Following the news regarding Google Chrome’s redesign introducing a password manager, Richard Archdeacon, Advisory CISO at Duo Security offers the following comment.
Richard Archdeacon, Advisory CISO at Duo Security:
There are a number of advantages to using a password manager instead of trying to remember all passwords or resorting to the fabled Post-it note password management system. Some of the key benefits that are recognised are that they make it easier for users to use unique long passwords for different sites without having to remember them, thus reducing reuse of the favourite dog’s name type password; often a password manager will have a generator capability that will provide unique, long passwords and when used within a browser they can often be utilised across devices making it easier for users.
However, password managers can become targets themselves. And, in some cases if a user forgets the master password then they lose everything. There have also been recent cases where some organisations have recommended that they are not used to store the passwords to access their services.
It is still recommended by organisations such as the NCSC that additional identification factors are used and relying on passwords to secure access is on its way out. Yes, it is better to use a password manager than not, but is even better to improve your access authentication with additional factors. This will mean that hackers have to compromise multiple controls rather than just the one – the password – to gain access to an account.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.