We take a look at how a password manager can help keep you and your charity secure from cyber criminals
Passwords have a vital role to play in keeping cyber criminals out of your charity’s computer systems and preventing them from accessing confidential information. A password manager is a vital tool to help ensure your passwords don’t get stolen, cracked, or copied.
Before we look at the fundamentals of a password manager and how it improve your cyber security, let’s consider how your passwords work.
Essentially, they are secrets that only you are supposed to know and by entering the correct password you can get access to a particular computer system – perhaps an online service, or maybe your charity’s CRM system.
The problem with a password is that a cyber criminal can try to guess or “crack” it. Let’s imagine you have a password that is nine lower case characters long. That means there are about five trillion possible passwords that you could be using.
That sounds a lot, but a cyber criminal using a password cracking program can easily make 100 million guesses per second. At that rate it would take them just over 15 hours to check every possible password. With a little luck they might expect to find your password in about seven or eight hours.
So, it goes without saying, you should use complex passwords. A password made up of lower case letters is fairly simple, because there are only 26 letters in the alphabet. But if you choose a more complex nine character password with both upper and lower case letters, then you are choosing from 26 lower case characters and 26 upper case characters, or a total alphabet of 52 distinct characters.
Now there are three thousand trillion possible passwords and it will take the cyber criminal almost a year to try every combination.
If you include digits, too, it will take a cyber criminal four years to try them all and with special characters such as ! and $, it will take them over 20 years. And just by making your password 10 characters long rather than nine, the time taken to check all password possibilities jumps from 20 years to over 1,000.
What this shows is that if you want to keep your accounts secure, you need a password made up of upper and lower case letters, digits, and special characters, which is at least 10 characters long, but ideally 12, 13, or even more.
It’s also important that you use different passwords for every account that you have. That’s because if a hacker does manage to get hold of one of your passwords somehow then it won’t just be one account that is compromised but all the accounts that share that password.
So, how do you keep track of multiple passwords, if all your passwords use a mix of letters, numbers, and special characters, and all are at least ten characters long? After all, you can’t possibly remember them. The answer is by using a password manager.
Popular password managers include:
A password manager works by storing all your passwords and every time you get to an account login page it will automatically enter your user name and password for you.
That means that you don’t need to remember your passwords so you can make them as long and complex as you like, and you don’t have to waste time entering long and complex passwords manually.
That may not sound secure, but a password manager will only log you into any account after the password manager has been activated. The way to do this is by entering your master password. This is in effect the only password that you ever have to remember, as the password manager will store all your other passwords for you.
Crucially, a password manager only stores your passwords in an encrypted form, so they are secure even if a cyber criminal gains access to your computer.
Of course this also means that if a cyber criminal ever gets access to your master password they could in theory access all the passwords that the password manager is storing. That’s why it is important to use a long and complex password as your master password.
The best way to protect against a cyber criminal getting hold of your master password is to ensure that you have two-factor authentication (2FA) configured for any account that offers it. With 2FA in operation your account stays secure even if a cyber criminal gets access to your password.
Since all the encryption happens on your computer, the software companies that make password managers never have access to your master password. This means they can’t give you your master password or decrypt your passwords for you. But there are usually a small number of recovery options. Many password managers:
A password manager will:
One final feature worth mentioning is that your passwords can usually be synchronised between the password manager software running on your mobile devices and desktop computers. That means that if you change your password using one device, you will still be able to log on using other devices. This is especially useful for hybrid workers who may work from home or at charity offices and use a number of different computers and mobile devices.