When was the last time you willingly changed your password? Has it been a few weeks, months, or even years? If you’re like the majority of people, when the time comes to change your password, it probably evokes the same feelings you might have when you have to visit the doctor or dentist. You avoid it until it’s absolutely necessary to take action. 

Here’s the thing though, we all need to change our attitude towards changing our passwords. The hackers are getting more efficient in their attacks, and it’s up to us to take all the necessary precautions to protect ourselves. Let’s assume that you are willing to change your password on a regular basis, then the next question you might wondering is, “How am I supposed to remember all these passwords?” Trust me, I’ve had the same thought going through my head.

The good news is that there are secure ways to store our many passwords so we don’t have to rely on just our brains to recall them all! And no, I’m not talking about storing them all on an Excel spreadsheet or simply listing them off in the Notes section of your phone. Yes, I’ve been guilty of doing this, and I’ll admit it’s a horrible idea. remembering passwords-1.png

That’s where a credential vault can be useful! There are several factors to look for when choosing the right credential vault, but here are 2 requirements that you must consider when selecting a password manager for your association. 

Free Download:Overhauling Password Behavior at Your Association

The following is an excerpt from Josh Hiller’s post, Tips for Selecting Your Perfect Password Manager,on our Aptify blog.

What should I look for in a credential vault? credential vault for passwords (2).jpg

Some operating systems, such as some Linux variants and Apple’s MacOS, embed this functionality referring to it as a “keychain,” but what about the Microsoft users out there in the world? Never fear, you have a solution as well. Actually, you have at least 10. If you are interested in reviews and a breakdown of functionality for each of these options, check out PC Magazine‘s December 2016 article entitled, “The Best Password Managers of 2017.” Regardless of the product you select, there is a set of minimum requirements for this type of solution. All of the other functionality you will see described—those are nice to have, but should not be your deciding factor unless all other factors are equal.

Download Overhauling Password Behavior at Your Association and get started today!

Two Factor Authentication

When accessing your credential vault, especially from a new device, you should be forced to provide a second factor to authenticate. Be it an email to a secure external account, or a hardware based USB dongle—knowledge of your master password should not be enough to access the vault for the first time in a new environment. I suppose a biometric solution is acceptable here, but it would not be my preference. (I still sort of feel like this gives the bad guys a reason to chop off a finger, but I watch entirely too much Netflix!) 

Seriously strong encryption

All of the vendors state they use “strong encryption,” most of which leverage AES-256. For typical users this should be safe enough. The master password is being used as the key value (or to retrieve the key value) to then decrypt the credentials stored in the vault. Since we need to read the data, we have to use two-way encryption. For the master password itself though, if possible, look for a vendor that implements this as a one-way hash using a strong solution such as SHA-512. If the solution provides you the ability to control which encryption methods are used, even better (well, as long as the available methods are strong enough). 

Download Overhauling Password Behavior at Your Association and get started today!

Whatever password security practices you choose to adopt, it’s better to do it immediately instead of finding excuses to procrastinate it. Once you find a password manager that addresses your organization’s needs, start using it and stick with it. The more you incorporate password security into your overall association cybersecurity plan, the more protected your association will be from hackers.

Curious to learn what other requirements you need in order to find the best credential vault for your organization? Then be sure to check out this post Tips for Selecting Your Perfect Password Manager on our Aptify blog

Overhauling Password Behavior