Using password managers

Overview

To effectively work, study and live in a digitally-connected world we regularly need to use platforms and software that require password-protected logins. The proliferation of these logins raises two important issues for passwords:

The reuse of passwords across logins for different platforms
The use of insufficiently complex passwords that are therefore vulnerable to unauthorised access

Password management software aims to overcome both of these problems by creating complex passwords and storing login details. This means you no longer need to think of (and remember) multiple passwords, you just need to remember the main password for your password manager and then use it when you come to login to a particular platform.

In short, the benefits of using password managers include:

No longer having to remember which password goes with which login
Greater security through the use of complex passwords which are hard to guess and resistant to ‘brute force’ hacking attempts
Time savings through the use of password manager’s automatic or copy and paste password filling capabilities
Being able to access all your passwords via one strong main password that you decide for yourself

Sounds simple, right? Well, with a little bit of work, you can have a password manager set up and running across multiple devices, keeping your passwords for your personal and professional life at hand as you need them.

This short, entertaining video from ABC TV’s The Checkout in 2017 explains more about why password managers are such a great idea.

Note, however, that the four-random-word passphrase approach to the main password used to unlock the password manager is outdated.

Getting started

There are many different password management software options available, including:

Publications such as WIRED, PC Mag and CHOICE review password managers in depth – however, make sure the reviews are recent.

Devices from Apple (via iCloud Keychain) and Google (via Password Manager) come with password management options as well.

Click on the links above to explore more about the options available. Alternatively, this video from Deakin University Library provides an explanation and demonstration of LastPass, although we are not necessarily recommending LastPass over any of the other options.

The main thing to remember is that using a password manager will keep your important personal login details more secure while making your life easier. While there is a time investment in transitioning to a password manager, it is well worth the cost for the peace of mind and convenience.

While there are online password generators, these are not recommended as the source code for online password generators can make it faster for hackers to brute force your password.

Making a password

Using a password manager: Set your password manager to produce passwords of at least 14 characters per the ACSC Information Security Manual, item ISM-0421. It is best if the random passwords include A-Z a-z 0-9 and punctuation, but the allowable punctuation tends to vary by website. Many password generators will give an indication of the 'strength' of the password, obviously make the length long enough so that is 'strong' or more.

Key points:

Using a password manager means you can make very long and complex passwords and not worry about forgetting them. Long and complex passwords are more secure. It is therefore a good idea to update any existing short or simple passwords that you bring into the password manager. Your password manager software will likely indicate how weak or strong a password is; take its advice and update your password as required.

In your internet browser: Firefox, Chrome and Edge all have password generators which will all generate and store good passwords. Browser password managers are usually more basic than dedicated password managers, as dedicated password managers have more of a focus on security, but are still better than re-using the same password.

Using multifactor authentication with a password manager

Multifactor authentication is a feature available in many password managers which adds an extra layer of security to your passwords. By requiring identification not only via the main password but by using an additional factor it becomes even harder for someone to gain access.

Activating multifactor authentication is a highly recommended step to make your passwords more secure

The most common multifactor authentication method is SMS, but this can commonly be hacked. Authenticator apps such as Google Authenticator can also generate passwords that will only work for a short period of time, but these can also be hacked. Mobile apps that send a verification prompt can also be used, but require a working phone with Internet access. The most secure method is a physical security key, although they have not been widely adopted. (Nanda et al., 2022)

The following password managers all have options for additional authentication beyond just the main password: There are many different password management software options available, including:

References

Nanda, A., Jeong, J. J., & Shah, S. W. A. (2022, October 5). What is multi-factor authentication, and how should I be using it? The Conversation. https://theconversation.com/what-is-multi-factor-authentication-and-how-should-i-be-using-it-191591

PreviousPhishing and identity theft Next2. Information literacy, media literacy and data literacy

Last updated 1 year ago