The Importance Of Passwords

Cybersecurity My20it21ch. todayJuly 19, 2021

Background
share close

It seems unreal, but we can still see in newspapers and news websites that companies are still being attacked despite all types of security filters. This is still happening because one of the biggest vulnerabilities are insecure passwords. The importance of passwords is something that has been overlooked in the last decades, even though we used them all the time.

Statistics

According to the statistics that are published constantly – and even though there are lots of campaigns out there for people to change and enforce their passwords – there are still users who have passwords such as: 123qwe, 12345678, qwerty, abcdef, Admin, password, hello and so many anothers that are very easy to detect by the attackers; things like: ID numbers, birthdays, wedding day, car’s plates, home address, etc.

A very common error is to use the same password to access everything: buying online websites, banks, and credit card passwords. If an attacker can crack it, they can take over all the person’s digital life and perform any kind of criminal actions.

“But strong passwords are hard to remember…”

Strong passwords are more difficult to learn, and they are long. Some of them even have characters we will never use. However – even if you do not believe it – that is the password’s strong point and changing them every month can give a much bigger protection to our information.

In this post, we want to suggest some applications to help you manage your passwords and make your (digital) life safer. The concept is very simple: one master password that the application demands when you want to enter a site and when you put it in, the password manager will fill in the password of that website automatically. This is all done with one safe password and you won’t have to memorize it. Ever.

Are all password managers the same?

Not at all. Every single one has a different way to create and manage the passwords, but some of them have more coverage than others. For example, things like integration with active directory or a corporate network’s administrator.

“Password managers are only for big enterprises.”

That is not true. An attacker does not want to know if he’s going to attack a small or medium-sized company, a big enterprise or just one person; even people or small and medium-sized businesses are the most attacked, but they are the ones that need these applications the most. Maybe that happens because of their low budget, or because they might not have network managers or systems engineers that manage their networks for them.

These are some of the companies that developed password managers. Some of them have a free version for starters, but only one of them has a free, life-time version for one device only.

Please remember nothing is ‘free’ on the internet; even if you don’t pay an actual fee, there will be other ways that they can charge you.

1- Dashlane  $40/ year 

This is one of the most popular ones worldwide. It became famous because it started as a free product and then evolved into a monthly-paid application. Nowadays it has a free version for life for only one device for up to 50 passwords. This is only for personal use, not enterprise.

Dashlane has a monthly payment of $3.33 for managing password on unlimited devices and that sync between each other. It will autofill the forms and payment data if required. It also offers a VPN connection for unsafe networks and backup for confidential files.

One interesting feature is that is has a Smart Spaces option that allows you to manage both personal and corporate passwords in one single account.

  • Encryption: AES 256bits with CBC-HMAC and the option for Argon or PBKDF2-SHA2
  • Compatible with: Windows, Linux, Mac, iOS, Android
  • Browsers allowed: Chrome, Firefox, Safari, Internet Explorer, and Edge

2- LastPass Starting at $36/year

LastPass is a password manager that was acquired by LogMeIn. It offers three versions for personal use: a free one, another called ‘Premium’ that costs $3/month but with an annual payment. The last one is called Families that includes up to 6 users from the same family with an annual payment of 48 dollars.

For enterprises, there are several options from $3/month up until $8/month/user. There must be a minimal of 5 accounts to use the corporate versions.

  • Encryption: AES 256 bits with PBKDF2 SHA-256
  • Compatible with: Windows, Linux, Mac, iOS, Android
  • Browsers Allowed: Chrome, Firefox, Safari, Internet Explorer, Opera and Edge

3- Keeper $29.99/year

Keeper is a company that offers quite a wide variety of services both for personal use and enterprises. It also offers other services like a private chat with a monthly payment for a certain number of users.

Regarding the password service, they include unlimited storage, unlimited identities and payments, a web application, emergency access and unlimited device synchronization.

One of the options that sparks interest is the login option with fingerprint or facial recognition, as well as a password service for MSP.

  • Encryption: AES 256 bits with PBKDF2 SHA-2
  • Compatible with: Windows, Linux, MacOS, iOS, Android
  • Browsers allowed: Chrome, Firefox, Safari, Internet Explorer, Opera and Edge

See also what-would-the-world-look-like-without-passwords

4- 1 Password $35.88/year

1Password is a Canadian company with another product that has personal and corporate versions. For the personal version there is a feature that offers 1GB of storage for confidential documents.

Something that we didn’t see on the other password managers is the option to restore deleted passwords from the last year if necessary. We also find an option for travel mode when you need to travel overseas.

  • Encryption: AES 256 bits with PBKDF2 SHA-2
  • Compatible with: Windows, Linux, MacOS, iOS, Android
  • Browsers allowed: Chrome, Firefox, Safari, Internet Explorer, Opera and Edge

5- Roboform –> $23.88/year

Roboform offers a basic, free multi-platform version that has some limitation in regard to the synchronization. They also offer an advanced personal version (paid) and an enterprise version that includes a centralized console, an unlimited number of console administrators, double-factor authentication, integration with Active Directory, advanced reports and much more.

  • Encryption: AES 256 bits with PBKDF2 SHA256
  • Compatible with: Windows, Linux, MacOS, iOS, Android and Chrome OS
  • Browsers allowed: Chrome, Firefox, Safari, Internet Explorer, and Edge

6- Beyond Trust Password Safe

Even though some of the products in this article are based on the consumer’s offers (LastPass, 1Password, etc.) BeyondTrust Password Safe is a corporate service from the beginning and is targeted to organizations that need to block authorization and access to hundreds of thousands of users.

When using a system like Password Safe, it will start to add feature to automate network device discovery, to generate and store password per device, manage passwords for privileged accounts and adaptive access control. For this, things like location and time of day will directly affect the complexity of generating password, how long the password lasts, and the number of users that can have access to it.

To use all available features in a product like Password Safe, most organizations will need security professionals dedicated to the task, an external integration partner, or both. In return, a company can hope to receive a sophisticated password security and authentication security, as well as advanced analysis executed on login attempts and usage of accounts inside of the system.

The prices are available on Beyond Trust upon request.

7- One Identity

Different from many password management companies that cover both the individual user and enterprise world, One Identity is a direct provider of enterprise services. For One Identity, password management is just a piece of an integral group of identity and access management offers.

One of the main goals of One Identity is to reduce the calls to a help desk, allowing the users to access a self-service portal for activities that include restoring forgotten passwords and establishing new ones that comply with the organization’s standards. One Identity works explicitly to be built over the identity functions of Microsoft Active Directory and can establish passwords for individuals in many different domains.

Although One Identity Passwords is available as an independent service, it is cleared meant to be a part of a general infrastructure for access management. It is an enterprise-class solution for access control in the entire company.

The pricing is available on One Identity per request. 

To conclude, here are some things you need to consider:

  • How easy it is to use: Almost all of them offer a 30-day trial period where you can perform the necessary test in different devices and browser in other to make the wise decision.
  • The outreach: Some of them offer added value like a VPN or the ability to use corporate and personal passwords for free.
  • Compatibility: Does it work for my OS or device? Some of these only manage passwords for mobile devices, which would require to purchase an additional one to manage passwords in computers

We hope we have demonstrated the importance of passwords and the information was helpful so you can make the best decision for your company.

Thank you for reading! We hope you liked it.

Share this post on your social media and leave a comment below with your thoughts on this blog.

If you want to see more from where this came from, subscribe to our newsletter.

See you next time!

 

Written by: My20it21ch.

Tagged as: .

Rate it

Previous post

Similar posts

Abrir chat
How can I help you?