For the 2023 Specops Weak Passwords Report, researchers analyzed more than 800 million breached passwords and found that the most frequently breached passwords were eight characters or less. Those containing only lowercase letters were the most common character combinations cracked by hackers and accounted for 18.82% of the passwords used in the attacks. The most cracked were 'password', 'admin', 'welcome' and 'p@ssw0rd'.
According to the report, 83% of compromised passwords do not meet the length and complexity requirements recommended in cybersecurity compliance standards, such as the National Institute of Standards and Technology and the Payment Card Industry.
Password managers are designed to eliminate weak passwords and make it much more difficult for attackers to compromise credentials. In this article, we look at five reasons why you should use a password manager.
1
NordPass
Employees by company size
Micro (0-49), Small (50-249), Medium (250-999), Large (1000-4999), Business (5000+)
Micro (0-49 employees), small (50-249 employees), medium (250-999 employees), large (1000-4999 employees), enterprise (5000+ employees)
Micro, Small, Medium, Large, Enterprise
Characteristics
Activity log, enterprise admin panel for user management, company-wide settings and more
2
Dashlane
Employees by company size
Micro (0-49), Small (50-249), Medium (250-999), Large (1000-4999), Business (5000+)
Micro (0-49 employees), small (50-249 employees), medium (250-999 employees), large (1000-4999 employees), enterprise (5000+ employees)
Micro, Small, Medium, Large, Enterprise
Characteristics
Automated provisioning
3
ManageEngine ADSelfService Plus
Employees by company size
Micro (0-49), Small (50-249), Medium (250-999), Large (1000-4999), Business (5000+)
Any size of company
Any size of company
Characteristics
Multi-factor authentication, password management, reporting and analytics, and more
5 reasons why you need a password manager
1. Your passwords are too simple
This is the most important reason, without exception. If you use passwords that you can easily remember (such as password, password123, happyhappyjoyjoy, etc.), you are at risk. Because? Simple passwords are easier to crack. With the right tools (and enough power), a hacker can crack those simple passwords in seconds or minutes. Because of this, you'll want to make sure that the passwords you use are difficult (if not impossible) to remember.
A good rule of thumb is that if you can easily remember a password, it's probably easy to crack. The harder it is to remember the password, the harder it will be to crack it. So when you use such difficult passwords, you need a vault to store them. That's where a password manager comes into play.
2. Password managers include random password generators
Speaking of complicated passwords, you shouldn't try to create complicated passwords on your own, or you'll end up with variations on your usual theme. Instead, you need a password manager that includes a random password generator to create very complicated passwords. Some password managers, like Bitwarden, allow you to configure how complicated the password is. With these tools, you can generate passwords of 20 random characters or even random unpronounceable phrases. Use these tools and your passwords will be very complicated and therefore secure.
3. You only need to remember one password
With a password manager, you only need to remember one password: the one used to access your stored passwords. With this in place, you don't have to worry about remembering all those new, highly complex administrator-generated passwords. Open the admin tool, type your vault password, and find the password you need. The only caveat is to make sure your vault password is not simple. It doesn't have to be overly complex, just not obvious.
4. The numbers are against you
How many accounts do you have that require a password? Dozens? Hundreds? The more accounts you have, the more likely the numbers will be against you. Because of this, you probably use the same password for everything, which is a HUGE no no. You must use different passwords for each account. With so many different passwords, how are you going to remember them? You're not (especially if those passwords are complicated). That's another great reason to use a password manager.
5. Passwords will always be ready with device sync
Some password managers allow you to sync your password database across all your devices. With this feature, you can access your passwords on your desktop, laptop, and mobile devices. This way you will always have your passwords at hand. If you choose to use this feature, make sure you have your password database encrypted with a strong password. The last thing you need is for a bad actor to intercept your database and decrypt it using brute force.
Additional reason: it is the smartest thing to do
Yes, using a password manager adds a step or two to the login process. But when your data and security are at risk, those extra steps are worth it. With every day that passes you continue to rely on those simple passwords, you run the risk of having your data stolen. Be wise and use a password manager… before it's too late.
If you're curious to learn more about password managers, I recommend checking out our Password Managers 101 Video feature on TechRepublic's official YouTube channel.
In that video, we delve into how password managers work, who they are for, and what specific benefits they provide to businesses and individuals.
Choosing a password manager for your business
Password managers provide strong, random passwords that are different for each site or service. Unlike eight-character passwords that can be cracked by brute force in a short time, these passwords are impossible to guess with any known technology. But as recent attacks on password managers made clear, the technology is not infallible. Here are some tips to guide the decision on which providers to favor:
Reputable supplier
Do not use a startup based in areas where there may be a lack of policing of online behavior. Look for vendor candidates that will appear in analyst reports from the likes of Gartner, IDC, and other well-known analyst firms.
Cloud versus on-premises
Tools that store passwords in the cloud are more susceptible to attacks. Favor those that store them locally on your device.
Security features
Some password managers have better security measures than others. Those using a device-based password manager, for example, should ensure that it can be automatically locked after a very short period of inactivity. Also, choose tools that require multi-factor authentication, such as receiving a text message on your phone, to unlock the password manager. Otherwise, a hacker could easily use a keylogger to compromise the machine. And require encryption of stored passwords, login names, URLs, and other sensitive data from a potential provider.
Patch hygiene
Like any software or system, password managers contain bugs and sometimes software vulnerabilities are discovered. Attackers can exploit these bugs and vulnerabilities to gain access, sometimes even when they are blocked. Some vendors provide patches and let the organization install them. Others implement them automatically to always be up to date. Check out the patch hygiene practices of vendor candidates to see who demonstrates the most responsible attitude toward patching password managers. Likewise, keep in mind that password managers employ browser extensions and interact with other systems. Check that the provider of your choice also pays attention to patching them.
Cost
Some password managers are much cheaper than others. But typically, low-cost products lack many of the business and security features that many organizations need. Prices typically range from $2 to $5 per month per user. Larger organizations can take advantage of additional discounts for volume purchases.
Recommended password managers
NordPass
NordPass is best for users looking to have a complete password management system. It has solid security, an intuitive mobile and desktop app, and easy-to-use pricing. Read our full NordPass review here.
Dashlane
Dashlane may be better for those with more demanding security requirements. It comes with dark web scanning, secure virtual private network, and cross-device syncing. Read our full Dashlane review here.
Sign in once
LogMeOnce might be best for those businesses that operate on a wide range of platforms, device types, and systems due to its extensive cross-platform support. It is highly customizable, but some users report that it has complicated setup procedures.
