker’s dream”. With password managers you only need to remember the username and password for the app. Then, whenever you access a secure website, it will look up the username and password you created for the site (which are securely stored online) and enter them automatically.Because you don’t need to remember them all you can use a different username and password for each site, which is far more secure than using the same one for them all.And if someone gets access to one of the sites you use, they still won’t be able to access any others.
- You can use more secure passwords. The most secure passwords use a combination of upper- and lower-case letters, numbers and special characters. But when you have to remember them (and type them in over and over again), it’s tempting to use simple passwords that are less secure.With a password manager, you can make them as long and complex as you want because it’s the password manager app that remembers them all and types them in for you. It can even create new passwords automatically, such as “Sp?45AqG&&l6p#BzK”.These random, nonsensical passwords are far more secure than the names of your pets, family members, favourite movie or other commonly used passwords. And the chances of hackers guessing your password, even with the software they use to generate them automatically, is extremely low.All you need to do is choose a strong password for your password manager.
- Your login details will be encrypted. If you’re worried whoever created the password manager will have access to all your usernames and passwords, relax. All of your information is encrypted (scrambled), and only the strong password you use to log in can decrypt (descramble) that information. It’s the same level of security used with Internet banking, and a lot more secure than sticky notes.
- You can use two-factor authentication for even better security. Let’s say someone works out the username and password you use for a website. That means they can log onto the site, enter your details and they’re in, right?Not if you’ve set up two-factor authentication. Instead they’ll be asked to provide another piece of information only you can provide. It could be a random code to your mobile number via SMS, or one only your phone can generate. It may even ask for your fingerprint via your smartphone.And without that other bit of information, they won’t get access.Two-factor authentication can be used not only on websites, but also the password manager itself. And while some people find the extra step inconvenient, it’s an added layer of security that’s well worth considering.
- You can share passwords more securely. Let’s say you need to give a staff member or contractor access to financial or other sensitive data (a common scenario when working with freelancers and remote workers). One option would be to give them a username and password, which they would enter to access the information. But what’s stopping them from writing them on a sticky note, or emailing the details to themselves (or worse, someone else)?With a password manager you can set them up with a password that is never revealed to them. It will log them in, but they never see what it is, and therefore can’t share it or even write it down.
- You can revoke a person’s passwords instantly. When people leave your organisation for whatever reason, you need to make sure they can no longer access your information. If they’ve written their passwords down somewhere you have no choice but to manually change or remove the password on every system they had access to.But with a password manager you can revoke all of their logins easily—and instantly.
Which password manager should you choose?
As mentioned earlier, there are quite a few password manager apps and services now available. And while their features, quality of security provided and ease of use may vary, they all offer similar benefits.
Some of the more popular password managers include:
The best choice for business use is a password manager such as LastPass Enterprise, which lets you set up users and teams based on your own organisation. You can then grant and revoke login access to those users and teams as necessary.
LastPass also has a Free plan (for use on one device) and a Premium plan that syncs your login details across all your devices.
And of course, you can use password managers for your own personal logins as well. You’ll get the same benefits as you do in your business, but at a fraction of the cost. (Most password manager services offer free ‘personal’ accounts.)
In either case, you’ll need to spend a bit of time setting everything up. But here are five ways a password manager will save you time in the long run.
- You’ll save time logging in: Imagine logging into your computer first thing in the morning, grabbing a coffee, and coming back with all your web apps open and you logged into every one of them.That’s what a password manager can do for you. It can open each web app and log you in without you needing to enter a single password (or even remember one).And once you experience it for yourself, you’ll wonder how you ever lived without it.
- You’ll save time logging in after being inactive. As mentioned earlier, a lot of web apps log you out automatically when you haven’t used them for a while. It’s good for security, but not much fun when you have to keep logging in.But with a password manager, you can be logged in again with just a couple of clicks. No usernames or passwords to type in. You may not even need to click the Submit button. It can do it all for you.
- You’ll save time providing usernames and passwords to new team members: Depending on your type of business, a new team member may need dozens of logins. Setting them all up is not only tedious, but also a waste of time.But with a password manager you can put logins to all the necessary sites in a folder and then give the team member access to every site in that folder in one step.
- You’ll save time completing web forms: Completing a web form to attend an event, download an ebook or purchase a product can be time-consuming (not to mention tedious). Most password managers let you create form profiles so you enter your details (such as credit card information and postal addresses) in seconds rather than minutes.
- You’ll be able to log in from other devices: Ever needed to log in to a web app at home or while travelling only to realise the passwords you need are stored on your computer at work?Most password managers let you sync your login details across multiple devices, and even access them online, which means as long as you have your smartphone or access to the Internet you’ll be able to log into those web apps.
How to get started with a password manager
If you love evaluating apps and technology, check out the apps mentioned earlier and see which one best fits your needs.
But if you want to start using a password manager straight away, choose LastPass. It lets you have a Free or Premium plan for your personal accounts and an Enterprise plan for your business. You can even link your personal and business LastPass accounts so all your logins are in your own LastPass view. This saves you having to log in and out of separate LastPass accounts whenever you need to switch from a business-related web app to a personal one.
And don’t worry. Even when you link your personal and business LastPass accounts, team members using your LastPass Enterprise account still won’t be able to see or access your personal logins.
It really is the perfect combination.
Having been in the tech industry for over 14 years, Angie has seen all forms of technology evolve exponentially. Angie is part of Poole Group's Automation Projects team, developing their internal system to automate workflow and helping small businesses to implement Xero Apps.