Password Management

12/02/2020 Door Alison Smith

Unless you want to be a sitting duck for hackers you need a strategy for managing all those passwords. We all know the rules, the do’s and the don’ts, but when you have multiple passwords to remember, it’s difficult to avoid the habit of using the same password over again. We also all know that a strong password contains a random combination of numbers, mixed-case letters and symbols and that we shouldn’t use the name of our kids or pet dog. But how do we come up with unique, complicated combinations, and then multiple times, and then remember them? This leads us to commit the next cardinal sin. We write them down in a “safe” place, like a phone or a diary, negating the entire point of the exercise.The best recommendation for sorting out your password conundrums is to use a password manager. A password manager is much more than simply storing your passwords in an encrypted file of some sort, a password manager does this, but also much more, much more safely.THE CASE FOR USING A PASSWORD MANAGERTo use a Password Manager, you install a program that saves sets of credentials in a database whose contents are protected with AES-256 encryption. To unlock this database, you enter a decryption key – your Master Password – that only you know.Password managers that sync your password database to the cloud use end-to-end encryption. The data is encrypted before it leaves your device, and it stays encrypted as it’s transferred to the remote server. When you sign in to the app on your local device, the program sends a one-way hash of the password that identifies you but can’t be used to unlock the file itself.The companies that manage and sync those saved files don’t have access to the decryption keys. In fact, your master password isn’t stored anywhere, and if you forget it, you’re out of luck. There’s no known way to crack an AES-256 encrypted file that’s protected with a strong personal key.The added advantages of a Password Manager over a DIY encrypted file are:1) Browser Integration – credentials can be automatically saved to the Password Manager when you create a new account or sign in using those credentials for the first time. After that, when you visit the site again, and you have entered your Master Password, the credentials will enter automatically. No more copy/pasting.2) Random Password Generation – most Password Managers offer Password Generation which instantly produces random, never-before-used-by-you passwords, which are as lengthy and as complicated as you like. You don’t need to remember them as the Password Manager is doing that for you.3) Phishing Protection – If the Phishers fool you well enough that you go to their bogus site and try to enter your credentials, your Password Manager won’t allow it and won’t enter your4) Cross Platform Access – Password Managers work across devices, PCs and Macs and mobile devices.AVAILABLE SOLUTIONSFor several years, different password management solutions have been available. Some of them free of charge, and others with a paid subscription. What they all have in common is that the end user only needs to remember the password to the password manager, and that the password management system fills in the applicable credentials by recognising the platform that the user wants to gain access to.Most services are hosted in the United States, and because of America’s Patriot Act, this makes them unsuitable for companies in Europe pursuing GDPR compliance. For this reason SCC selected one of the best rated password management systems that can be self-hosted. This means that we use a license of the password management software that we can install on our own servers. That way we can be sure that the data is stored in The Netherlands, and will not be accessible by any third party. And what’s more, high end encryption means that SCC’s staff is also unable to read the password information stored on the manager.SCC can help you get this tiresome task under control. Just one thing, whatever you do, don’t lose the Master Password. However, make it a strong one. You can, it’s the only one you need to remember.