We have passwords to ensure only authorized persons can access our applications and data. Password sprawl compromises this security. For example, consider these questions:
UC Santa Barbara provides a concise list of generally agreed upon password best practices. They include1:
1. Never share your password.
2. Use a different password for each account.
3. Make guessing your password hard by using sentences or phrases, but not those someone else might know or guess about you.
4. Longer passwords are better than short and complex.
5. Add complexity where you can, using symbols and spaces when possible.
6. Use multi-factor authentication (MFA).
7. Use a password manager to aid credential management.
Multi-factor authentication requires you to provide more than one “factor” to authenticate and gain access to your account. The definition of “factor” is something that you know, something that you have, or something that you are.
Credentials, your username and password, represent one factor (something that you know). Token authentication like a passcode or push authentication would be another factor (something that you have). In this case, you have a cell phone app, or ability to receive a text or phone call notification to prove that you are who you say you are because you have the “token,” your cell phone.
When only two factors are involved, it may be referred to as “two-factor authentication.”
Multi-factor authentication involves more than two factors. These could be fingerprint, codes sent to an email, facial recognition, and retina scanning. The amount of authentication you employ depends on the degree of security needed.
Advanced authentication like this works well because if someone compromises your credentials but they don’t have your phone, for example, they can’t complete the authentication process.
To protect your credentials, you can use a password manager.
With so many passwords, it is virtually impossible for anyone to manage all passwords, account changes, and urgent password changes should an account password be compromised.
A password manager takes the headache out of managing all your credentials.
By using a password manager, you can change passwords with a few clicks and swipes. Depending on how you use it, you may not even need to know, see, or remember any passwords.
Your password information stays safe and logging in becomes simpler. Plus, they meet all best practices standards, helping you to keep your account access more secured.
Of course, there is one password you will need to remember – the one to your password manager. That one you will want to write down and keep somewhere safe and secure.
For more information on how to implement a password manager, find the best app for password management for you, or discuss password best practices in your organization, contact us.