Cyb3R_Sm@rT!: Use a Password Manager to Create and “Remember” Strong Passwords

The Bottom Line

Strong passwords—those that are long, random, and unique—are essential to your personal cybersecurity, especially as advancements in computer processing speed and power continually make it easier for threat actors to crack passwords that do not meet these requirements. However, it is not practical for a person to remember all of their passwords.

Password managers were created to solve this problem, helping you to formulate strong passwords and “remember” them.

The Problem

A strong password might be hard to remember.

Long, unique, and random passwords are hard to remember, especially if you have many online accounts. Storing them as plaintext in a physical or digital notes app isn’t a safe option since they can be easily compromised if a threat actor gains access to your device. Password managers eliminate this issue by safely storing strong passwords for you.

The Solution

Use a password manager.

To generate strong passwords and remember them, the best solution is to begin using a password manager. Since there are many password managers available, here are a few considerations to help you decide which one best meets your needs:

1. Make sure you set your password manager to generate passwords that satisfy standards for length, randomness, and uniqueness.
2. Decide how you want your password database stored.
   • Cloud-based storage adds convenience by allowing you to easily access your password database from multiple devices. However, cloud-based password managers do have a higher risk of compromise by sophisticated threat actors since they send data across the internet and store your data on a server that you do not control yourself.
   • Locally maintained databases are typically more secure but have a greater chance of failure through user error. The database needs to be backed up regularly on another media storage device so that you have a copy of your passwords if your device is lost or stolen. Beyond that, it can be tedious to maintain a database on each of your separate devices.
3. Make sure the password manager application is compatible with all of your devices. For example, if you have a Windows OS laptop, an Android OS smartphone, and an iOS tablet, make sure that you can download the password manager’s application or browser extension onto all three devices.
4. Understand how the master password and account recovery work. Every password manager should have its own authentication method, including a master password that you cannot lose. (For tips on how to physically secure a written password, check out Project Upskill Topic 1.5.) In addition, some password managers have an account recovery process, which could require you to present biometric or personal information to verify your identity. Choose a solution with an account recovery method that you are comfortable with.
5. Opt for a password manager that offers multifactor authentication to access your password database.
6. Vet the product and its developer to the best of your ability. After all, this application will store the credentials to all of your accounts. For more information on vetting, check out Project Upskill Topic 1.4.

Takeaways

Do

• Use a password manager to help you generate strong passwords and keep them securely stored.

Do Not

• Use (or reuse) weak passwords.
• Keep your passwords saved in a physical or digital file that could be easily accessed on your device.

Project Upskill is a product of the Joint Cyber Defense Collaborative.

• Module 1: Basic Cybersecurity for Personal Computers and Mobile Devices
• Module 2: Protecting Your Accounts from Compromise
  • Topic 2.0: Formulate Strong Passwords and PIN Codes