2023-03-07

Password manager

password manager

How to choose a good password manager? What questions should I ask myself?

You live it almost every day! If you connect to your bank, your favorite social network or an online shopping site via the Internet … you must show your credentials and identify yourself with a username (often an email) and a password. Sometimes, and for increased security reasons, you are even asked for an additional code, sent by sms (text) or randomly generated with an application on your phone or a keychain provided by your banking institution. The passwords required have become more and more numerous, complex, and consequently, more difficult to remember, even impossible if you have a lot of them! And this puzzle is not going to get any easier right away. To increase this security, you are even asked to change them every 3 or 6 months... There are therefore tools, which today allow you to gather all this information and this secure access to a single place, from a "manager many passwords", using a single "super password" or even a "dongle" to recognize them all! The challenge of these tools is of course, to be as secure as possible!

Before rushing to choose an application or tool for your passwords, it is necessary to understand their basic functioning and evaluate the consequences of our evaluations. You have to ask yourself a few preliminary questions to make an informed choice, but above all to understand the challenges that our passwords represent for security, and what the immediate impacts will be.

It is quite common, for the sake of simplicity, that our passwords are all the same or even very simple in order to better remember them and this is not a good idea. Simple or popular passwords should therefore be avoided. Hackers today have many tools to bypass security and discover your passwords. They compare them using words from the dictionary but also against databases of already hacked passwords, which have leaked on the Internet or the "dark web" and can easily be used. There are therefore 4 basic rules to follow in order to choose a simple and robust password:

1. Do not take the name of your goldfish, your cat or your pet, or of a person in your immediate entourage, so no link with the names of our loved ones;
2. Do not choose a number combination in reference to our birth or your wedding date for example. As a general rule, avoid any connection with known places or events;
3. Use a mixture of capital and lowercase letters, including numbers and special characters (most interfaces will even force you to do this);
4. Avoid dictionary words and proper nouns!

These rules, understood and applied, will help you find nearly impossible-to-crack passwords quickly. You can also use password generators that create complex random passwords for you. The goal here is to generate hard-to-crack passwords. The more complex the password, the longer it will take to discover, to the point of discouraging hackers from finding it easily and even from continuing their investigations. You will also be able to generate a super (unique) password that you can use in your password manager and that you will have to remember. And of course, you don't have to copy it on a "post-it" stuck on the back of your screen or your keyboard!

Choosing a password manager is above all choosing software according to your needs and understanding what its possible shortcomings and advantages will be. Forget the unique tools, installed on your computer and that you will only pay once. Our time no longer allows it. These are monthly or yearly subscriptions and here are some of the reasons why:

1. The applications used are dynamic and will need to be updated depending on the platform used. This requires regular monitoring to detect potential flaws and fix them before they are exploited by hackers. If your PC under Windows, your Mac or your smartphone receives new updates, you will also need to ensure its compatibility because all this evolves very quickly;
2. The services of these applications often use the "Cloud" ("the cloud") and their infrastructures must be maintained and updated;
3. The software used must often communicate with each other to share your data securely and on different platforms (Your computer, your smartphone, your watch, etc.). The protocols used must therefore also be compatible with each other;
4. Finally, the software evolves according to needs, with the creation of new options and the use of new platforms (Windows 10 to Windows 11 for example). They must continue to be developed and maintained.

We therefore naturally understand that all this has a cost, which companies cannot absorb ad vitam, aeternam!

Finally, you have to choose a password manager according to your needs. Here are some questions to consider when choosing the latter:

1. What devices will you use to manage your passwords? What platforms will be used and supported? (Windows, Mac, Linux, iOS for iPhone, Android? ...);
2. If you are away from your office or home and need to use the internet. Will you be doing it from a public place? In a library or a park? When consulting your data, these connections ("WiFi" very often) will have to be protected (via a VPN for example);
3. What information will be stored in your manager? Can documents be attached? Can we create new fields according to our needs?
4. Are there Import/Export options? If your existing data is already stored in a text or Excel document, for example, importing it to the new manager will save you time and also avoid typographical errors;
5. If you are in Quebec, does the software support French? Is it multi-language?
6. If you can't connect to the Internet, will your information still be available locally on your computer or phone? And if this data is also stored locally, is it encrypted (in the event of theft, for example)?
7. If you lose your password, do you have a "plan B"? In most cases, if your super password is lost or forgotten, it will be impossible for you to recover your information because, for obvious reasons of security and transparency, no password will be saved in "clear", nor by the designers of the software used and you will lose your data permanently. It is therefore necessary to think of an alternative (For example: lock up in a safe at the bank, at a notary or a lawyer, your password and some instructions in the event of loss or accident);
8. Finally, what is the origin of the software? Is the company that designed it serious? Have they ever had security issues in the past? How is it rated in online reviews? What are users saying?

These questions will allow you to better choose your password manager, according to your needs.

There are many software to manage your passwords and more. The following sites offer you a choice of several online applications and have evaluated them for you:

• https://www.clubic.com/application-web/article-854952-1-gestionnaires-mots-meilleur-logiciel-gratuit-windows.html (In French)
• https://www.pcmag.com/picks/the-best-password-managers (In English)

Reference : https://www.tvanouvelles.ca/2023/01/02/voici-les-50-mots-de-passe-les-plus-populaires-de-2022 (In French)

(...)

News: In December 2022, "LastPass" software, an online password manager, was hacked. It is relevant to ask the question, how the data of the management of our passwords are managed with these online sites. If we push the reflection a little further, has the company that develops this software also taken all the measures and means to secure their information and their development?

Sources :

• https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/ (In English)
• https://www.clubic.com/lastpass/actualite-459027-piratage-de-lastpass-c-est-encore-plus-grave-que-ce-qu-on-imaginait.html (In French)

Need more information about our audit security or the law 25? Contact us.