Passwords have to be unique because so many services are being compromised. They also have to be reasonably complex (at least two words and a special character), and kept safe, but you need to have them easily accessible so you can use them to log in. SSO (like Okta) promised simplicity, but then Okta themselves got breached (multiple times) and everyone realized maybe having the same Okta password for every app wasn’t such a great idea.
In the future, biometric Passkeys might mean we need fewer or even no passwords. Passkeys are digital keys that are tied between trusted devices and specific websites. To use a passkey, you need to unlock it when you login to a website using your computer’s biometric features which covers MFA requirements. Passkeys are convenient and highly secure since they cannot be phished, but they do pose some risks if used on a computer that you share with any other users. Currently passkeys are only supported by a limited number of websites but large players like Google, Amazon, PayPal, etc. all support this technology. Please see our blog post here to learn more about Google’s announcement regarding passkeys on iPhone and iPad.
But in the meantime, Hybridge has a few recommendations and tips for managing your passwords:
- Tried-and-true Excel works fine as long as your Sheet is password protected with a strong password you keep safe. Just don’t leave the spreadsheet open and unlocked on your computer all the time, and only ever print it to put straight into your safety deposit box.
- Dedicated password managers work well but cost money. The main downside is that everyone is trying to hack them, for obvious reasons. Because of this, NEVER save your 2-factor code in your password manager, you must have 2-factor in a different app (we recommend Authy) to protect you in the event your password manager is compromised. If you choose a password manager, we recommend 1Password and make sure you keep your master password safe. Don’t use LastPass, it has been hacked at least twice.
- Apple Keychain/Passwords synced to your iCloud works well if you are in the Apple ecosystem, again make sure you have 2-factor in Authy for everything. Apple IDs have been compromised through social engineering Apple support techs, so they aren’t as secure as some other accounts.
- Chrome password manager is a convenient choice especially if you have an Android phone. You should sync your passwords to your Google account for redundancy. The main risk here is if you use the same Google account on a home or child’s computer, they will then have access to your passwords. (other browsers also have password managers, but we recommend using Chrome as your work browser).
In summary, what matters most is that you have unique passwords and that all accounts are protected by 2-factor using Authy. Beyond that, any of these approaches are fine, just use whatever works for you. As always, if you have questions or would like to discuss your specific situation, please reach out to us at info (at) hybridge.com.
Share this blog:
