At Berry Interesting, we started using a password manager right around the time one of our owners had their social security number stolen and was the victim of tax fraud. It was all hands on deck to lock down our information as much as possible. As diligent as we were, prior to that, about using unique passwords, setting up two-factor authentication on sensitive accounts, and keeping our client data firmly under wraps, we realized at that moment that we hadn’t taken it far enough.
Thankfully, we found 1Password and have been happy with the tool ever since. It’s now a part of our standard operating procedures to use a password generator to create passwords (or, even better, passphrases) for ourselves and any account we create or manage for a client. We use two-factor authentication much more heavily now – whenever there’s an opportunity to set it up, we use Google Authenticator (or, less often, SMS) to generate passcodes that provide that second layer of protection to our accounts.
Now, don’t get us wrong – there are plenty of times when we don’t keep passwords 100% obfuscated or protected in a password manager. Whenever we deem an account to be very low-risk (i.e. a log in to canva, or any other tool that requires us to have an account but isn’t something where we’re storing sensitive data), we often store those passwords in Google Sheets so that the login credentials are highly available to everyone on our team as well as our client. But when it comes to anything sensitive – DNS, hosting accounts, WordPress dashboards, financial tools like Stripe – everything is stored in a password manager.
We’ve also encountered plenty of situations where the person we’re working with is hesitant to use – or downright daunted by – a password manager. In the interest of keeping our clients’ data as secure as possible, we’re sharing this information here to, hopefully, demystify password managers and encourage you — and your team — to adopt them ASAP.
Do You Actually Need a Password Manager?
The short — and unequivocal — answer is yes, everyone needs to use a password manager. Password managers help you create and manage complex and unique passwords for each of your accounts, which is crucial in keeping your accounts secure. With a password manager, you don’t have to remember every single password, or reuse a password, or come up with some kind of labyrinthine formula for creating new ones, or write them down on a piece of paper (which can easily be lost or stolen – just watch any type of spy story – the password is always on a post-it under the keyboard).
What Does a Password Manager Do For You?
A password manager can:
- encrypt your passwords, so even if your device is lost or stolen, your passwords will still be secure.
- help you identify weak passwords and prompt you to change them, further reducing your risk of a security breach.
- auto-fill login credentials for websites, saving you the time and hassle of typing them in manually each time. This saves time and reduces the risk of errors.
- organize your passwords and make them easy to find. This is especially useful if you have a large number of accounts with different login credentials. You can categorize or tag your passwords, and search for specific passwords using keywords.
- securely share passwords with others without compromising security. Some password managers allow you to share passwords with specific individuals or groups, and even revoke access if necessary.
- save additional information about your accounts, such as security questions and answers, associated email addresses, and notes. This can be especially helpful if you need to reset your password or contact customer support for a particular account.
What If Your Password Manager is Compromised?
If your password manager notifies you that your data has been compromised, it’s important to take immediate action to protect your accounts and sensitive information. Here are some steps you can take:
- Change your passwords and make sure they’re strong, unique-to-you, and never reused for multiple accounts.
- Enable 2FA to add an extra layer of security to your accounts and can help prevent unauthorized access even if your password is compromised.
- Contact support for more information and guidance on what to do next. They may have additional steps you can take to secure your data and accounts.
- Stay vigilant and keep an eye on your accounts and sensitive information. If you notice anything out of the ordinary, take action immediately.
Remember, while a data breach can be unsettling, taking swift action can help minimize the damage and protect your accounts and information.
How To Choose a Password Manager
When choosing a password manager, there are a few factors to consider. First, determine whether you need a personal or business password manager. If you are using it for personal use, then you can choose any password manager that appeals to you. You might ask friends which ones they use, or download several to try them out. However, for business use, you need a password manager that allows you to securely share passwords with your team members.
Another factor to consider is how you will access the password manager. Some password managers are accessible via a web app, while others require you to download a desktop app. Some password managers even have mobile apps that allow you to access your passwords on the go. So long as you choose a password manager that supports the devices and platforms you use, you’ll be making a good choice on that front.
Some popular password managers include LastPass, Dashlane, 1Password, and KeePass. Each of these password managers has its own set of features, such as support for biometric authentication, password sharing, and password generation.
