Why you should (still) use a password manager

17 Mar 2023

blog

Are you responsible for your company’s online security? We understand that this can be overwhelming and stressful! If you’re trying to find ways to build your company’s security, you’ve probably thought about password managers. 

But, if password managers can get hacked—and do get hacked often—the question you’re probably asking is: “why should I use a password manager?”

Well, the answer to this is that even if password managers are hacked, they are hacked less often. Plus, individuals with password managers are more likely to have very authentic or unique passwords across their accounts.

So, even if they aren’t full-proof, password managers are still worth it.

Today, we’ll dive into the answers to the question of, “why use a password manager”, as well as the many ways your online security platform can still be hacked.

Top 3 Reasons to Still Use a Password Manager 

Did you know that on average a person with no password manager has as little as 10 passwords that they use for their login credentials to over 170 accounts? 

Now think about all the possible employees doing this or something similar to this in your company. In this situation, your company could be at real risk for hacker attacks!

Want to avoid possible short and long-term compliance risks and potential breaches? Here’s how a password manager can help:

  • The program would allow the user to create and use different strong and perfectly random passwords for the variety of sites and services they sign up for.
  • Randomly created passwords by these applications are currently unguessable by any current technology.
  • Many password managers offer multi-factor authentication (MFA) as an additional layer of security. MFA requires you to provide a second form of authentication, such as a fingerprint scan or a one-time code sent to your phone, in addition to your password. Using MFA would definitely up your security!

Basically, we’re recommending that using a good, trusted, password manager is the best way to do password authentication in situations where you must use passwords. Although these applications can get hacked, your information is still more protected with one than without.

Book a  FREE consultation today to ensure your company has an efficient Cybersecurity Service program in place!

Types of Hacks on Password Managers

Now we’ve told you it’s common for password managers to be hacked; however, it’s more regular to see some of the software we use every day get hacked—think operating systems, browsers, and even search engines (ex. Yahoo).

We still use the other things that get hacked, and attacks on these other tech tools are more frequent. Safe to say password managers are a good consideration for people looking to protect their sensitive information. 

Now that we have that out of the way, it also doesn’t hurt to understand some of the ways a password manager can be hacked and to learn if there are steps you can take to reduce the risk of a particular type of hack.

a. Local Hacking Attacks

These are many different versions of “local hacking attacks”.

Option 1: The adversary was able to successfully gain access to a desktop where the password manager is actively used, unlocking it, and export all the vital data to another location. Usually, the initial access to the desktop happens because of social engineering or unpatched software (may or may not be related to the password management program).

Tip: If you use a password manager, you can reduce (but not eliminate) the risk of local hacking attacks by reducing the time that a password manager is unlocked and not being monitored. Always allow your password manager to automatically lock after a set number of minutes of inactivity!

Option 2: An attacker can install a keylogging trojan program which steals the user’s master password that protects the password manager and then use it later on to access the password manager when the user has not manually unlocked it.

Tip: Reduced this danger by using and requiring MFA to unlock the password manager. Not all password manager programs have this capability, so we recommend picking and using one that does have this feature.

Local hacking attacks are dangerous! If your desktop is accessed by an attacker it’s basically game over. No defense is going to save you, even with the very best password manager involved!

b. Remote Attacks

Budding tech lovers have been familiar with remote work—far before other industries, where it’s slowly becoming more common.

However, with more and more remote possibilities, there continues to be many, many attacks that work remotely against password manager users! These often arise if you use a password manager but create and store weak and/or duplicate passwords within the password manager.

Why does it matter if your passwords are weaker but you’re using a password manager? Well, it’s very possible, and even likely, that one or more of your passwords will be compromised by the hacker targeting the site or service where that password is used. 

The moral of the story is to periodically change your passwords to mitigate the risk over time!

c. Vendor or Remote Storage Attacks

This one may surprise people, but your password manager vendor can also experience a cyber attack, possibly leading to your information being compromised. 

These vendors aren’t almighty! Vendor’s sites and services can be compromised. They can have bugs. They can have implementation or configuration weaknesses. They can implement encryption poorly. They can have weakly protected APIs. They can have storage locations breached by enemies.

Reducing the Risk of a Hack

You now know the possible types of dangers your password manager is susceptible to, but how do you reduce the risk? Here are some of our best tips when picking out and using a password manager:

  • All passwords and all fields stored by a password manager should be encrypted using strong, industry-accepted encryption, like 256-bit AES symmetric encryption.
  • Make sure that if you’re using a password manager allowing you to copy sensitive data onto your clipboard, the program will automatically clear the clipboard after a preset amount of time (say 30 seconds, etc.).
  • Using the browser extension of your password manager? Make sure the parent company cares as much about securely coding the browser manager as they do the rest of the password manager program.
  • Make sure to allow the password manager to create as long and complex passwords as the site involved will allow. Don’t ever use the same password for any two unrelated sites. If this is your current habit, break it quickly!
  • Be aware of phishing attacks! These can happen if you try to get your password manager to log you in automatically (if it has that feature) and it doesn’t work. When it doesn’t work, you instead copy and paste your info not knowing it is a scam site. To mitigate this: try to login to all sites and services using the features of your password manager and if a particular logon doesn’t work be aware that it could be a phishing attack.

Get Help From Cybersecurity Experts

So, now you know all the ways password managers can get hacked and why you should still use them.

If you’re still unsure about an efficient Cybersecurity Service program, aligning it with business goals, or seeing compliance, Swift Chip is here to help! We offer unparalleled customer service and have team members who know what we’re doing.

Swift Chip’s cybersecurity is headed by Certified Ethical Hacker, Kenneth May. He’s worked with important players like the FBI and CIA, and brings his expertise to our dedicated team that will help your company get the results you’re looking for.

Talk to us today if you’re looking for cybersecurity solutions and a compliance focused company to support you!

CONTACT US TODAY

Swift Chip provides managed IT and cybersecurity services for a wide variety of companies in fields with stringent privacy and compliance requirements.

Contact Us

Contact Info

LOS ANGELES

9415 Culver Blvd. Culver City, CA 90232, United States

info@swiftchipinc.com 310-881-8770

VENTURA

2140 Eastman Ave, #104 Ventura, CA 93003, United States

info@swiftchipinc.com 805-318-8770
top