Password security: Implementing a password manager

A password manager is nowadays an indispensable part of the life of a security specialist. And actually, it is not difficult at all to use one. More than that. It makes your online life much easier. And more secure. Let me show you how it works.

Think of it as an online list of all the websites you have created an account on. You can make different notes and save your password and username and more than that, it can automatically fill in your username/password when it detects a login page. Some password managers that we tend to use in our team are LastPass, KeePass and Bitwarden. Personally, I chose Bitwarden for its extensive list of (free) features:

  • Bitwarden is completely free for normal, private usage
  • Bitwarden is an Open Source project and is located in Switzerland, which is one of the pioneers of good, thoughtful security regulations.
  • It can be used as a browser extension, or as an app on your smartphone

Please note that there are several good alternatives to Bitwarden. However, they all work similarly. After you have created an account on Bitwarden and installed the extension or application, you are good to go. The master password of your vault will be the only password you’ll have to remember! The vault is of course still empty at this moment, so start adding your websites with their corresponding login credentials. While browsing the internet, you’ll encounter more and more login pages. Once logged in, your password manager will automatically detect this and ask you if he can save that password in the vault. Some password managers will even notify you if you are using an insecure password on that login, so you can change it to a more secure one directly. It is possible to add secure notes, website credentials, credit cards, bank accounts,…

Another handy feature of a password manager is its secure “password generator” function. As crazy as it may sound, if you ask a security specialist his password for Twitter, he will not be able to answer the question. This is because every password should be unique on every website, and your password manager is the only one that needs to remember these. The integrations on smartphones and browsers will help you with auto-filling or copy/pasting the right credentials at the right time.

All your credentials at one place, is this secure?

I hear you thinking: if everything important is stored in one place, this is an easy target for hackers. That is true, and this is why it is important to increase the security of this password manager. It is important to configure Two Factor Authentication. This can be done with an authenticator app or with email confirmation. The strength of your master password is also of importance. The golden advice we always give is to use “passphrases“. If, for example, the sentence “My turtle is funny:)” is your next pass phrase, you’ll have a password with a length of 20 characters. No hacker will ever crack this by using a “brute force” attack, and I would be surprised if they can guess this.

Learn more about secure passwords in our previous post with password tips.

This post was provided by one of our pentesters: Ward Adriaensen
Want to know more about this topic:
Contact us at hello@thesecurityfactory.be
Menu