What is Password Management ?
A password management tool is an application on your phone, tablet or computer that stores your passwords securely, so you don’t need to remember them all. Some password managers can synchronise your passwords across your different devices, making it easier to log on, wherever you are. Some can also create random, unique passwords for you, when you need to create a new password (or change an existing one).
Why would a business want a Password Manager ?
Reusing the same password across different accounts can be dangerous. A cyber criminal might steal one of your passwords, and then use it to try and access other accounts. This means they could quickly break into several of your accounts despite only knowing one password.
We know that we’re supposed to create a unique, hard-to-guess password for all of our online accounts, to prevent such a scenario happening. However the NCSC recognise that this virtually impossible to do without help. Password managers provide that help. They’re designed to make using and generating passwords easier and more secure. Many can also automatically enter the appropriate password into websites and apps on your behalf, so you don’t even have to type them in every time you log in.
What types of password manager are available?
You may be already using a password manager without knowing it. Many are built into your internet browser (such as Google Chrome, Microsoft Edge or Firefox), or are part of the operating system on your smartphone or tablet. You may have noticed when you sign into an account, a box appears asking you if you want the browser (or device) to remember your password. If you are not sharing the device with anyone else, then it is safe to tick the box. If it doesn’t offer to save your password, you may need to turn this option on in your device settings.
Standalone password manager apps are also available to download, many of which can be installed on different types of device, and with extra features like the ability to create good passwords for you. It’s worth finding online reviews of the password managers you’re considering, and deciding on the features you need (and the support the vendor provides) before choosing one that’s right for you.
How do I protect the Password Management tool?
Whether you’re using a standalone password management tool or a built-in one, it is important to keep the password manager account secure because if a criminal accesses this, they’ll potentially have access to all your passwords and associated accounts. You also need to take steps to make sure you can always get in yourself, so you don’t lose access to all your passwords.
NCSC strongly recommend that you:
Set up two factor authentication on the password manager account. If you have the option, set up more than one type of second factor so you have a backup plan to get into your password manager account.Install updates for your password manager app as soon as you’re prompted to update. If you’re using your browser, always make sure you are using the latest version and you keep this up to date.Choose a strong password for the password manager account (for example using three random words). You can’t store this in the password manager itself, so you may want to write this one down and store it somewhere safe – away from your device – so you don’t forget it.
Note that if you’re using a built-in password manager through your browser or device, they may be protected by one of your existing accounts. For example, passwords saved in Apple’s Keychain are protected by your AppleID, and passwords saved in Google’s Chrome browser will be protected by your Google (or Gmail) account, if you have logged in. Again, make sure that you are using a strong password of these accounts.