Christmas is just around the corner. You finally have a couple of days off. The kids are playing with their new items, and you’re pretty sure you’ll have at least 10 minutes of peace before they get bored. You turn on Netflix ready to binge watch that show you’ve been hearing about, only to be asked to enter your password. You fiddle with the remote to type in the family password and are promptly denied access. Who changed the password?! So much for goodwill toward men. Thankfully, there’s a solution to this challenge that doesn’t cost an arm and a leg and is relatively easy to use: a software-based password manager.
What is a password manager?
A password manager is a software tool that stores all of your passwords in one secure place (call it a vault). The “vault” can be stored on your computer’s hard drive or in the cloud and synced between your devices. As a result, you have access to your passwords everywhere. To access your list of passwords, you use one (easy to remember but hard to hack) password to unlock the vault and access all of your passwords or secret information. This is generally where the objections come in.
Objection: Wouldn’t you agree that if the bad guys figure out my one password, that would give them access to all of my passwords?
Answer: Yes. But, let me ask you a question: If I look at your list of passwords (you know, the one in your top desk drawer), didn’t I just get access to all your passwords? Which is worse?
The bad guys on the internet are hacking websites where your login information is stored. Password managers use encrypted file storage to store the passwords until they are unlocked by you. These are two separate systems. Theoretically, someone could hack a password manager service, just like someone could break into your office. Either way, your passwords have been compromised.
The question is, where is the risk lowest balanced with the benefits a password manager can provide? I’ll take my chances with the folks who focus on keeping my data secure as the core part of their business (e.g., https://1password.com/security/).
What’s the password problem?
Security is the primary password problem. I would concede that both systems (paper and digital) have risks. So, it comes down to weighing the risks with the benefits. The problem with a paper-based system is that passwords change so quickly in today’s world, and sharing those passwords (think Netflix) is difficult. Plus, if you have one master list of passwords on paper, your kids or staff will have access to all of your resources, potentially giving them access to client information.
Here are some common password problems to tackle in today’s world:
• You are forced to change passwords, either by policy or because you were hacked;
• You have to generate very complex passwords (where is that key on the keyboard?);
• There are so many websites that require a password;
• You can’t remember the password, and/or;
• You use the same password to log in to multiple sites.
Also, in most cases, you need at least two pieces of information: a username and a password. Some places also require secondary authentication methods. How can you possibly remember or come up with a password scheme to address these variables?
Benefits of a password manager
The key benefit of a password manager is that you create one login to rule them all. Essentially, you remember one password (or use a biometric login) and you now have access to all your passwords and secure information. Your main password is the key that unlocks the vault and the software then goes to work for you.
Once the vault is unlocked, the software will prompt you for things like the URL of the website you want to log in to, the username and password. Once you fill in that information, the power of the software comes into play. For example, if you want to log in to do some legal research, unlock your vault, find the password in the list, and press “open and fill.” The software will open the website and log you in.
Password managers can also securely store other type of information: credit card numbers, documents, bank account information, Social Security numbers, identification, software licenses, database logins, wireless routers, notes and the like.
Another strong feature of a password manager is that it can generate random passwords for you. If someone asks you for your bank password, you can legitimately answer: I don’t know it. Thankfully, your password manager does.
Finally, some password managers can notify you if there has been a data breach at a site where you have login information. If so, it will prompt you to change the password associated with that site and assist you in that process.
There are many options out there for password managers from free to yet another subscription item. For me, the subscription model makes sense to support continued development of the software. Whatever you choose, make sure you have a basic understanding of how it works and how a trusted person can access the information in the event you are not available.•
• Seth R. Wilson is an attorney with Adler Tesnar & Whalin in Noblesville. In addition to practicing law, he helps manage the day-to-day technology operations of the firm. Seth writes about legal technology at sethrwilson.com and is a frequent speaker on the subject. The opinions expressed are those of the author.