Authored by: Teck Wee Lim, Regional Director ASEAN at CyberArk
As you browse the internet through Chrome, Safari, Firefox, or any other browser of your choice, you are often faced with an enticing option: Would you like us to save your password? If you say yes, research shows you are taking a risk. These browser-based password managers make life more convenient, but they may offer a false sense of security. For the most part, it’s not at all clear how secure any of them really is.
This is the world of password management. Whether it’s for work or personal use across retail websites, news subscriptions or social media, chances are you have several different passwords. Some of these passwords may even give you access to sensitive accounts and critical systems at your workplace. However, some people make the top security mistake on the internet – reusing passwords.
There is an even greater chance that those passwords are relatively simple and easy to guess by attackers. If you are using the same password repeatedly, when an attacker cracks your password for one system, they can compromise every other system where you use that password.
For people who use multiple, hard to guess passwords, but save time and brainpower by saving the credentials in your browser’s built-in password manager, the simplicity makes this a compelling option. However, it may not be the best way protect the data you care about most.
Despite the convenience, there is a major downside to saving credentials in a browser. Since so many people use integrated password managers, they are a natural target for credential theft attacks. According to research by a content delivery network (CDN) services provider, Singapore ranks 15th on the company’s global list of the top source countries (i.e. where the traffic is coming from and not necessarily where the attacker is located) for credential stuffing.
Cyber attackers count on us choosing convenience over security making the credentials saved in a browser an easy target. Credential theft attacks can be fully executed from a single user’s workstation by leveraging passwords for social media accounts and other credentials stored on the device. What should you be using to better protect your online passwords and secure your digital life?
Dedicated Password Managers: The Good and the Bad
Dedicated password managers allow you to save, generate and update all passwords in one encrypted location protected by a single, strong password or passphrase. These tools are increasingly popular among consumers and businesses, but as with most tools and technologies, they don’t completely eliminate security risks. Here are a few best practices to help safeguard a dedicated password manager.
Password managers only manage the passwords of a single person, which is great when only one person needs protecting. However, businesses are comprised of many people, and those people have different needs when it comes to system access. It is more important to secure passwords through an enterprise-level solution such as privilege access management (PAM), a cybersecurity strategy for controlling, monitoring, securing and auditing everyone and everything in an IT environment.
Password managers are a big step up from trying to memorize all of your passwords or letting your browser (or a Post-it note) remember them for you. These solutions can save time, increase security and free up mental clutter. Beyond that, if you’re trying to handle access on the scale of a business, consider privileged access management.