Security industry experts are predicting the death of passwords within the next few years as more systems shift to biometric methods (fingerprint, facial recognition, voice recognition, etc.) for authenticating users. However, these biometric systems are still in their early-days of development and adoption. Additionally, simpler systems (standalone applications like QuickBooks) may not adopt, or be able to adopt, biometric authentication. My own suspicion is that we will still need passwords for years to come. With that in mind, we will still need strong passwords to keep our data safe.
The rule that is being drilled into the public is that you need a long, randomly generated password on each website for which you have an account. However, research now shows that remembering all of those passwords is near impossible and people become fatigued. Instead, people pick a single password – one they assume is secure – and use it everywhere. Using the same password across multiple websites, or a variation of the same password, does not work well because once one account is compromised all of the others are at risk of easy cracking. Since we also now know that password fatigue also leads people to use the same passwords for personal use and work use, this means that a cracked personal password can allow bad actors to access company systems.
To combat password fatigue, more users and companies are turning to password managers. Password managers remove the requirement to remember those long strings of random characters and will fill in login fields for you. They even remove the problems with randomness during the creation step because they’ll create proper random passwords for you – passwords that are long enough to satisfy corporate requirements. There are wonderful password managers available today that allow you to keep track of all your passwords and even provide you with password management tools such as:
- Fast password search
- Mobile Apps (for field use)
- Active Directory Integration
- Password Generator
- Automatic Form Fill for web forms
- Compliance Reporting
- Multiple User Access and Sharing (teams!)
- Encrypted File Storage
- Two-Factor Authentication
- Password Auditing
- Automated Password Rotation/Change
- Automated Password Sync Across All Devices
- Digital Wallets
- Password Sharing with Individual Users
- Web Access
- Easy On-Boarding and Off-Boarding of Users
- Folder Restrictions for Different User Roles
I highly recommend password managers to clients who currently keep track of credentials in insecure ways (Excel spreadsheets, Word documents, paper). There are many password managers available and there is something out there that meets the needs for any client.