By Need

Security Programs

Enterprise wide security programs & zero trust

Hybrid Cloud Environments

Secure, scalable, and optimized

Modern Networks

The crucial foundation of business

Anytime Secure Access

Combining productivity and security

Innovation Velocity

Improved developer experiences

Managed Carrier Services

High performance and cost effective

View All Needs

By Industry

Finance & Banking

Stay ahead of today’s rapid change

Healthcare & Life Sciences

Improve lives with modern solutions

Business Services

Create efficiencies for sustained success

Public Sector

Serve the community with technology

Manufacturing

Unlock efficiencies for Industry 4.0

Retail

Get closer to customers

View All Industries

By Function

IT & Operations

Support your strategic vision

Engineering & Development

Enhance your developer experience

Finance & Procurement

Optimize for cost and security

Product Management

Make your vision a reality

HR

Focus on your people

View All Functional Areas
Managed Services

Remove the complexity of daily IT maintenance and focus on business growth

Cybersecurity & Risk Management

Secure business processes without sacrificing employee productivity

Cloud

Accelerate digital transformation while optimizing for cost

Carrier Services

Simplify and centralize complex business communication systems

Modern Workspace

Empower employees to work from anywhere on any device

Networking

Connect traditional environments to new secure cloud possibilities

Datacenter Modernization

Adapt to a hyperscaled cloud-first IT environment

View All Services

Learn

Knowledge Center
Events & Webinars
Blog
News

FEatured Resource

Cybersecurity & Risk Management 9 min read

Protecting the Digital Break Room: Collaboration Security for Microsoft Teams

By Jeremy Bello
Partners

Company

About Blue Mantis
News
Leadership
Awards
Philanthropy
Careers

FEatured News

4 min read

A Year of Transformation Produces Strong Tailwinds for Blue Mantis in 2024

By Josh Dinneen
Let’s Meet
All Blog Posts
Datacenter Modernization

5 Tips to Manage Your Passwords Like a Pro

By GreenPages June 14, 2018

Written by Nicholas Borgerson, Knowledge Manager & Level II Supervisor

If you try to use the same few passwords for most of your accounts, then you’re like most people, and exactly what a hacker hopes to find.  In this article I’ll be talking about some tips on how to make good password, the need for a password manager, and what you should be doing to keep your passwords safe.

1 – Understand what makes the best passwords

There are many opinions about how to make a good password that can be remember, however if we use a password manager we can create stronger than normal passwords because we don’t need to remember them.

To get an understanding of what truly makes a good password let’s take a look at how hackers attack passwords. 

Hackers don’t usually try to sign into accounts manually over and over again, that would set off alarms and probably lock the account so more attempts can’t be made. 

Instead, hackers will try to get something called a password hash – a large string of encrypted text that contains the password. When a correct password is guessed, the hash will confirm. With a hash, thousands (or even millions depending on processor power) of guesses can be made per minute without any alarms being set off.

Calculating these guesses with hashes can take a lot of processing power and time. To speed things up, hackers can use something called a rainbow table – a large list of pre-calculated hashes – allowing dramatically more guesses per minute.

Dictionary files are also frequently used, so if your passwords are made up of words, the right combination can be guessed much faster than just guessing every possible letter combination.

The good news is there is defense against dictionary files and rainbow tables – Salt.  Salt is the random addition of characters into the password hash, which doesn’t effect our ability to use the password, but does make it much harder for hackers to crack it.

Our other defense against a hacker cracking our password is length and complexity. The longer and more complex the password, the more time it will take to crack.  Check out this interesting site and experiment with trying out different kinds of passwords and look at how long it may take a hacker to crack it. You may find a complex password of 8 characters would only take a day to crack, but a password of 16 charters would take centuries. Using dictionary words will make it dramatically easier to crack.

So, passwords we choose need to be random, long, complex, and we need to make sure the software we’re using to manage these passwords uses salt in it’s hash (an Excel spreadsheet probably isn’t going cut it).

“Passwords we choose need to be random, long, complex, and we need to make sure the software we’re using to manage these passwords uses salt in it’s hash…” 

2 – Choose a password manager wisely 

Now that we’ve established what kinds of passwords we need, you may be wondering how exactly you’re going to remember these long, complex passwords. The good news is you won’t need to remember all of them, you can use an app to generate, manage, and copy/paste them for you.

