As part of your job you have privileged access to other people’s protected information. It is partially your responsibility to ensure that when your username is used to access an application or system, that it is really you who is requesting access. By using a password that only you know, you are proving that you are you. Since most people cannot remember a multitude of long/complex passwords, we can allow a password manager to do the work for us. An extra perk is that these solutions can help give us back all the time we spend on Forgot My Password screens and phone calls to IT for a password reset. We can reinvest that extra time back into supporting our clients.
HABIT: “I always write my password down on a sticky note under my keyboard. It would be very difficult for a hacker to get into my office.”
ISSUE: Cleaning staff, building maintenance staff, or even well-meaning coworkers could use your credentials to access systems that they normally wouldn’t have access to.
HABIT: “I use the same password for everything. It’s very complex!”
ISSUE: The problem with this is that your password could be stolen from any one of the services you use it with. Attackers will routinely try to use stolen usernames and passwords on other sites to gain access.
HABIT: “I save all my passwords in Chrome and they’re backed up to my personal Google account.”
ISSUE: Google Chrome is much more secure with saved passwords than it used to be. However, someone with access to your Google account could obtain your Chrome saved passwords. Did you forget to log out of Gmail on the hotel business computer? When using a service with wide offerings such as Google it can be hard to remember that your passwords are stored there and access to that account needs to be handled carefully.
HABIT: “I create different passwords for every service I use. They are long and complex and I’m able to remember all of them!” While this is an ideal method, very few people would be able achieve this.
HABIT: “I used a password manager to generate and store all of my passwords. The only password I need to remember is the password to access my password manager.” Password managers can be a very efficient and secure method to store your passwords.
A Password Manager is an application where you create entries to store your username, password, and any other relevant information that you would use to access a website, application, or other system. Let’s say your company has setup a new DropBox account for you. You can open your password manager and create a new entry for DropBox. You’ll enter the username you created for the service, then have the password manager generate a password for you. Then you copy that password and paste it into the proper fields during the setup.
Most times when using a password manager, you will not even know what the password is that you are using. By having the password manager generate and store passwords for you, you can use longer, more complex, and ultimately more secure passwords. Think about it this way, would you build a lock for your front door or would you get a professionally made lock?
There are many password manager applications and services available. Before selecting a password manager, consider these questions:
Ian Beatty is the IT Systems Architect at MediSked, LLC. He has worked many IT positions over his 15+ year career. Ian brings an abundance of experience from his time working with MSPs, Provider Agencies, and HealthIT focused software development firms.