How many places do you log into over the course of a day, a week, or a month? I'm talking web sites, banks, email, doctors' offices, work software, etc.? Based on that, how many passwords do you think you have? Now, how many passwords should you have? Everything and everyone wants us to identify ourselves these days; in most cases, that's as it should be. Think about how much business you would do with your bank if access to your account - and your money - was the bank simply "trusting" that you are who you say you are online.
So what's the fix? I have about 400 sets of credentials in my password manager at home. Some folks have more, and some have less. Do you think you could remember 400 different passwords, including the username that goes along with it, the last time you changed it, and when you should change it again? I sure can't. Some people resolve this issue by re-using passwords - picking the same password for all sorts of accounts. Others solve it by picking something easy to remember - their dog's name, their daughter's birthday month, whatever they can remember quickly and easily. Some try to get tricky by tacking a number on the back of the password, too. This just isn't going to work to fool the bad actors; if you haven't been breached yet, it really is only a matter of time before you are.
So again, what's the fix? A password manager - an application that allows you to store all of your credentials, securely, and call them up on-demand when you need to log into something. I don't want to give you the idea that password managers are a panacea - they're not. But they are far and away better than not using one! Using a password manager allows you to create and use strong passwords that are nearly impossible to guess or crack, and to use a different one for each and every website, doctor's office, bank, and email account that you log into. And this is what you really want - this is what will give you the best chance of keeping your data safe from those who have evil intent (and the means to steal your stuff).
There are a lot of password managers out there; they all have pros and cons, and some are even free for home use. I don't want to go out on a limb and recommend any specific vendor, but searching for "password managers" will give you a lot of information.
If you're looking for help for your business, something that will help you ensure that you and your staff are using strong passwords, and not re-using any passwords across multiple assets or accounts, we offer a solution: Passportal (from Solarwinds) is available from Castle Labs starting at just $1 per user. This gives you a company-wide password vault that allows you to control all of the company-owned and -controlled credentials, and to ensure good, safe password management practices across the board, for all of your employees, and even your vendors (where appropriate). It also includes a personal password vault for each user! Please reach out if you're interested in better control and validation of your password management policy. Castle Labs wants to help.
