Posted by: on June 1, 2018 at 8:00 am

by Aaron Finch, Network Engineer, TAZ Networks

What’s the best way to create and manage secure passwords for your online accounts?

Image is a toothbrush

How is a good password like a toothbrush?

While new security challenges pop up all the time, the basic principles behind creating a secure password haven’t changed that much. I like the toothbrush analogy:

  1. Get a good one.
  2. Don’t share it.
  3. Change it regularly.

And, just like you wouldn’t use your toothbrush to clean your fingernails, it’s important not to use your secure password for several accounts, or – even more scary – all of your accounts.

That said, if you’re anything like me, keeping passwords secure and unique is much easier said than done. Having dozens of accounts and expecting myself to be able to create and remember unique passwords for each and every one of them was simply not realistic.

So, what to do?

A password manager service can assist with this need in a big way. There are many to choose from, and they do exactly what they sound like. They store your logins for different web sites and services that you access from your web browser or a mobile app. Many have built-in browser extensions that allow you to securely auto-populate the login fields of websites. But the built-in password generation tools are the real strength of these services. They create long, complex passwords, randomized based on criteria you can customize. These are some of most secure passwords you can use. Here’s an example:

l78Q*Rv3O^81

Clearly these aren’t the kind of passwords you can memorize easily, but that’s where the auto-fill feature comes in handy.

To continue with our toothbrush analogy, it’s like having a brand-new, super-effective toothbrush every time you brush your teeth.

It’s true that these complex generated passwords aren’t practical for every situation (your domain login password for example), but for web-based accounts they are a great option.

Great, we have a tool, problem solved! Sign me up! Right? Well… maybe. As with everything security related, it’s important to discuss the cons and side-effect considerations. The hard truth is that there is no silver bullet solution in the world of security. You must always weigh out the good, the bad, and the ugly before jumping into a solution or service.

So, what are a few considerations for password managers?

  1. This service is going to be protected by, you guessed it, a password. And if this password were compromised, it could give the bad guys access to ALL of your other passwords. That’s a horrifying thought. Using multi-factor authentication for password manager services is a must.
  2. Not all services are created equal. Just because one might be the most popular, does NOT mean it’s the most secure. Do your research. Read about the service provider and how it will protect you. And not just the FAQ on the services page – read independent user reviews and news articles. Knowledge is power, of course, so know what you’re getting into before you make any decisions about putting your sensitive info into someone else’s hands.
  3. Understand your company’s policies or compliance requirements regarding passwords. It may be that use of such a service is in violation of corporate guidelines. Check with your IT department or manager before putting in business account information.
  4. Above all, remember that nothing is perfect. Everything can be hacked. Stuff happens. The ultimate goal of using a password manager service is to reduce that likelihood as much as possible and make it VERY hard for the baddies out there to get into your stuff!

We talk a lot about security. Passwords, login IDs, and credentials are one of the most ubiquitous parts of technology life today. We understand that password best practices can be complicated and overwhelming, but you can meet those best practices. Reduce the headache of it all by using a password manager.

Cybercrime is at an all-time high! When was the last time someone reviewed your company’s network security? Call us today or fill out the form for a free network security consultation.

Schedule An Appointment






    * Required fields

    Blog Archive