Information On Some Popular Password Manager Options
- LastPass is one of the most popular password managers available, and for good reason. It offers a user-friendly interface, easy integration with web browsers, and cross-device syncing. With LastPass, you can generate strong passwords, store notes and payment information, and securely share passwords with others. Plus, LastPass offers a free version with basic features, as well as a premium version with advanced security options. One potential downside is that some users have reported occasional syncing issues between devices.
- Dashlane is another popular password manager that offers many of the same features as LastPass, but with a focus on user convenience. It includes a built-in VPN, digital wallet for storing payment information, and an automatic password changer. Plus, Dashlane allows you to store and access your passwords from any device, and offers a free version with basic features. One potential downside, similar to LastPass, is that some users have reported occasional syncing issues, particularly with mobile devices.
- 1Password is a password manager designed specifically for Apple users, with seamless integration across all Apple devices. It offers advanced security features such as two-factor authentication and alerts for compromised passwords. Plus, 1Password allows you to store notes and payment information, and share passwords with others. However, it’s not as cross-platform as some other options, and the pricing is relatively high compared to other password managers.
- KeePass is a free, open-source password manager that allows you to store and access your passwords offline. It doesn’t offer as many features as some other password managers, but it’s highly customizable and can be used across multiple devices with the help of third-party apps. KeePass is also highly secure, as it doesn’t store your passwords in the cloud. One potential downside is that it can be more complex to use than some other password managers.
Overall, the best password manager for you will depend on your specific needs and preferences. We recommend checking out each option and deciding which one offers the features and security you need.
Onboarding Yourself — and Your Team — To a New Password Manager
Onboarding into a password manager is relatively simple. First, sign up for an account with your chosen password manager. Then, download the app or extension and install it on your device. Finally, start adding your account information and passwords to the password manager. Many password managers will provide thorough documentation on this front, including how-to videos, so don’t be daunted… but do make sure you have the time and attention to devote to the set-up.
If, like 1Password, your password manager requires that you set up a master password to access the tool, make sure that it is something easy for you to remember but complex enough to resist hacking. This is an instance where a passphrase comes in very handy. We like to use passages from our favorite books, or song lyrics. For example, if your favorite song is Hall & Oates’ Maneater, your passphrase might be Watch-Out-Boys-She'll-Chew-You-Up-1982
.
Encouraging your team to use your password manager of choice is essential in ensuring the security of your organization. You may want to set aside a block of time for everyone to work on this at the same time, or include it in your onboarding process for new employees. If you’re struggling to get buy-in, you can also offer incentives, such as bonuses or additional PTO, to team members who adopt the password manager (yep, it’s that serious. Do whatever you have to do to get everyone on board with this). On an ongoing basis, make sure to provide training and support to your team members to help them understand how to use the password manager effectively. Most importantly, your adoption of the tool will influence others to do so (and, as a bonus, you’ll get so good at using it that you’ll be able to help others).
A Note About Two-Factor Authentication
Two-factor authentication, or “2FA” as it is often referred to, is an extra layer of security that adds an additional step to the login process. With two-factor authentication, you need to provide a second form of identification, such as a fingerprint, a series of security questions, or a one-time code sent to your phone, in addition to your password. Here’s a short, helpful video that explains what 2FA is and why it’s important.
Many password managers offer two-factor authentication as an option. Enabling two-factor authentication can help protect your accounts even if your password has become compromised. At Berry Interesting, we enable two-factor authentication by default on any accounts that support it.
Password managers are an essential tool for anyone using the internet. They provide a simple and effective way to manage and secure your passwords, which is crucial in protecting your online accounts and sensitive information from cyberattacks. By using a password manager, you can easily create and store complex, unique passwords for all your accounts, without the need to remember them all. This significantly reduces the risk of a security breach due to weak or reused passwords. With the added protection of two-factor authentication, password managers offer a comprehensive solution for securing your online accounts.
If you’re curious about how Berry Interesting Productions keeps our clients data safe and secure, or if you’re interested how we can help your team deploy a password management solution, drop us a line or book a consultation directly with our fearless leader, D’nelle. You can also sign up to get emails from Berry Interesting, and we’ll keep you in the loop.
You might be interested to know that this post was created with the help of generative AI tools like ChatGPT. Find out more here.