There are many password manager apps out there and they’re all a little different. Here are a few things to consider when choosing one:

  • Are they trustworthy? Where are they based from (hopefully from a friendly country)? Where is the data being stored? Have they been audited for security (SOC 2 and PCI compliance are good indicators they are audited)?

  • Are there apps available on Mac/PC and your mobile device?

  • Is the password database being stored locally in your devices or on the cloud?

  • What kind of encryption is being used to store the passwords (should be AES 256 or better – “industry standard” or “military grade” is not good enough and doesn’t actually mean anything)

  • Do the password hashes have salt? Don’t be shy to reach out to their support to ask!

  • Is there a browser extension needed to work on Mac/PC? Browser extensions that automatically populate username and password when the page loads are susceptible to malicious web page attacks

If you’re not sure where to start, here is a list of suggestions to get started with.

  • 1password

  • LastPass

  • Keepass

  • Myki

  • Stickypass

  • Dashlane

3 Use different passwords for everything

So, now that you’ve created a great password with your password manager you just need to use that for all your accounts right? You can probably guess that would be a no, but why?

Hackers commonly use programs that allow them to check a username and password combination against more than 1000 sites and services. If you use the same username/email and password for your accounts and one accounts get breached, all your other accounts that use the same password are also breached.

You can work to limit the damage done by data breaches by using different passwords for each account, that way if your password gets leaked only that one account needs to be reset.

4 – Understand the risks and have a backup

Using a password manager is not without its risks. What happens if you forget your master password? What if the company you selected gets breached? What if you’re phone or computer dies?

Research your password manager carefully and get answers to these questions. You will probably need to commit a few passwords to memory no matter what manager you’re using such as the password to login to your computer, the pin to unlock your phone, the master password to your password manager, and the password to your primary email address.

Test your backup plan regularly to make sure you’re ready in case something happens.

5 – Change your passwords regularly

Earlier in this article we talked about how length and complexity of your password can effect the time it takes to crack a password. Here are two additional things to consider:

  1. Processing power is increasing exponentially every few years. What takes centuries to crack today may only take months a few years from now.

  2. Most of the time usernames and passwords aren’t cracked, they’re breached. Usernames and passwords are leaked every year from companies like MySpace (remember them? How many of you’re other accounts used the same password?) 

Changing your passwords regularly, maybe once a year, will essentially reset the timer for anyone to crack your password hash, and will also stop hackers who may have found your password in a data beach.

Bonus item: Layer 2 factor with your passwords 

Remember those few passwords I mentioned earlier that you’re probably going to need to commit to memory? Even when using a password manager?  Consider adding another layer of protection on those accounts – commonly called 2 factor authentication – since the passwords on those accounts are probably going to be weaker.

For example, you can configure your Google account to text you a code when signing in from a new device. After entering your password you’ll be asked to enter the code in the text message as well.

2 factor authentication can help protect your most sensitive accounts so even if a hacker does get your password they still won’t be able to sign in because only you will be receiving the needed codes.

Finally: Roll out your new password strategy

Now that we know what good passwords look like, and we have selected and configured a password manager, it’s time to get started using it.

You might be surprised and a bit overwhelmed at the number of accounts you may have between email, social media, productivity apps, and work. Don’t panic, you don’t need to enter in all of them at the same time (well, unless you think the one password you’ve been using has been breached). 

Instead, whenever you open a website that has a username and password, reset the password and enter it into your password vault. Over time you’ll get all the accounts you use. 

Be sure to set your web browser to not save passwords. Once the password has been entered into you password manager, delete it from the web browser’s saved password. Your web browser is not a password manager and does not meet our requirements needed for encryption or security.

Thanks for giving this a read and I truly hope it helps you manage your passwords, letting you live better and more securely. For me using a password manager had been a game changer, taking something dreadful and making it trivial.

Nicholas Borgerson 

Recent Blog Posts

View All Posts
Cybersecurity & Risk Management 7 min read

Is Deepfake Technology Outpacing Security Countermeasures?

By Rob Fitzgerald
Cloud 8 min read

Azure Virtual Desktop and Deploying Windows 11 at Scale

By Jeremy Bello
Cloud 7 min read

Maximizing Business Productivity with Copilot for Microsoft 365

By Josh Morganthall