County Innovation Network (COIN)

Guest Editorial

Password manager software helps corral user log-ins

By: Jerryl Guy, CISSP, MCSE, IT Manager at National Association of Counties

Start/Join the Conversation

Even though Cyber Security Month may have ended, the need to continue a focus on safe, secure access to cyber space remains all year round.

If you are like most Americans, you probably have about 10 to 20 login names and passwords to different services or systems located on your computer, your work network or on the Internet. The proliferation of these accounts reflects today's connected world.

Online accounts for personal services such as email, social networks, entertainment, banking, news sites and a host of other professional and governmental services have ballooned in volume.

It's very tempting to simply use the same login name and password for each account; however, good password security policy deems this practice unacceptable. Using the same login names and passwords for multiple accounts means that an attacker who is able to break one password would then have access to several of the user's accounts.

Hoping to avoid this unhappy scenario, some computer users have devised creative ways to store passwords such as creating a spreadsheet to document login names and passwords, then encrypting it to avoid unauthorized access.

One emerging trend for securing passwords is the use of password-management software. In general, these software systems serve as a repository to store all of one's login and password credentials. So instead of a typical user needing to memorize up to 20 usernames and passwords, one simply needs to recall one password to the password-management system.

They can exist locally, installed on users' computers, tablets or other devices, or they can be online systems based on the Internet. For the Internet-based systems, the stored password data reside in the provider's Internet servers, while locally based systems store data directly on the local devices. Many local systems can also use third party systems such as Dropbox to store the information in the cloud.

To activate, users must log on to the password management system to gain access to its functionality. After logging in, users set up a profile for each managed account that includes a login name, password and other optional information pertinent to the account. Once the profile information is stored, users can subsequently return to the system as needed to retrieve the login information needed to access all stored accounts.

The retrieved account information can be manually entered to access the desired accounts, or in some password management systems, it is entered automatically.

There are several advantages to using password management systems:

  • no need to remember multiple passwords
  • easier use of longer, more complex and abstract passwords
  • can store other account data like personal information and credit card numbers
  • notification for upcoming password expiration, and
  • makes available optional system-generated user account passwords.

There are some disadvantages too and they include:

  • a breach of the password management system could allow an attacker access to all managed accounts
  • configuration of the system may be difficult for the technically challenged
  • substantial costs may be required to purchase some systems
  • for an online-based system, one may be giving up control of private information.

In selecting a system, it is important to fully understand its weaknesses as well as its bells and whistles. Remember that some software only works on Windows systems, although most now run on multiple platforms including, Mac, Android, iOS and Linux based operating systems. Choosing a password management system also requires consideration of the vendor's reputation, the level of support provided, and the consequences for the stored password information if the system fails.

Three of the better-known examples of these systems include 1Password, LastPass and KeePass. All three work quite well, offering a lot of the most important features like compatibility to multiple desktop and mobile device operating systems and high-quality data encryption.

KeePass tends to be the fastest growing of the three because it is available as a free download. It also comes with a drawback that is does not automatically sync to the cloud like the other two. 1Password can be purchased for $34.99, while LastPass comes with a subscription service of $12 per year per use. All seem to be relatively easy to use.

No security or password management system can fully protect any user. However, use of a password-management system can go a long way to improve your computing safety.

Users must not forgo due diligence to make sure they fully understand their risks and requirements, and the level of protection provided by the system they choose. The prevalence of these systems will continue to increase as users become more aware of their value in protecting online privacy.

Start/Join the Conversation

Back to Cybersecurity