By now, you have likely received a notification from a website you frequent about a data breach. The warning that was sent to you states that your credentials have been compromised. Or, you have heard about a big breach at for example, LinkedIn, Adobe, Ashley Madison or LifeLabs. How about an unusual message through Facebook Messenger from a “friend”? That friend eventually lets you know that their account was hacked — is this you? Well, someone got their credentials and used them. The thief who stole that information is attempting to access other accounts which can be done quickly with automated tools.

 

Employees reuse a password an average of 13 times. Canadians reuse their password an average of 15 times.

Lastpass

Benefits of a password manager
  • Improve password hygiene
  • Decrease bad password habits
  • Enforce secure sharing
  • Unify the login experience across devices
  • Centralize administration

The key problem with passwords is twofold. Firstly, we can no longer keep track of all of the various passwords we have. For most of us, we have a long and constantly growing list. Some people solve this problem by using the same password everywhere, but this is a highly insecure practice. This is the second problem: password reuse. Since we all have dozens, or unbelievably, hundreds of usernames and passwords we re-use them for multiple accounts because it is easier than trying to remember them. The irony is, that to remember a password, indicates that the password is not complex enough. This can be very damaging if someone gets a hold of your bank account or email password.

The solution to both problems (password reuse and weak passwords) is to use a password manager. There are many different tools available and in this video demo, COO Jesse Smith is going to show you how to get started with a wonderful tool called LastPass.

What is LastPass?

LastPass is a password manager that can be used with all of the major web browsers. Once installed, it will start asking you if you would like it to remember your password every time you log into a website. The next time you visit that site, LastPass will automatically fill in your username and password for you. If you are creating an account on a new site, LastPass can generate a secure password for you and will remember it the next time you visit that site. LastPass is a great option for personal and professional use.

Key features:

  • User-friendly
  • Free or paid
  • Good for personal / family use and business-wide use
  • Best-in-class security (AES-256-bit encryption)

Functions:

  • Stores, generates, manages and fills in (retrieve) passwords
  • Available across web, desktop and mobile apps
  • Secure, encrypted storage
  • Secure sharing (sometimes blind)
  • Multifactor authentication

Password Best Practices 

Old: 8-character, complex passwords
Example: m0!raRos3

New: 12+ characters or even longer passphrases

  • Complexity: More is better, longer is best
  • Uniqueness: Random, unique password for each service/app
  • Change/reset: No scheduled changes, but reset immediately if compromised
  • Storage: Secured with encryption

Example: David, stop acting like a disgruntled pelican!

Password managers automate or simplify these requirements.

Source: NIST SP 800-63

Best Practices for Business

  • Shared vaults/folders to share common passwords among teams
  • Business versus personal vaults
  • Integrate Single Sign-On to simplify user access to password vaults
  • Audit passwords to identify reused passwords and gain intel on compromised passwords
  • Build processes around user onboarding and offboarding

Best Practices for End-users

  • Install across all devices
  • User suggested passwords wherever possible
  • Check password scores
  • Use the free personal account/vault if available

Find a third-party review of Lastpass here.

Other options:
1Password
Keeper

Not sure if any account associated with your email has been breached? Visit Have I Been Pwned to find out.

If you have any questions about setting up a password manager or want to learn more about how to better secure your data, contact us.