Loading...
 
Skip to main content

DRAFT

SIL Information Security Training for End Users:  Secure Your Online Accounts

Creating and remembering a unique, strong password for each account is nearly impossible. People often reuse passwords or use a low-security trick to remember passwords. 

It’s not rare to see IT technicians storing passwords in a Notepad document. Notepad documents are obviously not password protected. Say your laptop is stolen or hacked, all your important passwords are stolen as well. Knowing you are in charge of IT security, this is not an acceptable solution. 

How can you 

  1. Create and remember strong, unique passwords for all the resources you need to access
  2. Use a secure place to store them 

The solution is a password manager. With password managers you can store all your passwords in a secure location. Your password manager will remember them, so you don't have to. You only need to remember the password manager’s master password which encrypts your sensitive information. Should this database be stolen, nobody will be able to access the content without the master password.

Once you have a password manager, you can use it to create strong and unique passwords. For example, you can randomly type on your keyboard to create any new passwords you store inside. This ensures they are unique and very long. However, you might want to avoid random passwords if you need to type it on another device later on which you cannot access your password manager. 

These are other benefits of using a password manager. They can:

  1. autofill passwords, even for locally installed apps, to avoid searching and copying/pasting them, saving precious time for each entry
  2. easily integrate with your web browser and help you log into sites.
  3. help protect against phishing as they store the valid web addresses associated with the login passwords
  4. generate secure, random passwords for you
  5. sync to your phone, giving you access to your passwords from anywhere.
  6. proactively alert you when you’re reusing a password or when your passwords are weak and easy to guess or hack.
  7. let you know when online accounts are hacked and your passwords have been exposed.
  8. backup your database in the cloud for easy access.

Don’t wait until a crisis happens; but start using a password manager now.

If you are using a Password Manager, you should normally only have to remember two passwords : your Windows password and your Password Manager’s password. Perhaps three passwords, if you are using BitLocker with password enabled. These are called “Master passwords”. Make sure to make them memorable, so you don’t have to write them anywhere. See this article for tips.

All the other passwords can be very long, complex (even completely random) and unique, and your Password Manager will remember them for you.

If email is used as one recovery method for your password manager, it needs to use a strong password, and must have 2SV enabled. 

A password manager cannot completely protect you from keylogging*, but using 2SV with your passwords can protect you from keyloggers, because the keylogger can’t record your second step of verification if it’s a PIN number on your phone or a security key.

*Keepass has an option in 'Tools' → 'Options' → 'Security' → ‘Enter master key on secure desktop’ to show master key dialogs on a different/secure desktop, similar to Windows User Account Control (UAC). This protects pretty well against Keylogger as almost no keylogger works on a secure desktop. You might want to check for other password managers.

Are password manager safe to use ? What about the security of the password manager’s company? Even if the company is hacked, your passwords will remain unreadable to anyone who doesn’t have your master password. The master password never leaves your device, and the password manager company couldn't access your passwords even if they wanted to. It's much riskier to reuse passwords than store unique passwords in a password manager. You can improve your security even more by using 2SV with your password manager. If you are still concerned about online security, then use an offline password manager like KeePass.

So, which is the best password manager? That comes down to the features and cost. Just make sure the password manager works on all your devices. The basic personal version of Bitwarden is open-source and completely free. Other good password managers include KeePass (and KeePass XC), 1Password, Dashlane, and Bitwarden. If the Password Manager database is saved locally, make sure it is included in the backups, as losing it would be very damaging.

Notice that although password managers can help you with automatic sign-in, some only support website login. A password manager such as KeePass can automatically sign you into local apps in addition to websites.

These are some password managers that support passkeys: 1Password, Bitwarden, KeepassXC. 

Built-in browser password managers are limited to that specific browser, but third-party password managers are cross-platform and cross-browser. Built-in password managers in web browsers aren't as powerful and useful as third-party password managers. They also prioritize convenience over security, so they are not as safe as reputable third-party password managers. Scammers can get passwords out of the cache, that’s one reason why we do not encourage this practice.

 

Resources:

IT connect online - Password managers - Google Slides

 

Contributors to this page: admin .
Page last modified on Tuesday March 4, 2025 10:09:29 GMT-0000 by admin.
Show PHP error messages